www.trustwave.com Open in urlscan Pro
52.151.96.240  Public Scan

12 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.trustwave.com/Resources/SpiderLabs-Blog/NickiSpy-C---Android-Malware-Analysis--Demo/ HTTP 301
   https://www.trustwave.com/resources/spiderlabs-blog/nickispy-c---android-malware-analysis--demo/ HTTP 301
   https://www.trustwave.com/resources/spiderlabs-blog/nickispy-c---android-malware-analysis-demo/ HTTP 301
   https://www.trustwave.com/resources/spiderlabs-blog/nickispy-c--android-malware-analysis-demo/ HTTP 301
   https://www.trustwave.com/resources/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ HTTP 301
   https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

• https://www.trustwave.com/media/15280/news-release-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897043050000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg

Request Chain 44

• https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg

Request Chain 45

• https://www.trustwave.com/media/20005/scaward-finalist-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133294930110000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/0/7/e/8/1/c/07e81c3ed0bbbd67ea8428bb33ab22e300f90720.jpg

Request Chain 53

• https://10419288.fls.doubleclick.net/activityi;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=555152905.1685090876;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F HTTP 302
• https://10419288.fls.doubleclick.net/activityi;dc_pre=CImhxNjMkv8CFdBZwgodyN0E9w;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=555152905.1685090876;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F

Request Chain 54

• https://9785483.fls.doubleclick.net/activityi;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=555152905.1685090876;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F HTTP 302
• https://9785483.fls.doubleclick.net/activityi;dc_pre=CKWyxNjMkv8CFSdIwgodGuUIUA;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=555152905.1685090876;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F

Request Chain 56

• https://cdn.mouseflow.com/projects/96dff353-a928-44b4-b1d0-6432c69133ba.js HTTP 301
• https://cdn.mouseflow.com/projects/96dff353-a928-44b4-b1d0-6432c69133ba_eu.js

Request Chain 91

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26time%3D1685090876023%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen-us%252Fresources%252Fblogs%252Fspiderlabs-blog%252Fnickispy-c-android-malware-analysis-demo%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&cookiesTest=true&liSync=true&e_ipv6=AQI0z56a_X9VzQAAAYhXPj4xIJDdAkdb3GAJ54oa68tbgLBrBcpI3ryQEVldjEhgmGk

Request Chain 111

• https://www.trustwave.com/media/20002/gartner-finney-daniels-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133294076750000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/5/8/b/1/3/5/58b135fd368eb235cd256be903a8b4c987f148d2.jpg

Request Chain 112

• https://www.trustwave.com/media/19973/meritalk-award-bill-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133288893510000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/0/d/7/1/a/c/0d71acae8e12982972f59ddbc822756306c8f47a.jpg

Request Chain 113

• https://www.trustwave.com/media/19965/email-onprem-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133288062240000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/f/1/8/6/3/c/f1863c4abe3b043f7aaea6065378cab8168b8a15.jpg

Request Chain 114

• https://www.trustwave.com/media/19963/healthcare-vuln-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133287222250000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/e/b/0/d/a/5/eb0da513ed51b34be13244865d9a3b3dcbe91398.jpg

Request Chain 115

• https://www.trustwave.com/media/19957/you-cant-afford-not-to-address-data-protection-cover.png?anchor=center&mode=crop&width=400&rnd=133286493490000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/c/4/9/f/d/a/c49fda0dd9f3f5d003b41a43e1f73097f367a6b9.png

Request Chain 116

• https://www.trustwave.com/media/19888/gartner-mg-dfir-cover-final-1.png?anchor=center&mode=crop&width=400&rnd=133263964820000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/2/0/4/c/f/4/204cf497c61ab89519fbadcd95ddc8cb060df3c3.png

Request Chain 117

• https://www.trustwave.com/media/19841/dbss-deeperdive-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=133251881780000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/c/0/9/5/1/9/c095193c5893c5d49c78ff3a8072562367da85f2.jpg

Request Chain 118

• https://www.trustwave.com/media/19802/fs-coy23-cover.png?anchor=center&mode=crop&width=400&rnd=133250145860000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/8/f/f/6/c/2/8ff6c291b513ba5e3757bcba503b98a7d6f435b1.png

Request Chain 119

• https://www.trustwave.com/media/19804/fs-ams-pss23-cover.png?anchor=center&mode=crop&width=400&rnd=133250155270000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/9/9/e/0/9/f/99e09fffa669761a4c71219b9c334cc029afca2e.png

Request Chain 120

• https://www.trustwave.com/media/19771/faces-modern-adversary-ams-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=133246729160000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/0/f/0/7/f/d/0f07fd871adf5dfc0df601a7c496bfc9ae603139.jpg

Request Chain 121

• https://www.trustwave.com/media/19772/dbss-channel-webinar-social-meta-blank.jpg?anchor=center&mode=crop&width=400&rnd=133246733070000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/3/0/2/2/f/a/3022fa1f06e2d4b482585dcd5221101a558197f8.jpg

Request Chain 122

• https://www.trustwave.com/media/19744/chatgpt-webinar-social-meta-2.jpg?anchor=center&mode=crop&width=400&rnd=133239047770000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/e/d/1/a/f/1/ed1af10c26d6d5649a307e932326545b0bf1782d.jpg

Request Chain 123

• https://www.trustwave.com/media/19725/mg-experts-attack-surface-cover.jpg?anchor=center&mode=crop&width=400&rnd=133233562350000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/5/4/f/c/b/5/54fcb5c8e155c96f865e545546bb2ced00c744e6.jpg

Request Chain 124

• https://www.trustwave.com/media/19654/hybridworld-social-meta-2.jpg?anchor=center&mode=crop&width=400&rnd=133222654120000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/3/2/7/7/4/2/327742a7e2540f861a2e3a910fd18ee6fe6cab31.jpg

Request Chain 125

• https://www.trustwave.com/media/18819/84f8713a-dec2-4ea1-a2e1-c9539387a984.jpg?anchor=center&mode=crop&width=400&rnd=133023734580000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/2/8/5/4/f/9/2854f92a51dc81e2d2eb4fc6b928b424468708a7.jpg

Request Chain 126

• https://www.trustwave.com/media/18722/tommdr-cover.jpg?anchor=center&mode=crop&width=400&rnd=132996224440000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/5/4/3/9/d/1/5439d1c7ebd9f3c4cf0fcdfe793c5ff6322058df.jpg

Request Chain 127

• https://www.trustwave.com/media/18396/cc1383_ms_misa_trustwave_sentinel_thumbnail-1.png?anchor=center&mode=crop&width=400&rnd=132863034280000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/6/f/f/3/2/8/6ff32843c417453035371dda932646eb62a0841e.png

Request Chain 128

• https://www.trustwave.com/media/18395/cc1383_ms_misa_trustwave_endpoint_thumbnail-1.png?anchor=center&mode=crop&width=400&rnd=132863032610000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/d/2/a/1/a/f/d2a1af98fea52e45492a66b0e49f50285909ca3d.png

Request Chain 129

• https://www.trustwave.com/media/18369/mvra-1920x1080-cover-2.jpg?anchor=center&mode=crop&width=400&rnd=132835521820000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/8/3/3/0/8/4/833084489786ec974d068ff001ee6d7b9450a20d.jpg

Request Chain 130

• https://www.trustwave.com/media/19977/chatgpt-webinar-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=133292449220000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/a/1/4/1/2/0/a141204bd3d040b527136999dbcf449ab36b47b2.jpg

Request Chain 131

• https://www.trustwave.com/media/19712/microsoftteams-image-1.png?anchor=center&mode=crop&width=400&rnd=133229500950000000 HTTP 302
• https://trustwave.blob.core.windows.net/cache/a/8/8/2/9/1/a88291a0c297c06670b78d6a15c1185d097e3aa7.png

170 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	Primary Request / Show response www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Redirect Chain https://www.trustwave.com/Resources/SpiderLabs-Blog/NickiSpy-C---Android-Malware-Analysis--Demo/ https://www.trustwave.com/resources/spiderlabs-blog/nickispy-c---android-malware-analysis--demo/ https://www.trustwave.com/resources/spiderlabs-blog/nickispy-c---android-malware-analysis-demo/ https://www.trustwave.com/resources/spiderlabs-blog/nickispy-c--android-malware-analysis-demo/ https://www.trustwave.com/resources/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/	133 KB 133 KB	2727ms 2727ms	Document text/html	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 1f6fb0ee9764b58e42ac7d93083d7a46c1c260e5ac7664d00054aba148079f4a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers cache-control no-cache content-length 136033 content-type text/html; charset=utf-8 date Fri, 26 May 2023 08:47:54 GMT expires -1 pragma no-cache server strict-transport-security max-age=31536000; includeSubDomains x-aspnet-version x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block Redirect headers cache-control no-cache content-length 228 content-type text/html; charset=utf-8 date Fri, 26 May 2023 08:47:51 GMT location https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ server strict-transport-security max-age=31536000; includeSubDomains x-aspnet-version x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	otSDKStub.js Show response cookie-cdn.cookiepro.com/scripttemplates/	21 KB 7 KB	117ms 44ms	Script application/javascript	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c535c494eb4dbfb732fb09f9716097de5e1c84f1d841a5c98eb14903c1376270 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:54 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 ThapKUuw9e9x4Kb6BZJd6A== age 38940 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:20 GMT server cloudflare vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id 29079bc5-b01e-0065-79ec-8e9609000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c18fbafe4165-LHR expires Sat, 27 May 2023 08:47:54 GMT
GET H2	403	9c85e15b-99ed-40a4-929d-2262f9ed2706.css fast.fonts.net/cssapi/	0 0	457ms 391ms	Stylesheet application/xml	2606:4700::6811:e14e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers
GET H2	200	legacy.min.css trustwave.azureedge.net/dist/css/	265 KB 35 KB	218ms 46ms	Stylesheet text/css	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 4e01c98e627574457dc4a7251f0b5a3d8ca22fc72fe7127db1ebd63e36a06a70 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:54 GMT content-encoding gzip last-modified Tue, 28 Jun 2022 16:24:08 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 tG3mqBdm+eKsTXR9yDZSNQ== etag 0x8DA5922A0B0456D vary Accept-Encoding content-type text/css x-ms-request-id d14b7f5d-501e-0021-060e-8b4add000000 cache-control public, max-age=31085367 x-ms-version 2009-09-19 content-length 35618
GET H2	200	styles.min.css www.trustwave.com/dist/css/	150 KB 23 KB	264ms 263ms	Stylesheet text/css	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/dist/css/styles.min.css?id=1037 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 68e318c58c5a8e85cf16359b0897e1766a64528353a5db53843a4dffbf097baf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:47:54 GMT last-modified Tue, 23 May 2023 07:53:02 GMT server x-aspnet-version etag "0369994b8dd91:0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css accept-ranges bytes content-length 23188 x-xss-protection 1; mode=block
GET H2	200	feather.css www.trustwave.com/dist/css/	315 B 311 B	270ms 269ms	Stylesheet text/css	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/dist/css/feather.css?id=1037 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 4e5ab440329cd7d94538bc256cd00097682d6dcfb803cc0e9e64cfab683831dc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:47:54 GMT last-modified Tue, 23 May 2023 07:53:02 GMT server x-aspnet-version etag "0369994b8dd91:0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css accept-ranges bytes content-length 263 x-xss-protection 1; mode=block
GET H2	200	api.js Show response www.google.com/recaptcha/	850 B 878 B	146ms 52ms	Script text/javascript	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash f75b96abf98a7f4874b54f268b85ba2b2fa261741afa891097537bcfa1e73fd3 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:54 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 556 x-xss-protection 1; mode=block expires Fri, 26 May 2023 08:47:54 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	884 B 656 B	158ms 64ms	Script text/javascript	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?render=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash ec925261b47bd67042f6826da4b9427730370e831e7b638eabd6a54bb3407d33 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:54 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 586 x-xss-protection 1; mode=block expires Fri, 26 May 2023 08:47:54 GMT
GET H2	200	trustwave-logo-color.svg trustwave.azureedge.net/dist/svg/logos/trustwave/	3 KB 3 KB	46ms 44ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/logos/trustwave/trustwave-logo-color.svg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash eec92db3906701a283982a9ea481e806b6fd01fb2efb2c802cba1c376b19c2f5 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:09 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 dve3eUlE6WumX3xgQyGMDA== etag 0x8DA5922A14A2267 content-type image/svg+xml x-ms-request-id 1848a253-c01e-00a5-77e7-9938dc000000 cache-control public, max-age=31085366 x-ms-version 2009-09-19 content-length 2788
GET H2	200	fusion-logo-color.svg trustwave.azureedge.net/dist/svg/logos/fusion/	9 KB 9 KB	47ms 44ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/logos/fusion/fusion-logo-color.svg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash a76b2bc12b0e3c9536c8c0c3af4170cc66c19ff44fb96326aa6b542ee272365f Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:09 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 PEBEe6TBHJ1Si1foIhaJWA== etag 0x8DA5922A1061FA4 content-type image/svg+xml x-ms-request-id feb73ee4-401e-0060-4235-961239000000 cache-control public, max-age=31085366 x-ms-version 2009-09-19 content-length 9083
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/	84 KB 27 KB	108ms 42ms	Script application/javascript	2606:4700::6811:190e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.min.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 5569762 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27139 last-modified Mon, 04 May 2020 16:11:48 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec4-15145" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ZitMF9%2F6tCbAZAJDg1m8YukG2C7KtR16jqdP5oMW%2FVuFmT%2FM5Exr6jDylzoY9KuDJvuG0%2BEPIQ3rYCo20twoQGsy24Zn0Ps%2F%2B7D%2Fcj9LdVrV0gU7Bo4gLWitO5%2F6dgZIyGgzpd3luanjQS1kSMrzMOo"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7cd4c19209ab76e7-LHR expires Wed, 15 May 2024 08:47:55 GMT
GET H2	200	jquery.modal.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/	5 KB 2 KB	38ms 38ms	Script application/javascript	2606:4700::6811:190e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a7e8ed2d7bbdbcaeeee81c3433f057d64a32c000112bbd09b5969fc658d0a655 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 1313795 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 1399 last-modified Mon, 04 May 2020 16:11:46 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec2-1359" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0cDNHqgtMZZEAmzclQbzYn2r5QXklxz1fEOBwbfrrv%2FUKSY%2FJfmVfT9wLcpZZv%2B6qNHnWUxQXOKLCgNfU1qReDoq%2F1%2FqVUXuqSaobIXMGf4Gse7N8Gbrqz%2F1UPWnO2aoPJ43mHG9SGaXzzc4FxkOMYXl"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7cd4c19229e176e7-LHR expires Wed, 15 May 2024 08:47:55 GMT
GET H2	200	jquery.modal.min.css cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/	3 KB 2 KB	42ms 39ms	Stylesheet text/css	2606:4700::6811:190e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eaa593bcfe485f4b5a8ac997cf9936604f9fbef91652db94a8e22b75d612bfc1 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 2475811 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 1541 last-modified Mon, 04 May 2020 16:11:46 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec2-c81" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CU82o%2BXRd6TBIHO4jJdjWTRtJg%2FruL2gRkB9az7qt3lKwxUBvHuIHp%2BswLc%2B52K9l9ii7D2K98q0dZAqt1wSfHzbaEznEzE1mENPy9NCNK7iIs7p2bx%2BQN8T7kw42vQl5X9OY6YyKpmeixrOHqdrHo9f"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7cd4c19229ed76e7-LHR expires Wed, 15 May 2024 08:47:55 GMT
GET H2	200	v2.js Show response js.hsforms.net/forms/embed/	526 KB 165 KB	128ms 56ms	Script application/javascript	2606:4700::6810:ba41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/embed/v2.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:ba41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6068122af5aaf3871c283132bb19ddafc391f4cb78126882ca18a7c5f4c03611 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-encoding br age 588 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3243/bundles/project-v2.js&cfRay=7cd4b3361da9dd3b-IAD x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"a5301b6f08ed64649a3390f949aa4175" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3243/bundles/project-v2.js date Fri, 26 May 2023 08:47:55 GMT x-amz-version-id l7bHRIBQ6TE8MnbN5jsE1ccMSwu0_dqN via 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id a4300c93-f5a9-4e08-bb08-21b908a0f5cb last-modified Tue, 23 May 2023 10:19:29 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RnhVtLy0StSC7%2BE0fIMlGP5xu40gE8sGOp8W8NrDM8C9XxiA%2F6omujOmKlhNg4KESepkqTWOHhaHuzZW2c2MyIgSSvvNMIaGkTCCxgvtAl1NTSLS2cG4%2BjP%2F7Y9rn6gCTFhggxNbg6qRFH%2B2"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-x5fmx cf-ray 7cd4c1929f4fdd50-LHR x-amz-cf-id HR9GGnHMOruDjmIlKD2Pz5rbymBO8JPe5Lfw9X0c9wi-fHJ72xYjBg==
GET H2	200	legacy.min.js Show response trustwave.azureedge.net/dist/js/	495 KB 152 KB	49ms 46ms	Script application/javascript	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://trustwave.azureedge.net/dist/js/legacy.min.js?id=1037 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash acb597f6847f2877c81754fdb6a4b483cc05516c2a87865c8d0d02307b670c65 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT content-encoding gzip last-modified Tue, 28 Jun 2022 16:24:09 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 yG5v7s3rVw9uMb1rb1aZPA== etag 0x8DA5922A14C9303 vary Accept-Encoding content-type application/javascript x-ms-request-id f5d94165-d01e-00a9-3af5-8cafd4000000 cache-control public, max-age=31390079 x-ms-version 2009-09-19 content-length 154921
GET H/1.1	200 OK	player.js Show response player.vimeo.com/api/	37 KB 12 KB	114ms 40ms	Script application/javascript	162.159.138.60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://player.vimeo.com/api/player.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 98e67b7c00d3ed50871865e8acf0381d72b909eb2360b56261061c9be60bde9e Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline' Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-varnish-cache 1 Date Fri, 26 May 2023 08:47:55 GMT content-security-policy default-src 'none'; style-src 'unsafe-inline' x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip CF-Cache-Status DYNAMIC via 1.1 varnish (Varnish/6.0), 1.1 varnish Age 555 X-Cache HIT p3p CP="This is not a P3P policy! See https://vimeo.com/privacy" expires Fri, 26 May 2023 08:52:50 GMT x-host player-5f9997c959-n4v76 Connection keep-alive x-vserver player-varnish-prod-varnish-3 Content-Length 11160 x-xss-protection 1; mode=block X-Served-By cache-man4124-MAN X-Player-Backend p Server cloudflare X-Timer S1685090875.312080,VS0,VE0 x-backend-proxy playproxy4 Vary Accept-Encoding Content-Type application/javascript;charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 x-bapp-server player-5f9997c959-n4v76 Accept-Ranges bytes CF-RAY 7cd4c1929aa6361c-MAN X-Cache-Hits 152
GET		addthis_widget.js s7.addthis.com/js/300/	0 0
GET H2	200	rum.js Show response www.atmrum.net/	301 B 611 B	123ms 27ms	Script application/javascript	204.79.197.234 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.atmrum.net/rum.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 80afdcdab5af95e11f8edac404947668a91582b9799723a8d5272483a010f23d Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:54 GMT x-content-type-options nosniff last-modified Mon, 15 May 2023 20:41:01 GMT x-msedge-ref Ref A: 4368574CEAB64CD19EE9F6033A6F78A6 Ref B: MAN30EDGE0622 Ref C: 2023-05-26T08:47:55Z etag 0x8D4FC0223F2F653 x-cache CONFIG_NOCACHE content-type application/javascript access-control-allow-origin * access-control-expose-headers X-MSEdge-Ref cache-control no-store accept-ranges bytes timing-allow-origin * content-length 301
GET H2	200	21158977.js Show response js-na1.hs-scripts.com/	2 KB 1 KB	210ms 131ms	Script application/javascript	2606:4700::6812:883b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-na1.hs-scripts.com/21158977.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:883b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b220d97fe00b5d5a615474984d9d585a9eff561dca87f262216408c74a870a49 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding br cf-cache-status EXPIRED x-hubspot-correlation-id 94c80e21-344f-4f50-b726-3f62bc1687d6 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 3 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a7e85469-6a5b-490e-bc42-32b5f43d161d last-modified Fri, 26 May 2023 08:40:44 GMT server cloudflare x-trace 2BD804E102CF02424B49DACC9DD0A70AE8D372D367000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.trustwave.com x-evy-trace-virtual-host all cache-control public, max-age=30 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-6ft8w cf-ray 7cd4c192acaa889d-LHR
GET H2	200	c7ede6b6-5518-4502-94a5-673e62cff495.json Show response cookie-cdn.cookiepro.com/consent/c7ede6b6-5518-4502-94a5-673e62cff495/	3 KB 2 KB	111ms 47ms	XHR application/x-javascript	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/consent/c7ede6b6-5518-4502-94a5-673e62cff495/c7ede6b6-5518-4502-94a5-673e62cff495.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 809765ad9401369a9a87159ade197a7893be54c78de5e0c1995f77efbde4a286 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:54 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 FlMWWNWt99scM6fkHGo+qw== age 3532 x-ms-lease-status unlocked last-modified Tue, 23 May 2023 05:24:03 GMT server cloudflare vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 9756ce2a-f01e-0016-1336-8dce9a000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c190af0076af-LHR
GET H2	200	gtm.js Show response www.googletagmanager.com/	269 KB 91 KB	161ms 66ms	Script application/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 851d4973db314bd9f26359db2951b40cf396e4258a28842dd3d9c2a16903462f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 92511 x-xss-protection 0 last-modified Fri, 26 May 2023 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 26 May 2023 08:47:55 GMT
GET H2	200	css2 fonts.googleapis.com/	14 KB 1 KB	144ms 53ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@100;300;400;500;700;900&display=swap Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 87289efaf9cc62bd74432c4048229f1f1f1108973a99460d5676c4caa4fb4923 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://trustwave.azureedge.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 26 May 2023 08:47:55 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 26 May 2023 08:47:55 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 26 May 2023 08:47:55 GMT
GET H2	200	otBannerSdk.js Show response cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/	403 KB 94 KB	58ms 56ms	Script application/javascript	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 fuN6EZWNAh2xn3yE+0HSRQ== age 1257 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:27 GMT server cloudflare vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id 6cc411c3-d01e-0011-2ddc-8ea2f9000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c1923fa44165-LHR expires Sat, 27 May 2023 08:47:55 GMT
GET H2	200	ai.0.js Show response az416426.vo.msecnd.net/scripts/a/	94 KB 22 KB	201ms 48ms	Script application/x-javascript	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Full URL https://az416426.vo.msecnd.net/scripts/a/ai.0.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/488D) / Resource Hash 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT content-encoding gzip x-ms-meta-lastmodified 2020-10-01 19:31:04 content-md5 HdY95yzx9wIyQkVEGES+Ew== age 845 x-cache HIT content-length 22495 x-ms-lease-status unlocked last-modified Thu, 11 Mar 2021 07:46:59 GMT server ECAcc (ama/488D) etag 0x8D8E461DA1A5889 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 687dac56-301e-0005-1cac-8f1f81000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=1800 x-ms-version 2009-09-19 expires Fri, 26 May 2023 09:17:55 GMT
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/	407 KB 163 KB	137ms 42ms	Script text/javascript	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.trustwave.com/ Origin https://www.trustwave.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 25 May 2023 16:59:19 GMT content-encoding gzip x-content-type-options nosniff age 56916 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 166449 x-xss-protection 0 last-modified Mon, 22 May 2023 20:58:33 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Fri, 24 May 2024 16:59:19 GMT
GET H2	200	trustwave-logo-white.svg trustwave.azureedge.net/dist/svg/logos/trustwave/	3 KB 3 KB	107ms 106ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/logos/trustwave/trustwave-logo-white.svg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:09 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 6MtEXkwnMy6FcNENYC/dGQ== etag 0x8DA5922A14B5AB4 content-type image/svg+xml x-ms-request-id 6d277546-101e-001f-0e38-9adda2000000 cache-control public, max-age=29271396 x-ms-version 2009-09-19 content-length 2776
GET H2	200	twi-radar-color.svg trustwave.azureedge.net/dist/svg/icons/trustwave/	1 KB 2 KB	109ms 108ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-radar-color.svg Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash a6843d5ffd9052e631f84994401389694fd86b7cff2f9910ec6a28814cbb6b03 Request headers accept-language en-GB,en;q=0.9 Referer https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:12 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 GNjSQQWJRAl3TR5ibPNqMw== etag 0x8DA5922A2CA43AF content-type image/svg+xml x-ms-request-id 0252a5be-b01e-0090-573e-9a54c8000000 cache-control public, max-age=31449775 x-ms-version 2009-09-19 content-length 1533
GET H2	200	twi-cloud-lock-color.svg trustwave.azureedge.net/dist/svg/icons/trustwave/	2 KB 2 KB	110ms 109ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-cloud-lock-color.svg Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 08529955a8d9e583dacd78d8ade75159e0869e25766fba0ac911d5fa3e3b234b Request headers accept-language en-GB,en;q=0.9 Referer https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:10 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 tX3lBpqGWSajnyTY7cF8lg== etag 0x8DA5922A1B86291 content-type image/svg+xml x-ms-request-id e7c791dc-001e-0061-78e3-984de5000000 cache-control public, max-age=31449775 x-ms-version 2009-09-19 content-length 1770
GET H2	200	twi-briefcase-color.svg trustwave.azureedge.net/dist/svg/icons/trustwave/	1 KB 2 KB	110ms 109ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-briefcase-color.svg Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash b016380c1e5281bf5629d39c1dd2d79d1d8eec45e77f69d7f101105b93e813e0 Request headers accept-language en-GB,en;q=0.9 Referer https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:10 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 hGlggEcUaBxKcCIx033beQ== etag 0x8DA5922A189B913 content-type image/svg+xml x-ms-request-id 43a25455-601e-0083-7f6b-9a70c4000000 cache-control public, max-age=31449775 x-ms-version 2009-09-19 content-length 1289
GET H2	200	twi-dashboard-color.svg trustwave.azureedge.net/dist/svg/icons/trustwave/	8 KB 9 KB	107ms 106ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-dashboard-color.svg Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 85617163a0d798f5865addd9cb026438b1096093b4cac1838630ad93ebfdf4b4 Request headers accept-language en-GB,en;q=0.9 Referer https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:10 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 acoxEKKx1R/DrtFbiOadbQ== etag 0x8DA5922A1D77E43 content-type image/svg+xml x-ms-request-id 3d6be6df-301e-006a-04df-9ab68e000000 cache-control public, max-age=31449775 x-ms-version 2009-09-19 content-length 8525
GET H2	200	twi-database-color.svg trustwave.azureedge.net/dist/svg/icons/trustwave/	1 KB 2 KB	111ms 110ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-database-color.svg Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 9a2b09b1bd7190df58b8462804537f71a64e447921a03e62dc16148f9c433511 Request headers accept-language en-GB,en;q=0.9 Referer https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:10 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 q85KHiSPCUDrj48jT/7LXA== etag 0x8DA5922A1DAB208 content-type image/svg+xml x-ms-request-id 5b44b31a-a01e-009c-60b1-9ac3c0000000 cache-control public, max-age=31449775 x-ms-version 2009-09-19 content-length 1431
GET H2	200	twi-email-color.svg trustwave.azureedge.net/dist/svg/icons/trustwave/	719 B 1016 B	111ms 111ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-email-color.svg Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash b9833a558a67d159aa6139bb0b9168560a37f580ae04654ccc7b6b1ce0d75ea6 Request headers accept-language en-GB,en;q=0.9 Referer https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:10 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 eVpqIsKpjw3YUN0OY6Y/Tw== etag 0x8DA5922A1F89567 content-type image/svg+xml x-ms-request-id 5602e0ec-501e-0098-18ed-9a4ec7000000 cache-control public, max-age=31449775 x-ms-version 2009-09-19 content-length 719
GET H2	200	twi-managed-portal-color.svg trustwave.azureedge.net/dist/svg/icons/trustwave/	12 KB 12 KB	112ms 112ms	Image image/svg+xml	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-managed-portal-color.svg Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 2071a3274f291c02c034caf6889a9e7267640862d6d22d348507e929534e74f3 Request headers accept-language en-GB,en;q=0.9 Referer https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1037 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 28 Jun 2022 16:24:11 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 MIxQ1hT8XSaqnrbBWdMTUQ== etag 0x8DA5922A2480803 content-type image/svg+xml x-ms-request-id 93c6d8c3-601e-0093-6343-ddb5ac000000 cache-control public, max-age=31449775 x-ms-version 2009-09-19 content-length 12197
GET H2	200	loading-white.svg www.trustwave.com/img/utility/	687 B 784 B	261ms 261ms	Image image/svg+xml	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.trustwave.com/img/utility/loading-white.svg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/dist/css/styles.min.css?id=1037 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/dist/css/styles.min.css?id=1037 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:54 GMT x-content-type-options nosniff last-modified Tue, 23 May 2023 07:53:48 GMT server x-aspnet-version etag "0ed4b44b8dd91:0" x-frame-options SAMEORIGIN content-type image/svg+xml accept-ranges bytes content-length 687 x-xss-protection 1; mode=block
GET H2	200	Feather.ttf www.trustwave.com/fonts/feather/	64 KB 64 KB	265ms 265ms	Font application/octet-stream	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/fonts/feather/Feather.ttf?sdxovp Requested by Host: www.trustwave.com URL: https://www.trustwave.com/dist/css/feather.css?id=1037 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e103929dd758126ea4a090ff0e33b620f3ceb1b81ffad1345023c95661c84d8c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.trustwave.com/dist/css/feather.css?id=1037 Origin https://www.trustwave.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:54 GMT x-content-type-options nosniff last-modified Tue, 23 May 2023 07:53:02 GMT server x-aspnet-version etag "0369994b8dd91:0" x-frame-options SAMEORIGIN content-type application/octet-stream accept-ranges bytes content-length 65112 x-xss-protection 1; mode=block
GET H2	200	UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfMZg.ttf fonts.gstatic.com/s/inter/v11/	296 KB 143 KB	209ms 117ms	Font font/ttf	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v11/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfMZg.ttf Requested by Host: www.trustwave.com URL: https://www.trustwave.com/dist/css/styles.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cddda5bfbb5cfd3c61a5ae0075a6b5719d1eca08ce1575fe1bad14fe7f79a5f8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.trustwave.com/ Origin https://www.trustwave.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 18:03:05 GMT content-encoding gzip x-content-type-options nosniff age 485090 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 146696 x-xss-protection 0 last-modified Tue, 26 Apr 2022 15:40:49 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" vary Accept-Encoding report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 18:03:05 GMT
GET H2	200	UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuI6fMZg.ttf fonts.gstatic.com/s/inter/v11/	301 KB 153 KB	136ms 43ms	Font font/ttf	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v11/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuI6fMZg.ttf Requested by Host: www.trustwave.com URL: https://www.trustwave.com/dist/css/styles.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8032d79deba14b8b207f78489b5cb3b7dd8c39e3519688988e075c30aa128157 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.trustwave.com/ Origin https://www.trustwave.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 20:12:46 GMT content-encoding gzip x-content-type-options nosniff age 477309 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 156504 x-xss-protection 0 last-modified Tue, 26 Apr 2022 15:30:06 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" vary Accept-Encoding report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 20:12:46 GMT
GET H2	200	UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYMZg.ttf fonts.gstatic.com/s/inter/v11/	303 KB 155 KB	182ms 90ms	Font font/ttf	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v11/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYMZg.ttf Requested by Host: www.trustwave.com URL: https://www.trustwave.com/dist/css/styles.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 399275d88086e4012aa96f7769747462bee9f414f38ab6df75ac13dbc03ccfe1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.trustwave.com/ Origin https://www.trustwave.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Tue, 23 May 2023 20:05:51 GMT content-encoding gzip x-content-type-options nosniff age 218524 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 158245 x-xss-protection 0 last-modified Tue, 26 Apr 2022 15:30:10 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" vary Accept-Encoding report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 22 May 2024 20:05:51 GMT
GET H2	200	en.json Show response cookie-cdn.cookiepro.com/consent/c7ede6b6-5518-4502-94a5-673e62cff495/f45c1dcb-4e3d-4ab0-a829-22e58a3f19f6/	44 KB 10 KB	43ms 42ms	Fetch application/x-javascript	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/consent/c7ede6b6-5518-4502-94a5-673e62cff495/f45c1dcb-4e3d-4ab0-a829-22e58a3f19f6/en.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f8bc26c4789780ae3a330a2d348a7c806e3e019f852d543937745e0512d4e62 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 zSu/aRykCTI2vfMfJM1amQ== age 2717 x-ms-lease-status unlocked last-modified Tue, 23 May 2023 05:24:03 GMT server cloudflare vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 0a7af8b4-001e-0002-4e36-8d86f5000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c192da3676af-LHR
GET H2	200	otFlat.json Show response cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/	13 KB 3 KB	50ms 49ms	Fetch application/json	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/otFlat.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 iCAxFkQWfzfDHevR0IbBjg== age 68316 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:15 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 0de38b04-101e-0021-480e-8f1c36000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c1934ad076af-LHR expires Sat, 27 May 2023 08:47:55 GMT
GET H2	200	otPcCenter.json Show response cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/v2/	61 KB 13 KB	50ms 50ms	Fetch application/json	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/v2/otPcCenter.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 Nrtw9V+L/sfw1fri0BTPUA== age 68316 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:17 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 2df8f15d-301e-0054-760e-8f771a000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c1934ad576af-LHR expires Sat, 27 May 2023 08:47:55 GMT
GET H2	200	otCommonStyles.css Show response cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/	21 KB 4 KB	52ms 51ms	Fetch text/css	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/otCommonStyles.css Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 oWkBTLgDDXvrUsd93y/Zxg== age 68316 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:33 GMT server cloudflare vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id 64605b3e-a01e-009d-4b0e-8fcaf7000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c1934ad676af-LHR expires Sat, 27 May 2023 08:47:55 GMT
GET H2	200	json Show response forms.hsforms.com/embed/v3/form/21158977/92358282-9e9e-4fe6-a21f-c30c1e55336d/	53 KB 8 KB	236ms 157ms	XHR application/json	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21158977/92358282-9e9e-4fe6-a21f-c30c1e55336d/json?hs_static_app=forms-embed&hs_static_app_version=1.3243&X-HubSpot-Static-App-Info=forms-embed-1.3243 Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2e3a775deb70fda84736399b17ef36adb5e7f602728f1b6f05a778806f8584c8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-origin-hublet na1 date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC x-hubspot-correlation-id 3a8a09f9-9691-465d-a538-14df90380d8c x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 19 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c58b723f-ad96-4617-9128-f8c41b37e68a server cloudflare x-trace 2B228EF7259E94A204FB9E295C221329D520327648000000000000000000 vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.trustwave.com x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * cf-ray 7cd4c1944e8f2407-LHR x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-rgcrk
GET H2	200	blackoutintheredroom-hero-desktop.jpg trustwave.azureedge.net/media/14809/	424 KB 424 KB	59ms 58ms	Image image/jpeg	2a02:26f0:1700:d::1737:6ea4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.azureedge.net/media/14809/blackoutintheredroom-hero-desktop.jpg?rnd=131867887240000000 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 7919673a2b1bd05d93ab0a7a7dd3ddee7a77fee5b6fbf527231cc2b10922c73d Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT content-encoding gzip last-modified Thu, 15 Nov 2018 20:52:04 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 zUnd2DoD65sst47JKMBh7w== etag 0x8D64B3C32EA0AC4 vary Accept-Encoding content-type image/jpeg x-ms-request-id e5217ffe-501e-0088-6e13-848baf000000 cache-control public, max-age=30259777 x-ms-version 2009-09-19 x-ms-meta-createddate 11/15/2018 20:52:04 +00:00 content-length 433269
GET H/1.1	200 OK	9449054b6e599d2c6ae326fc940e1718f740d84d.jpg trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/ Redirect Chain https://www.trustwave.com/media/15280/news-release-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897043050000000 https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg	8 KB 9 KB	429ms 112ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash cb8fd428f0d96267a4df07e3603d7e9fc4f424096eec1923269d49efa9f31dbb Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Sat, 28 Jan 2023 22:58:04 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 YYg1/108u00f4mbVmhIfVw== ETag 0x8DB01831CE9037D x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id e761c622-b01e-0016-73ae-8f9871000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 8271 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:55 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/ Redirect Chain https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000 https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg	9 KB 10 KB	468ms 117ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:55 GMT Last-Modified Sat, 28 Jan 2023 22:26:27 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 MsdJ7/i6e4BXG2Gh7eeTmQ== ETag 0x8DB017EB2C0DC88 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id a3c77912-701e-007b-71ae-8f2c3a000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 9529 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:54 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	07e81c3ed0bbbd67ea8428bb33ab22e300f90720.jpg trustwave.blob.core.windows.net/cache/0/7/e/8/1/c/ Redirect Chain https://www.trustwave.com/media/20005/scaward-finalist-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133294930110000000 https://trustwave.blob.core.windows.net/cache/0/7/e/8/1/c/07e81c3ed0bbbd67ea8428bb33ab22e300f90720.jpg	14 KB 14 KB	425ms 111ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/0/7/e/8/1/c/07e81c3ed0bbbd67ea8428bb33ab22e300f90720.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 8d4d9f666be245e925b384c6ae112d30cea6c4b5606c763eeb57a1d41ef9e257 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:55 GMT Last-Modified Thu, 25 May 2023 13:20:22 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 iKCHMJt5xLaaBdddnvDB+w== ETag 0x8DB5D22CB4625C6 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id d51a0ea4-201e-0092-7fae-8fea70000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 14168 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:55 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/0/7/e/8/1/c/07e81c3ed0bbbd67ea8428bb33ab22e300f90720.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H2	200	UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuOKfMZg.ttf fonts.gstatic.com/s/inter/v11/	297 KB 151 KB	64ms 63ms	Font font/ttf	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v11/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuOKfMZg.ttf Requested by Host: www.trustwave.com URL: https://www.trustwave.com/dist/css/styles.min.css?id=1037 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5948fc8f016a175f6dc4b0e00bc4dbbc93875315d7af4469ab7e4c0c47f4c269 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.trustwave.com/ Origin https://www.trustwave.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sun, 21 May 2023 00:15:57 GMT content-encoding gzip x-content-type-options nosniff age 462718 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 154459 x-xss-protection 0 last-modified Tue, 26 Apr 2022 15:40:33 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" vary Accept-Encoding report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 20 May 2024 00:15:57 GMT
GET H2	200	json Show response forms.hsforms.com/embed/v3/form/21158977/cfc901a2-eafd-46d4-a988-cdec75f02fd1/	53 KB 7 KB	190ms 190ms	XHR application/json	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21158977/cfc901a2-eafd-46d4-a988-cdec75f02fd1/json?hs_static_app=forms-embed&hs_static_app_version=1.3243&X-HubSpot-Static-App-Info=forms-embed-1.3243 Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f572403cf1fb839d3bb800cd79271aee2829cb7bfff4af90ea337f06f3b1d735 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-origin-hublet na1 date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC x-hubspot-correlation-id 176bb042-0925-4900-9245-6cb45a759ac9 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 60 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 28b3e4aa-452c-48b1-aa5f-f129cb4d57c8 server cloudflare x-trace 2B086D60AF5563B91E37705082435A79A8E065546A000000000000000000 vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.trustwave.com x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * cf-ray 7cd4c1945eab2407-LHR x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-c6p2z
GET H2	200	json Show response forms.hsforms.com/embed/v3/form/21158977/de7ea1d6-a749-4248-88db-dc813310bec6/	53 KB 7 KB	166ms 166ms	XHR application/json	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21158977/de7ea1d6-a749-4248-88db-dc813310bec6/json?hs_static_app=forms-embed&hs_static_app_version=1.3243&X-HubSpot-Static-App-Info=forms-embed-1.3243 Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dfaf5e143f29a9b21a09ac7e94a2d953c9599f5cae4af056183079983f417fb2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-origin-hublet na1 date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC x-hubspot-correlation-id fc691b8c-fbfd-4a68-8029-745e1952e742 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 19 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id cb452eb5-a480-4ada-bddf-acf8e2c17c61 server cloudflare x-trace 2BACDA0E78E4FAC44444D8829422ED1F8DB3795F0D000000000000000000 vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.trustwave.com x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * cf-ray 7cd4c1945ebb2407-LHR x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-g2zls
GET H2	200	optimize.js Show response www.google-analytics.com/gtm/	127 KB 48 KB	151ms 54ms	Script application/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/gtm/optimize.js?id=GTM-5B38B7F Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f360b8014453fd1251a0551c825c76b8c43417009d7a1100923f2e9a8c167088 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 49118 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 26 May 2023 08:47:55 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	154ms 44ms	Script application/x-javascript	2a02:26f0:480:f::213:7ec6 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 10 Jan 2023 17:22:56 GMT x-cdn AKAM vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=65896 accept-ranges bytes content-length 4777
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	146ms 42ms	Script application/javascript	146.75.120.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding gzip last-modified Thu, 27 Oct 2022 16:56:53 GMT etag "32ad004436155ec972bc50e6238b5b67+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15375 x-served-by cache-iad-kjyo7100081-IAD, cache-fra-etou8220118-FRA
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/494613180/	3 KB 2 KB	202ms 95ms	Script text/javascript	2a00:1450:4001:809::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/494613180/?random=1685090875607&cv=11&fst=1685090875607&bg=ffffff&guid=ON&async=1&gtm=45He35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&hn=www.googleadservices.com&frm=0&tiba=404%20Not%20Found%20%7C%20Trustwave&auid=555152905.1685090876&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f47b45fc19e182fd76f74dc9694ed77866fca3860ca99b15017b8f43dd24c823 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:55 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1365 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	activityi;dc_pre=CImhxNjMkv8CFdBZwgodyN0E9w;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=555152905.1685090876;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fb... Show response 10419288.fls.doubleclick.net/ Frame 2BD4 Redirect Chain https://10419288.fls.doubleclick.net/activityi;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=555152905.1685090876;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%... https://10419288.fls.doubleclick.net/activityi;dc_pre=CImhxNjMkv8CFdBZwgodyN0E9w;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=555152905.1685090876;u1=https%3A%2F%2Fwww....	658 B 657 B	92ms 90ms	Document text/html	142.250.185.230 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://10419288.fls.doubleclick.net/activityi;dc_pre=CImhxNjMkv8CFdBZwgodyN0E9w;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=555152905.1685090876;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.230 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f6.1e100.net Software cafe / Resource Hash ffcde29a0e6e3bfab9d1a8453da5a78afd734b90260c76bec22bcca38cbbde3a Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.trustwave.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-encoding br content-length 316 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Fri, 26 May 2023 08:47:55 GMT expires Fri, 26 May 2023 08:47:55 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe strict-transport-security max-age=21600 timing-allow-origin * x-content-type-options nosniff x-xss-protection 0 Redirect headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Fri, 26 May 2023 08:47:55 GMT expires Fri, 01 Jan 1990 00:00:00 GMT follow-only-when-prerender-shown 1 location https://10419288.fls.doubleclick.net/activityi;dc_pre=CImhxNjMkv8CFdBZwgodyN0E9w;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=555152905.1685090876;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F? p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" pragma no-cache server cafe strict-transport-security max-age=21600 timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H2	200	activityi;dc_pre=CKWyxNjMkv8CFSdIwgodGuUIUA;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=555152905.1685090876;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%... Show response 9785483.fls.doubleclick.net/ Frame AEDC Redirect Chain https://9785483.fls.doubleclick.net/activityi;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=555152905.1685090876;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=http... https://9785483.fls.doubleclick.net/activityi;dc_pre=CKWyxNjMkv8CFSdIwgodGuUIUA;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=555152905.1685090876;uaa=;uab=;uafvl=;uam=;...	531 B 652 B	89ms 87ms	Document text/html	142.250.185.230 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://9785483.fls.doubleclick.net/activityi;dc_pre=CKWyxNjMkv8CFSdIwgodGuUIUA;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=555152905.1685090876;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.230 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f6.1e100.net Software cafe / Resource Hash d42681813885f6d03d51c440153b8efd1c4baf86fb6e74abd902e4ea09ffd817 Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.trustwave.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-encoding br content-length 311 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Fri, 26 May 2023 08:47:55 GMT expires Fri, 26 May 2023 08:47:55 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe strict-transport-security max-age=21600 timing-allow-origin * x-content-type-options nosniff x-xss-protection 0 Redirect headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Fri, 26 May 2023 08:47:55 GMT expires Fri, 01 Jan 1990 00:00:00 GMT follow-only-when-prerender-shown 1 location https://9785483.fls.doubleclick.net/activityi;dc_pre=CKWyxNjMkv8CFSdIwgodGuUIUA;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=555152905.1685090876;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F? p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" pragma no-cache server cafe strict-transport-security max-age=21600 timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	106 KB 28 KB	139ms 43ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 7fee08728b501812ba1c44658ad4ef459c107d78bd6e5b27c8ff80f110c34c04 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 26 May 2023 08:47:55 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27500 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug luBaUC6TaZkZ9mMSN+rWKXzQKo/DRCqQCRGr3QJyxeqYdM5OQM/FsYnzQSWC09mu+H2+cr17VAjW8syBw1s5HQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 1679558926 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	96dff353-a928-44b4-b1d0-6432c69133ba_eu.js Show response cdn.mouseflow.com/projects/ Redirect Chain https://cdn.mouseflow.com/projects/96dff353-a928-44b4-b1d0-6432c69133ba.js https://cdn.mouseflow.com/projects/96dff353-a928-44b4-b1d0-6432c69133ba_eu.js	192 KB 56 KB	35ms 34ms	Script application/javascript	151.139.128.10 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.mouseflow.com/projects/96dff353-a928-44b4-b1d0-6432c69133ba_eu.js Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Server 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS map3.hwcdn.net Software Mouseflow / Resource Hash d8853765941c9472bf47ba0c4b54571754ae5d5e1ac966de641979a90b3739d8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload last-modified Sat, 06 May 2023 08:08:53 GMT server Mouseflow etag W/"bd9c4efff17fd91:0" x-cache-status MISS x-hw 1685090875.cds292.lo4.hn,1685090875.cds250.lo4.c content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control max-age=86400 accept-ranges bytes content-length 57402 Redirect headers date Fri, 26 May 2023 08:47:55 GMT x-hw 1685090875.cds292.lo4.hn,1685090875.cds073.lo4.c location https://cdn.mouseflow.com/projects/96dff353-a928-44b4-b1d0-6432c69133ba_eu.js access-control-allow-origin * cache-control max-age=86400 accept-ranges bytes x-hw-loc https://cdn.mouseflow.com/projects/96dff353-a928-44b4-b1d0-6432c69133ba.js content-length 0
GET H2	200	22616067.js Show response js-na1.hs-scripts.com/	978 B 652 B	148ms 148ms	Script application/javascript	2606:4700::6812:883b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-na1.hs-scripts.com/22616067.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:883b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash db89b1a5e7d2ebc8f09c3c109e177ef9b82fe723845ed72cb9c8e4ddc3942941 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding br cf-cache-status EXPIRED x-hubspot-correlation-id 7f73c4ae-0300-471f-9457-f93c7dc628ac x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 4 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ff2964ce-28d1-4671-bf16-7458c0e92acd last-modified Fri, 26 May 2023 08:40:44 GMT server cloudflare x-trace 2BEE4C02073329D9B4B5C12BB6061B73631C3D7CA9000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.trustwave.com x-evy-trace-virtual-host all cache-control public, max-age=30 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-ds89m cf-ray 7cd4c194e924889d-LHR
GET H2	200	js Show response www.googletagmanager.com/gtag/	257 KB 86 KB	51ms 50ms	Script application/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-DP8B111F8E&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e5f9545c5fc6f2b37532061e0a31f8bc7587af08640ca428729229eb054e2035 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 88198 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 26 May 2023 08:47:55 GMT
GET H2	200	json Show response forms.hsforms.com/embed/v3/form/21158977/68741a11-8e56-4f23-ba7f-b2307e77714c/	2 KB 1 KB	144ms 143ms	XHR application/json	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21158977/68741a11-8e56-4f23-ba7f-b2307e77714c/json?hs_static_app=forms-embed&hs_static_app_version=1.3243&X-HubSpot-Static-App-Info=forms-embed-1.3243 Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b59775b401171a4114af5eecfd53d072fbcda7840439c4f1f87c64d7b62480b9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-origin-hublet na1 date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC x-hubspot-correlation-id 468b7721-3e68-408a-b384-af819ce84371 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 4bc3a23f-3eb2-4cb0-b129-3c34a200b640 server cloudflare x-trace 2BF611B5D12D5EBD871E43086DB5E7A599D5F5E3F2000000000000000000 vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.trustwave.com x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * cf-ray 7cd4c1950fd62407-LHR x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-llkhw
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	152ms 46ms	Script application/x-javascript	104.102.38.132 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: trustwave.azureedge.net URL: https://trustwave.azureedge.net/dist/js/legacy.min.js?id=1037 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-102-38-132.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Fri, 26 May 2023 08:47:55 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Content-Type application/x-javascript Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	fpv2.min.js Show response www.atmrum.net/client/v1/atm/	3 KB 3 KB	28ms 27ms	Script application/javascript	204.79.197.234 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.atmrum.net/client/v1/atm/fpv2.min.js Requested by Host: www.atmrum.net URL: https://www.atmrum.net/rum.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 32ea28e4cc9fb2662d406bc5e859f774b58f927861c31864c33cb81aa8263aac Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:54 GMT x-content-type-options nosniff last-modified Mon, 15 May 2023 20:41:01 GMT x-msedge-ref Ref A: 0EF40D59CB774C6FB95790E17875CF43 Ref B: MAN30EDGE0622 Ref C: 2023-05-26T08:47:55Z etag 0x8D501F7AFB7338D x-cache CONFIG_NOCACHE content-type application/javascript access-control-allow-origin * access-control-expose-headers X-MSEdge-Ref cache-control no-store accept-ranges bytes timing-allow-origin * content-length 2983
GET H2	200	c7ede6b6-5518-4502-94a5-673e62cff495.json Show response cookie-cdn.cookiepro.com/consent/c7ede6b6-5518-4502-94a5-673e62cff495/	3 KB 2 KB	43ms 43ms	XHR application/x-javascript	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/consent/c7ede6b6-5518-4502-94a5-673e62cff495/c7ede6b6-5518-4502-94a5-673e62cff495.json Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 809765ad9401369a9a87159ade197a7893be54c78de5e0c1995f77efbde4a286 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 FlMWWNWt99scM6fkHGo+qw== age 3533 x-ms-lease-status unlocked last-modified Tue, 23 May 2023 05:24:03 GMT server cloudflare vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 9756ce2a-f01e-0016-1336-8dce9a000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c1958e5b76af-LHR
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 3 KB	116ms 40ms	Script application/javascript	2606:4700::6810:77be CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/21158977.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:77be , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 483ec486a8c947a82da6462397dbe386bebab6b2921f517c35e2b9cb53498c89 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT x-amz-version-id UWz6VDoRBzzIc_vph_dNl5MbrO6eX90N via 1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop IAD12-P3 age 220 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.377/bundles/pixels-release.js&cfRay=7cd4bc31fdc18868-IAD x-cache Hit from cloudfront cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b4626b62-d24d-40c8-9d8e-6ed11601b8c1 last-modified Mon, 22 May 2023 03:15:08 UTC server cloudflare etag W/"862fe95a42e7a27927f5d04635cd29ab" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-frzj9 cf-ray 7cd4c196089245a0-LHR x-amz-cf-id t8G7jIHq22Od_bLxKbh04qTi-dIN8DpJo66R5Q49jtIET_2YO3Sw0A== x-hs-target-asset adsscriptloaderstatic/static-1.377/bundles/pixels-release.js
GET H2	200	21158977.js Show response js.hs-analytics.net/analytics/1685090700000/	65 KB 21 KB	622ms 547ms	Script text/javascript	2606:4700::6810:88ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1685090700000/21158977.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/21158977.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 50db239fad03ff7abb9d828d01d410abbb1763f4fd43c5d07c072595947e5310 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT x-amz-version-id null content-encoding br cf-cache-status MISS x-amz-request-id BK8P9NC7TM2CV17W x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 105 x-amz-id-2 jqzYLsfIUN+NKXA3eA9fDnDFZ7sKgRt9qwSbV6IqX7vFBenvPjMKBKoYUzirojgAmSXwii/bbeU= x-evy-trace-listener listener_https x-request-id b1c7e1e9-5d5c-48be-bc86-340a117d5acc x-evy-trace-route-configuration listener_https/all last-modified Tue, 18 Apr 2023 14:39:28 GMT server cloudflare etag W/"87eaf3eaf11b3e44fae493483ee28c7c" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ns2gd cache-control max-age=300,public access-control-allow-credentials false cf-ray 7cd4c1960e0576ef-LHR expires Fri, 26 May 2023 08:52:56 GMT
GET H2	200	banner.js Show response js.hs-banner.com/v2/21158977/	208 KB 64 KB	131ms 55ms	Script text/javascript	2606:4700::6812:18c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/21158977/banner.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/21158977.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 41bdcfcdf1e89eafa41aac26a7a182657d998da97a6947df75fc834b03bfce34 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT x-amz-version-id iMJM8Ff5wOplnGkr_h5sZuejikBDFh81 content-encoding br cf-cache-status HIT x-amz-request-id BYZEHZ1CXSSF6MWV x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 age 20 x-envoy-upstream-service-time 75 x-amz-id-2 U4at3kvE2N7pob9BQNO01PO5btDE5CqtobxvxNQnD3CbBlWkkflxMr9N2MT3oumvofCkcFj95Vg= x-evy-trace-listener listener_https x-request-id 54003bdf-caa3-4f00-ba85-d90462d5c836 x-evy-trace-route-configuration listener_https/all last-modified Mon, 17 Apr 2023 18:03:54 GMT server cloudflare etag W/"4d73c43d9254f8d277ed4f5a0d78d27b" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://support.trustwave.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7 vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 7cd4c1960e0676ef-LHR expires Fri, 26 May 2023 08:52:35 GMT
GET H2	200	collectedforms.js Show response js.hscollectedforms.net/	69 KB 25 KB	132ms 56ms	Script application/javascript	2606:4700::6811:69c7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hscollectedforms.net/collectedforms.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/21158977.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:69c7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1e1bce508370a6994bd3e0e67c257f06875e16ca2038c27f498616a0f0d55687 Request headers Referer https://www.trustwave.com/ Origin https://www.trustwave.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT x-amz-version-id SGo7xq5b6d1kUu6c8SU5YR.mobmUICUY via 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop IAD12-P3 age 259 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.370/bundles/project.js&cfRay=7cd4bb419b4d23e9-IAD x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 74430ee0-2083-4872-ad2a-b39d9b2f3928 last-modified Tue, 09 May 2023 08:44:18 UTC server cloudflare etag W/"d1b16df440198d59c993c4956b7fded6" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all x-hs-cache-status HIT cache-control s-maxage=600, max-age=300 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-xhv87 cf-ray 7cd4c196182d24e9-LHR x-amz-cf-id g-9L6Jo5pPqiyXsW2cKicNTqabj-4TmlXe1Iwhpd6qVL7-uu_EGweg== x-hs-target-asset collected-forms-embed-js/static-1.370/bundles/project.js
GET H2	200	v2.js Show response js.hsforms.net/forms/embed/ Frame 014E	526 KB 164 KB	49ms 49ms	Script application/javascript	2606:4700::6810:ba41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/embed/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:ba41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6068122af5aaf3871c283132bb19ddafc391f4cb78126882ca18a7c5f4c03611 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-encoding br age 588 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3243/bundles/project-v2.js&cfRay=7cd4b3361da9dd3b-IAD x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"a5301b6f08ed64649a3390f949aa4175" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3243/bundles/project-v2.js date Fri, 26 May 2023 08:47:55 GMT x-amz-version-id l7bHRIBQ6TE8MnbN5jsE1ccMSwu0_dqN via 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id a4300c93-f5a9-4e08-bb08-21b908a0f5cb last-modified Tue, 23 May 2023 10:19:29 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Y4Wfwdfn2OMa9%2BN34oZ9mubU3ARAT6k8tw%2FlvUfntFjJPxSeW7LKiS2d68fdvDTL19FKXzGx0%2FnTpXhQw%2BAkhHDuwIxsO%2FfGdYoKcXUSiiRopsXg2bIkInn9bxrxmVD%2FFYE%2BbcislK%2BVYAq"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-x5fmx cf-ray 7cd4c195bd58dd50-LHR x-amz-cf-id HR9GGnHMOruDjmIlKD2Pz5rbymBO8JPe5Lfw9X0c9wi-fHJ72xYjBg==
GET H2	200	v2.js Show response js.hsforms.net/forms/embed/ Frame B1FF	526 KB 164 KB	54ms 54ms	Script application/javascript	2606:4700::6810:ba41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/embed/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:ba41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6068122af5aaf3871c283132bb19ddafc391f4cb78126882ca18a7c5f4c03611 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-encoding br age 588 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3243/bundles/project-v2.js&cfRay=7cd4b3361da9dd3b-IAD x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"a5301b6f08ed64649a3390f949aa4175" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3243/bundles/project-v2.js date Fri, 26 May 2023 08:47:55 GMT x-amz-version-id l7bHRIBQ6TE8MnbN5jsE1ccMSwu0_dqN via 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id a4300c93-f5a9-4e08-bb08-21b908a0f5cb last-modified Tue, 23 May 2023 10:19:29 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HA%2FkiYQSpqhcyZMTR%2FXVi1a7CWh0OazHWHBQGBmOgT5n5Lmsa0Y5ObaZnGo5GAY796sErqxKrSxnphIW99TdHCZpCoBlRHKrYPV8ePdKxDxZ19DJy9OuGcRreJ8fjfucgKwYV7W8fa%2FfTDa%2F"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-x5fmx cf-ray 7cd4c195cd8fdd50-LHR x-amz-cf-id HR9GGnHMOruDjmIlKD2Pz5rbymBO8JPe5Lfw9X0c9wi-fHJ72xYjBg==
GET H2	200	v2.js Show response js.hsforms.net/forms/embed/ Frame 4F02	526 KB 164 KB	60ms 60ms	Script application/javascript	2606:4700::6810:ba41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/embed/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:ba41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6068122af5aaf3871c283132bb19ddafc391f4cb78126882ca18a7c5f4c03611 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-encoding br age 588 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3243/bundles/project-v2.js&cfRay=7cd4b3361da9dd3b-IAD x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"a5301b6f08ed64649a3390f949aa4175" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3243/bundles/project-v2.js date Fri, 26 May 2023 08:47:55 GMT x-amz-version-id l7bHRIBQ6TE8MnbN5jsE1ccMSwu0_dqN via 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id a4300c93-f5a9-4e08-bb08-21b908a0f5cb last-modified Tue, 23 May 2023 10:19:29 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKeZ0lbR%2B%2BLtFRvCv4dbX0TuyDnOg1v8mH15WrJ3CsRZ37LvkrZE60XotOMYTm%2FMLa7Bnsp5HhHv6aOh6Fn3VZ%2BMHX%2FrHYTZM1Qhfm5QkFY8%2BuREL9vT59neRrPGRPWSnkmnityU3kwDpZ6b"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-x5fmx cf-ray 7cd4c195dd97dd50-LHR x-amz-cf-id HR9GGnHMOruDjmIlKD2Pz5rbymBO8JPe5Lfw9X0c9wi-fHJ72xYjBg==
GET H2	200	ot_guard_logo.svg Show response cookie-cdn.cookiepro.com/logos/static/	497 B 451 B	42ms 42ms	Fetch image/svg+xml	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/logos/static/ot_guard_logo.svg Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 tXyZydHjxQshFMbbBT1/8A== age 10579 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:33 GMT server cloudflare vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 64ce9fb5-a01e-0069-7f0e-8f0101000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c195ef0176af-LHR expires Sat, 27 May 2023 08:47:55 GMT
GET H2	200	cookiepro_logo.png cookie-cdn.cookiepro.com/logos/static/	35 KB 36 KB	53ms 53ms	Image image/png	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 088dbe5e4bb2f902e2e7c62ca7a15bae5cb55f4708d99f7c4daae7148a19a865 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status HIT content-md5 IipuN9Einq/0wIZw6VIt/g== age 51631 cf-polished origSize=36419 content-length 36343 x-ms-lease-status unlocked cf-bgj imgq:100,h2pri last-modified Thu, 25 May 2023 07:08:34 GMT server cloudflare etag 0x8DB5CEEDAB39F84 vary Accept-Encoding content-type image/png access-control-allow-origin * x-ms-request-id fbc281ba-501e-0052-1aea-8e44a5000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 7cd4c195ff544165-LHR expires Sat, 27 May 2023 08:47:55 GMT
GET H2	200	poweredBy_cp_logo.svg cookie-cdn.cookiepro.com/logos/static/	5 KB 2 KB	44ms 44ms	Image image/svg+xml	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 uInNdQwuuw8s7lYl3cE7eQ== age 52313 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:33 GMT server cloudflare vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 2dc091c6-001e-0084-3eea-8e4a4c000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c195ff574165-LHR expires Sat, 27 May 2023 08:47:55 GMT
GET H2	200	anchor Show response www.google.com/recaptcha/api2/ Frame 4966	50 KB 27 KB	74ms 74ms	Document text/html	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=jm4i8g9cbqv Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash fcee775a21529d7cc095926b29d3160b422c42a54ad9a95e2de9664c9729be1b Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-AlDzAiwTROyxMfVcLyP4Xg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.trustwave.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-length 27612 content-security-policy script-src 'report-sample' 'nonce-AlDzAiwTROyxMfVcLyP4Xg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Fri, 26 May 2023 08:47:55 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	t.js Show response vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/	35 KB 11 KB	158ms 54ms	Script application/javascript	52.222.236.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.222.236.103 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-236-103.fra56.r.cloudfront.net Software nginx/1.10.3 (Ubuntu) / Resource Hash 9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:20:41 GMT via 1.1 2ffde5fadc46cbcc3a678e8713ed76b0.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P4 age 1738 x-cache Hit from cloudfront last-modified Tue, 25 Apr 2023 14:50:08 GMT server nginx/1.10.3 (Ubuntu) vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript;charset=utf-8 access-control-allow-origin * access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization cache-control public, s-maxage=2700 access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization x-amz-cf-id NIN4IGpZnJUZZGimnFviQ5x2cR2wJIQFYu1UECFn7AXEeye3lZZxYg==
GET H2	200	en-us.json Show response www.trustwave.com/locale/en-us/LC_MESSAGES/	1 KB 650 B	277ms 276ms	XHR application/json	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/locale/en-us/LC_MESSAGES/en-us.json Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ X-Requested-With XMLHttpRequest Request-Id |b/V7c.pSEw2 accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 23 May 2023 07:53:48 GMT server x-aspnet-version etag "0ed4b44b8dd91:0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/json accept-ranges bytes content-length 590 x-xss-protection 1; mode=block
GET H2	200	ja-jp.json Show response www.trustwave.com/locale/ja-jp/LC_MESSAGES/	1 KB 925 B	298ms 297ms	XHR application/json	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/locale/ja-jp/LC_MESSAGES/ja-jp.json Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ X-Requested-With XMLHttpRequest Request-Id |b/V7c.k0kSG accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 23 May 2023 07:53:48 GMT server x-aspnet-version etag "0ed4b44b8dd91:0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/json accept-ranges bytes content-length 877 x-xss-protection 1; mode=block
GET H2	200	de-de.json Show response www.trustwave.com/locale/de-de/LC_MESSAGES/	1 KB 612 B	301ms 298ms	XHR application/json	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/locale/de-de/LC_MESSAGES/de-de.json Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ X-Requested-With XMLHttpRequest Request-Id |b/V7c.XzMDb accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:47:55 GMT last-modified Tue, 23 May 2023 07:53:48 GMT server x-aspnet-version etag "0ed4b44b8dd91:0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/json accept-ranges bytes content-length 564 x-xss-protection 1; mode=block
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 644 B	179ms 143ms	Image image/gif	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hubspot-correlation-id 2d68de79-34dd-4105-b5d5-e7c8f6f81b29 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 606f246c-be0a-41e9-85e1-189abeb3b7d5 server cloudflare x-trace 2B913AE9F1AB00189BDC0698D051A9099C6E8393B7000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-w9hvc access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 7cd4c1968aecdd2b-LHR
POST H2	204	collect region1.analytics.google.com/g/	0 257 B	113ms 36ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-DP8B111F8E&gtm=45je35o0&_p=2145031151&_gaz=1&cid=1910463862.1685090876&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1685090875&sct=1&seg=0&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&dt=404%20Not%20Found%20%7C%20Trustwave&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-DP8B111F8E&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.trustwave.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 257 B	117ms 40ms	Ping text/plain	2a00:1450:400c:c0c::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-DP8B111F8E&cid=1910463862.1685090876&gtm=45je35o0&aip=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-DP8B111F8E&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.trustwave.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.co.uk/ads/	42 B 108 B	275ms 167ms	Image image/gif	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DP8B111F8E&cid=1910463862.1685090876&gtm=45je35o0&aip=1&z=1950457332 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	en.json Show response cookie-cdn.cookiepro.com/consent/c7ede6b6-5518-4502-94a5-673e62cff495/f45c1dcb-4e3d-4ab0-a829-22e58a3f19f6/	44 KB 10 KB	41ms 41ms	Fetch application/x-javascript	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/consent/c7ede6b6-5518-4502-94a5-673e62cff495/f45c1dcb-4e3d-4ab0-a829-22e58a3f19f6/en.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f8bc26c4789780ae3a330a2d348a7c806e3e019f852d543937745e0512d4e62 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 zSu/aRykCTI2vfMfJM1amQ== age 2717 x-ms-lease-status unlocked last-modified Tue, 23 May 2023 05:24:03 GMT server cloudflare vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 0a7af8b4-001e-0002-4e36-8d86f5000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c196a81b76af-LHR
GET H2	200	analytics.js Show response www.google-analytics.com/	51 KB 20 KB	45ms 44ms	Script text/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:35:34 GMT last-modified Mon, 17 Apr 2023 22:36:01 GMT server Golfe2 age 742 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20737 expires Fri, 26 May 2023 10:35:34 GMT
GET H3	200	styles__ltr.css www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ Frame 4966	55 KB 24 KB	143ms 54ms	Stylesheet text/css	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=jm4i8g9cbqv Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 25 May 2023 15:43:36 GMT content-encoding gzip x-content-type-options nosniff age 61460 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 24605 x-xss-protection 0 last-modified Mon, 22 May 2023 20:58:33 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Fri, 24 May 2024 15:43:36 GMT
GET H3	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ Frame 4966	407 KB 163 KB	142ms 54ms	Script text/javascript	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=jm4i8g9cbqv Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 25 May 2023 16:59:19 GMT content-encoding gzip x-content-type-options nosniff age 56917 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 166449 x-xss-protection 0 last-modified Mon, 22 May 2023 20:58:33 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Fri, 24 May 2024 16:59:19 GMT
GET H2	200	adsct t.co/i/	43 B 377 B	218ms 135ms	Image image/gif	104.244.42.133 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=36d554a7-3ba2-41b8-9ab9-90d1e8a44243&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9ab523fe-056d-4d8d-a4c4-609fdf78c03d&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ya5&type=javascript&version=2.3.29 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.133 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_f / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-response-time 104 date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=0 server tsa_f content-type image/gif;charset=utf-8 x-transaction-id 8ab0ce700c32e09e cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 85969fe521d0f03da765a48e2b4abe941a6ce3c06eb9af61d65593a73ad4e3a5 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 396 B	213ms 137ms	Image image/gif	104.244.42.3 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=36d554a7-3ba2-41b8-9ab9-90d1e8a44243&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9ab523fe-056d-4d8d-a4c4-609fdf78c03d&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ya5&type=javascript&version=2.3.29 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.3 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_f / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-response-time 105 date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=631138519 server tsa_f content-type image/gif;charset=utf-8 x-transaction-id 26816587e7ee717f cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 0ba93ba49fb17a0feaa02a2d997bad8a4892a7244c40cc7c7ca632c9d7d79a63 content-length 43
GET H2	200	adsct t.co/i/	43 B 224 B	218ms 135ms	Image image/gif	104.244.42.133 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=7196d06e-5e5a-40b7-be9c-5574fe5d87bc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9ab523fe-056d-4d8d-a4c4-609fdf78c03d&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ya5&type=javascript&version=2.3.29 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.133 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_f / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-response-time 104 date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=0 server tsa_f content-type image/gif;charset=utf-8 x-transaction-id 49694f9a073acb52 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 85969fe521d0f03da765a48e2b4abe941a6ce3c06eb9af61d65593a73ad4e3a5 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 210 B	214ms 138ms	Image image/gif	104.244.42.3 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=7196d06e-5e5a-40b7-be9c-5574fe5d87bc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9ab523fe-056d-4d8d-a4c4-609fdf78c03d&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ya5&type=javascript&version=2.3.29 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.3 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_f / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-response-time 105 date Fri, 26 May 2023 08:47:55 GMT strict-transport-security max-age=631138519 server tsa_f content-type image/gif;charset=utf-8 x-transaction-id 426dc0109de72e60 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 0ba93ba49fb17a0feaa02a2d997bad8a4892a7244c40cc7c7ca632c9d7d79a63 content-length 43
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/70652/domain/trustwave.com/	36 B 365 B	136ms 43ms	XHR application/json	2600:9000:20eb:c800:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/70652/domain/trustwave.com/token Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:c800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:43:36 GMT content-encoding gzip via 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 age 260 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=3600 x-amz-cf-id t12HgRRxXjfXJlXFLmG02pfWPW2kDwffwEakRcr11FiTQ6zZL0GJEA==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-d... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-d... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26time%3D1685090876023%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-d... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-...	0 267 B	176ms 116ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&cookiesTest=true&liSync=true&e_ipv6=AQI0z56a_X9VzQAAAYhXPj4xIJDdAkdb3GAJ54oa68tbgLBrBcpI3ryQEVldjEhgmGk Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 7BCC3D43F2814A42811326BD5BDD23A0 Ref B: MAN30EDGE0516 Ref C: 2023-05-26T08:47:57Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAX8lMsljO5C5m2gR8I2iA== Redirect headers date Fri, 26 May 2023 08:47:56 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 0FE1963784ED46B9AD985251C09A917F Ref B: LON04EDGE1206 Ref C: 2023-05-26T08:47:56Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1685090876023&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&cookiesTest=true&liSync=true&e_ipv6=AQI0z56a_X9VzQAAAYhXPj4xIJDdAkdb3GAJ54oa68tbgLBrBcpI3ryQEVldjEhgmGk x-li-proto http/2 content-length 0 x-li-uuid AAX8lMsi16TcWAD91r69VQ==
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/70652/domain/trustwave.com/	36 B 365 B	135ms 44ms	XHR application/json	2600:9000:20eb:c800:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/70652/domain/trustwave.com/token Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:c800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:43:36 GMT content-encoding gzip via 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 age 260 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=3600 x-amz-cf-id CBq9N6GuXQxjxDAi5twJ1dVHOl6c0FkUuHxm2ESylRM4Xi9JMaxYxw==
GET H2	200	fpconfig.min.json Show response www.atmrum.net/conf/v1/atm/	191 B 496 B	81ms 27ms	XHR application/json	204.79.197.234 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.atmrum.net/conf/v1/atm/fpconfig.min.json Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:55 GMT x-content-type-options nosniff last-modified Mon, 15 May 2023 20:41:01 GMT x-msedge-ref Ref A: B705575A9A824031A0A0155D185E33BF Ref B: MAN30EDGE0908 Ref C: 2023-05-26T08:47:56Z etag 0x8D501F7AFB7338D x-cache CONFIG_NOCACHE content-type application/json access-control-allow-origin * access-control-expose-headers X-MSEdge-Ref cache-control no-store accept-ranges bytes timing-allow-origin * content-length 191
GET H2	200	banner.js Show response js.hs-banner.com/v2/22616067/	208 KB 63 KB	50ms 50ms	Script text/javascript	2606:4700::6812:18c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/22616067/banner.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/22616067.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash da4930c4e2d094593053693f2cac229c05d428ce6b4c416bf9eb04d2eef1ad3f Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT x-amz-version-id ._GE.Okii_2mgI5Rl1tOpWUBxogl5Sss content-encoding br cf-cache-status HIT x-amz-request-id JHYWD2MPSEQF3CWR age 31 x-amz-server-side-encryption AES256 x-amz-id-2 tWt+LRehhAxz7e7pMm90lly4sXKBKL7UEXiesjvAzk1g3RNOUBipaBfjuncFPVD1K4Y4QtlXFCE= last-modified Mon, 17 Apr 2023 19:04:40 GMT server cloudflare etag W/"e2bcaa98ffb59d9558fccb7cff32e673" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.trustwave.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300, public access-control-allow-credentials true vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 7cd4c1974fc676ef-LHR expires Fri, 26 May 2023 08:52:25 GMT
GET H2	200	657537318161329 Show response connect.facebook.net/signals/config/	300 KB 86 KB	45ms 44ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/657537318161329?v=2.9.104&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3144e24fbb430659d657641476c83f64df5094a0ec56ccd4d049c0dd013af55e Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 87996 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug XcBMEhsmo28vlDhkijl/TNTAnyXbrj/t7H0b+DRkyGoojouhXVZeKooFosunLOn6eqjCyCr7NmmizKklZu4A+w== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 1679558926 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	dc_pre=CKWyxNjMkv8CFSdIwgodGuUIUA;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=*;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fe... adservice.google.com/ddm/fls/z/ Frame AEDC	42 B 402 B	186ms 81ms	Image image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CKWyxNjMkv8CFSdIwgodGuUIUA;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=*;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F Requested by Host: 9785483.fls.doubleclick.net URL: https://9785483.fls.doubleclick.net/activityi;dc_pre=CKWyxNjMkv8CFSdIwgodGuUIUA;src=9785483;type=siter0;cat=siter00;ord=3001036642943;gtm=45He35o0;auiddc=555152905.1685090876;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F? Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://9785483.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	dc_pre=CImhxNjMkv8CFdBZwgodyN0E9w;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=*;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnick... adservice.google.com/ddm/fls/z/ Frame 2BD4	42 B 108 B	188ms 84ms	Image image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CImhxNjMkv8CFdBZwgodyN0E9w;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=*;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F Requested by Host: 10419288.fls.doubleclick.net URL: https://10419288.fls.doubleclick.net/activityi;dc_pre=CImhxNjMkv8CFdBZwgodyN0E9w;src=10419288;type=trust0;cat=trust0;ord=4668011367572;gtm=45He35o0;auiddc=555152905.1685090876;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F? Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://10419288.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 669 B	226ms 148ms	Image image/gif	2606:4700::6811:d3f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d3f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hubspot-correlation-id 0339af0d-0233-4302-85f2-f0f76c82deec x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c51441a7-b076-4de6-a21d-3090eebd126e server cloudflare x-trace 2B57A46AAAFDC7FFE0EAE1760BEDA888BFD5B102EA000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-jn5ls access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 7cd4c197eedb772c-LHR
GET H3	200	/ www.google.com/pagead/1p-user-list/494613180/	42 B 64 B	57ms 56ms	Image image/gif	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/494613180/?random=1685090875607&cv=11&fst=1685088000000&bg=ffffff&guid=ON&async=1&gtm=45He35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&frm=0&tiba=404%20Not%20Found%20%7C%20Trustwave&fmt=3&is_vtc=1&random=3335262706&rmt_tld=0&ipr=y Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.co.uk/pagead/1p-user-list/494613180/	42 B 456 B	55ms 55ms	Image image/gif	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.co.uk/pagead/1p-user-list/494613180/?random=1685090875607&cv=11&fst=1685088000000&bg=ffffff&guid=ON&async=1&gtm=45He35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&frm=0&tiba=404%20Not%20Found%20%7C%20Trustwave&fmt=3&is_vtc=1&random=3335262706&rmt_tld=1&ipr=y Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	50ms 50ms	Script application/x-javascript	104.102.38.132 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-102-38-132.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Fri, 26 May 2023 08:47:56 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Sun, 03 Sep 2023 08:47:56 GMT
GET H2	200	css2 fonts.googleapis.com/ Frame 014E	7 KB 785 B	58ms 54ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2a6d7a06a4458b56f188177654688a18648aaf4800feee0a4a09a858f46bc920 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 26 May 2023 08:47:56 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 26 May 2023 07:29:44 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 26 May 2023 08:47:56 GMT
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	50 B 1 KB	223ms 147ms	XHR application/json	2606:4700::6811:c9cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=22616067 Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dbc438358bff6d1933a1bf280a0c0bd2f4f30864487a12cc0526acd877a9e636 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 457aeb01-a882-4a28-8456-3e1ecab26aef x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 94049b96-8b29-48c4-b439-6790ee084103 server cloudflare x-trace 2BE6FF91DED6AFCB14BD3C3200CDCE76F7716BEE10000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.trustwave.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-x5sgr access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRSvw9N%2FbkTa6NLCsXA6OObJ8aV9UrIWy%2FIWnkkb%2Fle3FWgGPIOkxYvuyOtlnjtnV1BlIMn%2Fg5MpQQ%2BiXEGSuUVTvtebJZugpb1PAZsL6Vzq2n%2FBa8liYkNvBq4U9vHRfdSJjV0tjTCloVXg"}],"group":"cf-nel","max_age":604800} cf-ray 7cd4c198dcc945a1-LHR access-control-allow-headers *
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 609 B	141ms 140ms	Image image/gif	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hubspot-correlation-id a1d3eec2-9c25-4bf4-afba-09f96ca0f575 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 2fc9a76b-71b6-4ff4-b084-f9952f627671 server cloudflare x-trace 2B9A74065CB34E3A4D089A40D1C04B225DBFE92CD7000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-zlsgj access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 7cd4c1986e32dd2b-LHR
GET H2	200	css2 fonts.googleapis.com/ Frame B1FF	7 KB 761 B	51ms 51ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2a6d7a06a4458b56f188177654688a18648aaf4800feee0a4a09a858f46bc920 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 26 May 2023 08:47:56 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 26 May 2023 08:39:14 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 26 May 2023 08:47:56 GMT
GET H2	200	otFlat.json Show response cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/	13 KB 3 KB	44ms 44ms	Fetch application/json	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/otFlat.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 iCAxFkQWfzfDHevR0IbBjg== age 68317 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:15 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 0de38b04-101e-0021-480e-8f1c36000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c198aaec76af-LHR expires Sat, 27 May 2023 08:47:56 GMT
GET H2	200	otPcCenter.json Show response cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/v2/	61 KB 13 KB	45ms 45ms	Fetch application/json	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/v2/otPcCenter.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 Nrtw9V+L/sfw1fri0BTPUA== age 68317 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:17 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 2df8f15d-301e-0054-760e-8f771a000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c198aaed76af-LHR expires Sat, 27 May 2023 08:47:56 GMT
GET H2	200	otCommonStyles.css Show response cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/	21 KB 4 KB	49ms 48ms	Fetch text/css	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/assets/otCommonStyles.css Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 oWkBTLgDDXvrUsd93y/Zxg== age 68317 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:33 GMT server cloudflare vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id 64605b3e-a01e-009d-4b0e-8fcaf7000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c198aaee76af-LHR expires Sat, 27 May 2023 08:47:56 GMT
GET H2	200	IsUserAusi Show response www.trustwave.com/umbraco/surface/AJAX/	5 B 198 B	702ms 701ms	XHR text/html	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/umbraco/surface/AJAX/IsUserAusi Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept */* Referer https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ X-Requested-With XMLHttpRequest Request-Id |b/V7c.JuNd1 accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:47:56 GMT server x-aspnet-version vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 cache-control private content-length 123 x-xss-protection 1; mode=block
GET H2	200	IsUserAPAC Show response www.trustwave.com/umbraco/surface/AJAX/	5 B 181 B	1351ms 1350ms	XHR text/html	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/umbraco/surface/AJAX/IsUserAPAC Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept */* Referer https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ X-Requested-With XMLHttpRequest Request-Id |b/V7c.nuFDZ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 08:47:56 GMT server x-aspnet-version vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 cache-control private content-length 123 x-xss-protection 1; mode=block
GET H/1.1	200 OK	58b135fd368eb235cd256be903a8b4c987f148d2.jpg trustwave.blob.core.windows.net/cache/5/8/b/1/3/5/ Redirect Chain https://www.trustwave.com/media/20002/gartner-finney-daniels-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133294076750000000 https://trustwave.blob.core.windows.net/cache/5/8/b/1/3/5/58b135fd368eb235cd256be903a8b4c987f148d2.jpg	19 KB 20 KB	108ms 107ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/5/8/b/1/3/5/58b135fd368eb235cd256be903a8b4c987f148d2.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 2c513fccfb3872792dea568709d40e195a5a649c95498aad2141ded336854b96 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Wed, 24 May 2023 13:31:15 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 rx169qCLwmkOVrmY4+9JFg== ETag 0x8DB5C5B25ECD1C5 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id d51a10bf-201e-0092-62ae-8fea70000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 19904 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:55 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/5/8/b/1/3/5/58b135fd368eb235cd256be903a8b4c987f148d2.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	0d71acae8e12982972f59ddbc822756306c8f47a.jpg trustwave.blob.core.windows.net/cache/0/d/7/1/a/c/ Redirect Chain https://www.trustwave.com/media/19973/meritalk-award-bill-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133288893510000000 https://trustwave.blob.core.windows.net/cache/0/d/7/1/a/c/0d71acae8e12982972f59ddbc822756306c8f47a.jpg	13 KB 14 KB	109ms 108ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/0/d/7/1/a/c/0d71acae8e12982972f59ddbc822756306c8f47a.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash e7a7bc79d549bc189186538f5b1faa22be6aa9a9178612511760a60f1affddc3 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Thu, 18 May 2023 13:37:36 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 kX8zPZTz1dp7o1wlxBB72A== ETag 0x8DB57A50AE70815 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id e761c8d8-b01e-0016-72ae-8f9871000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 13694 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:55 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/0/d/7/1/a/c/0d71acae8e12982972f59ddbc822756306c8f47a.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	f1863c4abe3b043f7aaea6065378cab8168b8a15.jpg trustwave.blob.core.windows.net/cache/f/1/8/6/3/c/ Redirect Chain https://www.trustwave.com/media/19965/email-onprem-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133288062240000000 https://trustwave.blob.core.windows.net/cache/f/1/8/6/3/c/f1863c4abe3b043f7aaea6065378cab8168b8a15.jpg	20 KB 21 KB	109ms 109ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/f/1/8/6/3/c/f1863c4abe3b043f7aaea6065378cab8168b8a15.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash a240a5d23021e68a163b9e0ae80e8be99d05a28799b4131f1af218394ceadf72 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Wed, 17 May 2023 14:54:00 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 VlTZQKZgr6ujO1JyueWsNw== ETag 0x8DB56E68CB808D6 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id a3c77c9e-701e-007b-44ae-8f2c3a000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 20513 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:55 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/f/1/8/6/3/c/f1863c4abe3b043f7aaea6065378cab8168b8a15.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	eb0da513ed51b34be13244865d9a3b3dcbe91398.jpg trustwave.blob.core.windows.net/cache/e/b/0/d/a/5/ Redirect Chain https://www.trustwave.com/media/19963/healthcare-vuln-blog-header.jpg?anchor=center&mode=crop&width=400&rnd=133287222250000000 https://trustwave.blob.core.windows.net/cache/e/b/0/d/a/5/eb0da513ed51b34be13244865d9a3b3dcbe91398.jpg	21 KB 21 KB	217ms 109ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/e/b/0/d/a/5/eb0da513ed51b34be13244865d9a3b3dcbe91398.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 19b62ec75b74c05595dcc2b6c5aafd2e00b96e35682a1b63dcc79b871031f591 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Tue, 16 May 2023 14:51:51 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 bXrivX02sAdc8gLDuLbLcA== ETag 0x8DB561D157C7B2E x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id d51a10ee-201e-0092-0cae-8fea70000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 21380 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:55 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/e/b/0/d/a/5/eb0da513ed51b34be13244865d9a3b3dcbe91398.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	c49fda0dd9f3f5d003b41a43e1f73097f367a6b9.png trustwave.blob.core.windows.net/cache/c/4/9/f/d/a/ Redirect Chain https://www.trustwave.com/media/19957/you-cant-afford-not-to-address-data-protection-cover.png?anchor=center&mode=crop&width=400&rnd=133286493490000000 https://trustwave.blob.core.windows.net/cache/c/4/9/f/d/a/c49fda0dd9f3f5d003b41a43e1f73097f367a6b9.png	48 KB 49 KB	250ms 141ms	Image image/png	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/c/4/9/f/d/a/c49fda0dd9f3f5d003b41a43e1f73097f367a6b9.png Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash ac576a86ad5f1aa122baa02e35e22c29ed74fd72154b97ce77cdd3dcd7d6bc51 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Mon, 15 May 2023 18:37:13 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 tmoU01ztvhp/aKKVghJDKQ== ETag 0x8DB557366B6EFDF x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/png x-ms-request-id e761c93f-b01e-0016-50ae-8f9871000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 49311 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:55 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/c/4/9/f/d/a/c49fda0dd9f3f5d003b41a43e1f73097f367a6b9.png cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	204cf497c61ab89519fbadcd95ddc8cb060df3c3.png trustwave.blob.core.windows.net/cache/2/0/4/c/f/4/ Redirect Chain https://www.trustwave.com/media/19888/gartner-mg-dfir-cover-final-1.png?anchor=center&mode=crop&width=400&rnd=133263964820000000 https://trustwave.blob.core.windows.net/cache/2/0/4/c/f/4/204cf497c61ab89519fbadcd95ddc8cb060df3c3.png	68 KB 68 KB	112ms 111ms	Image image/png	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/2/0/4/c/f/4/204cf497c61ab89519fbadcd95ddc8cb060df3c3.png Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash fd8758a7364be6e1441f1c850a1ce786ed466a11902a1e642f1c78edbf9214e2 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Fri, 21 Apr 2023 04:04:38 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 LZilR64bj99HUVpXEDkNyg== ETag 0x8DB421D870099FE x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/png x-ms-request-id 41cc1640-901e-005c-47ae-8f3bfe000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 69452 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/2/0/4/c/f/4/204cf497c61ab89519fbadcd95ddc8cb060df3c3.png cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	c095193c5893c5d49c78ff3a8072562367da85f2.jpg trustwave.blob.core.windows.net/cache/c/0/9/5/1/9/ Redirect Chain https://www.trustwave.com/media/19841/dbss-deeperdive-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=133251881780000000 https://trustwave.blob.core.windows.net/cache/c/0/9/5/1/9/c095193c5893c5d49c78ff3a8072562367da85f2.jpg	28 KB 28 KB	109ms 108ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/c/0/9/5/1/9/c095193c5893c5d49c78ff3a8072562367da85f2.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 72586084345c15bf8881758a9f4944102eeb85d77bb1c73016801da52809398f Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Thu, 06 Apr 2023 01:55:16 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 l72UUUGZSxOUpU7grFkrCQ== ETag 0x8DB3641F83A9002 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id a3c77e84-701e-007b-77ae-8f2c3a000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 28414 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/c/0/9/5/1/9/c095193c5893c5d49c78ff3a8072562367da85f2.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	8ff6c291b513ba5e3757bcba503b98a7d6f435b1.png trustwave.blob.core.windows.net/cache/8/f/f/6/c/2/ Redirect Chain https://www.trustwave.com/media/19802/fs-coy23-cover.png?anchor=center&mode=crop&width=400&rnd=133250145860000000 https://trustwave.blob.core.windows.net/cache/8/f/f/6/c/2/8ff6c291b513ba5e3757bcba503b98a7d6f435b1.png	66 KB 67 KB	216ms 108ms	Image image/png	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/8/f/f/6/c/2/8ff6c291b513ba5e3757bcba503b98a7d6f435b1.png Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 360f609b735f1178ecbc7433f1bb44f41cd440651790f4ff89db2f3fdf3b6bf1 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Mon, 03 Apr 2023 17:12:59 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 /VgHgv2YsUJsAkmn/Fd0iA== ETag 0x8DB3466AD10BEF5 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/png x-ms-request-id a3c77dea-701e-007b-72ae-8f2c3a000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 67604 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/8/f/f/6/c/2/8ff6c291b513ba5e3757bcba503b98a7d6f435b1.png cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	99e09fffa669761a4c71219b9c334cc029afca2e.png trustwave.blob.core.windows.net/cache/9/9/e/0/9/f/ Redirect Chain https://www.trustwave.com/media/19804/fs-ams-pss23-cover.png?anchor=center&mode=crop&width=400&rnd=133250155270000000 https://trustwave.blob.core.windows.net/cache/9/9/e/0/9/f/99e09fffa669761a4c71219b9c334cc029afca2e.png	17 KB 18 KB	109ms 108ms	Image image/png	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/9/9/e/0/9/f/99e09fffa669761a4c71219b9c334cc029afca2e.png Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 53fbe3fbe36b571c3aeb98eeee8fc7d94e4b5dbf69e27fe16feffea8d8a4ced2 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Tue, 04 Apr 2023 10:30:39 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 h3BH/Cmp2syH9BzZ1z3Bzw== ETag 0x8DB34F7A2B42C57 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/png x-ms-request-id a3c77da7-701e-007b-35ae-8f2c3a000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 17545 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/9/9/e/0/9/f/99e09fffa669761a4c71219b9c334cc029afca2e.png cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	0f07fd871adf5dfc0df601a7c496bfc9ae603139.jpg trustwave.blob.core.windows.net/cache/0/f/0/7/f/d/ Redirect Chain https://www.trustwave.com/media/19771/faces-modern-adversary-ams-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=133246729160000000 https://trustwave.blob.core.windows.net/cache/0/f/0/7/f/d/0f07fd871adf5dfc0df601a7c496bfc9ae603139.jpg	29 KB 30 KB	108ms 108ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/0/f/0/7/f/d/0f07fd871adf5dfc0df601a7c496bfc9ae603139.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 299bcab0c235769fa13ae1f032aefb78da5b4958a0d1876ef415ccff811751bb Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Thu, 30 Mar 2023 19:50:30 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 rCXv9AaOYqMtow4wXFyr2A== ETag 0x8DB31580492C111 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id e761ca63-b01e-0016-4aae-8f9871000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 29871 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/0/f/0/7/f/d/0f07fd871adf5dfc0df601a7c496bfc9ae603139.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	3022fa1f06e2d4b482585dcd5221101a558197f8.jpg trustwave.blob.core.windows.net/cache/3/0/2/2/f/a/ Redirect Chain https://www.trustwave.com/media/19772/dbss-channel-webinar-social-meta-blank.jpg?anchor=center&mode=crop&width=400&rnd=133246733070000000 https://trustwave.blob.core.windows.net/cache/3/0/2/2/f/a/3022fa1f06e2d4b482585dcd5221101a558197f8.jpg	37 KB 38 KB	107ms 107ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/3/0/2/2/f/a/3022fa1f06e2d4b482585dcd5221101a558197f8.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 5da5519da2cb6e58312f9c3a7461b0a43dad5aa99ceb78e48fee672337882cf6 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Thu, 30 Mar 2023 19:50:30 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 N9414xpTJ+jaq8W8o9J4FQ== ETag 0x8DB315804B33CA7 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id d51a11dd-201e-0092-57ae-8fea70000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 38342 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/3/0/2/2/f/a/3022fa1f06e2d4b482585dcd5221101a558197f8.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	ed1af10c26d6d5649a307e932326545b0bf1782d.jpg trustwave.blob.core.windows.net/cache/e/d/1/a/f/1/ Redirect Chain https://www.trustwave.com/media/19744/chatgpt-webinar-social-meta-2.jpg?anchor=center&mode=crop&width=400&rnd=133239047770000000 https://trustwave.blob.core.windows.net/cache/e/d/1/a/f/1/ed1af10c26d6d5649a307e932326545b0bf1782d.jpg	29 KB 30 KB	111ms 111ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/e/d/1/a/f/1/ed1af10c26d6d5649a307e932326545b0bf1782d.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 473bf16a19eb5fe42a46f779954782113b0dfd4d828faf0a7650180bada168cd Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Tue, 21 Mar 2023 20:50:53 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 Da6L0kMPgXqG+gSrGMnxSw== ETag 0x8DB2A4DF66E8F90 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id f5dee4f3-901e-002e-6fae-8f3cb1000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 29853 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/e/d/1/a/f/1/ed1af10c26d6d5649a307e932326545b0bf1782d.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	54fcb5c8e155c96f865e545546bb2ced00c744e6.jpg trustwave.blob.core.windows.net/cache/5/4/f/c/b/5/ Redirect Chain https://www.trustwave.com/media/19725/mg-experts-attack-surface-cover.jpg?anchor=center&mode=crop&width=400&rnd=133233562350000000 https://trustwave.blob.core.windows.net/cache/5/4/f/c/b/5/54fcb5c8e155c96f865e545546bb2ced00c744e6.jpg	52 KB 52 KB	214ms 107ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/5/4/f/c/b/5/54fcb5c8e155c96f865e545546bb2ced00c744e6.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 4a465fb6f639dff72082c2a02c3482904ef1b23a0236ef46ab7e1f0aed454120 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Fri, 17 Mar 2023 06:15:14 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 TZ3PGhoEgQ8L4RN2HboJ5A== ETag 0x8DB26AEF8C5BCB0 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id e761cac1-b01e-0016-1cae-8f9871000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 53226 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/5/4/f/c/b/5/54fcb5c8e155c96f865e545546bb2ced00c744e6.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	327742a7e2540f861a2e3a910fd18ee6fe6cab31.jpg trustwave.blob.core.windows.net/cache/3/2/7/7/4/2/ Redirect Chain https://www.trustwave.com/media/19654/hybridworld-social-meta-2.jpg?anchor=center&mode=crop&width=400&rnd=133222654120000000 https://trustwave.blob.core.windows.net/cache/3/2/7/7/4/2/327742a7e2540f861a2e3a910fd18ee6fe6cab31.jpg	34 KB 34 KB	229ms 122ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/3/2/7/7/4/2/327742a7e2540f861a2e3a910fd18ee6fe6cab31.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 3122e1c5069146b1c3c229711364fb42f9cd031b482a92801a9d72c7347621ae Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Thu, 02 Mar 2023 21:34:06 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 n1a0VZ6ykkJQ3FJ94/Nghw== ETag 0x8DB1B65D9F1E6DE x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id d51a122f-201e-0092-1cae-8fea70000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 34633 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/3/2/7/7/4/2/327742a7e2540f861a2e3a910fd18ee6fe6cab31.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	2854f92a51dc81e2d2eb4fc6b928b424468708a7.jpg trustwave.blob.core.windows.net/cache/2/8/5/4/f/9/ Redirect Chain https://www.trustwave.com/media/18819/84f8713a-dec2-4ea1-a2e1-c9539387a984.jpg?anchor=center&mode=crop&width=400&rnd=133023734580000000 https://trustwave.blob.core.windows.net/cache/2/8/5/4/f/9/2854f92a51dc81e2d2eb4fc6b928b424468708a7.jpg	23 KB 23 KB	356ms 124ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/2/8/5/4/f/9/2854f92a51dc81e2d2eb4fc6b928b424468708a7.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash a84320c913f09bd22ea612f3bc3d8e7d2f70f3f04f2cb72de4e7ae2447187292 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Fri, 15 Jul 2022 15:55:16 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 YPurlwjEzMZ1EWCLJ6daOg== ETag 0x8DA667A69872D1D x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id 41cc1786-901e-005c-63ae-8f3bfe000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 23233 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/2/8/5/4/f/9/2854f92a51dc81e2d2eb4fc6b928b424468708a7.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	5439d1c7ebd9f3c4cf0fcdfe793c5ff6322058df.jpg trustwave.blob.core.windows.net/cache/5/4/3/9/d/1/ Redirect Chain https://www.trustwave.com/media/18722/tommdr-cover.jpg?anchor=center&mode=crop&width=400&rnd=132996224440000000 https://trustwave.blob.core.windows.net/cache/5/4/3/9/d/1/5439d1c7ebd9f3c4cf0fcdfe793c5ff6322058df.jpg	22 KB 23 KB	300ms 167ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/5/4/3/9/d/1/5439d1c7ebd9f3c4cf0fcdfe793c5ff6322058df.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 817cf506c8efdbe536f5901616bf081e2be9b7584eb12e7792ea19c9444353a1 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Tue, 19 Jul 2022 14:05:19 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 nR1ER244mw9E4PRrayXF2Q== ETag 0x8DA698FB6CB2199 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id e761cb22-b01e-0016-75ae-8f9871000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 22624 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/5/4/3/9/d/1/5439d1c7ebd9f3c4cf0fcdfe793c5ff6322058df.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	6ff32843c417453035371dda932646eb62a0841e.png trustwave.blob.core.windows.net/cache/6/f/f/3/2/8/ Redirect Chain https://www.trustwave.com/media/18396/cc1383_ms_misa_trustwave_sentinel_thumbnail-1.png?anchor=center&mode=crop&width=400&rnd=132863034280000000 https://trustwave.blob.core.windows.net/cache/6/f/f/3/2/8/6ff32843c417453035371dda932646eb62a0841e.png	20 KB 20 KB	241ms 107ms	Image image/png	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/6/f/f/3/2/8/6ff32843c417453035371dda932646eb62a0841e.png Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 357030a9f648a77c7bda8631c53364919a5eb235bb56cf6d3da325a200c9e5bf Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Tue, 10 Jan 2023 16:15:48 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 FIgZRymynTOUquRADYrdEw== ETag 0x8DAF325EF8D63EA x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/png x-ms-request-id f5dee5d6-901e-002e-39ae-8f3cb1000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 20072 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/6/f/f/3/2/8/6ff32843c417453035371dda932646eb62a0841e.png cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	d2a1af98fea52e45492a66b0e49f50285909ca3d.png trustwave.blob.core.windows.net/cache/d/2/a/1/a/f/ Redirect Chain https://www.trustwave.com/media/18395/cc1383_ms_misa_trustwave_endpoint_thumbnail-1.png?anchor=center&mode=crop&width=400&rnd=132863032610000000 https://trustwave.blob.core.windows.net/cache/d/2/a/1/a/f/d2a1af98fea52e45492a66b0e49f50285909ca3d.png	21 KB 21 KB	243ms 108ms	Image image/png	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/d/2/a/1/a/f/d2a1af98fea52e45492a66b0e49f50285909ca3d.png Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash f74c13b3439cb1eeedbee295e293d75854d45f598d52c0e036edcf6fd02bddef Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Tue, 10 Jan 2023 16:15:48 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 naHtzTuRX3x/c9H54QplXQ== ETag 0x8DAF325EF8CC7C1 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/png x-ms-request-id a3c77e33-701e-007b-33ae-8f2c3a000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 21330 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/d/2/a/1/a/f/d2a1af98fea52e45492a66b0e49f50285909ca3d.png cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	833084489786ec974d068ff001ee6d7b9450a20d.jpg trustwave.blob.core.windows.net/cache/8/3/3/0/8/4/ Redirect Chain https://www.trustwave.com/media/18369/mvra-1920x1080-cover-2.jpg?anchor=center&mode=crop&width=400&rnd=132835521820000000 https://trustwave.blob.core.windows.net/cache/8/3/3/0/8/4/833084489786ec974d068ff001ee6d7b9450a20d.jpg	34 KB 34 KB	354ms 118ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/8/3/3/0/8/4/833084489786ec974d068ff001ee6d7b9450a20d.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash d69586d35d3802d3d71caca939a836844075f008094d40c3afe1c9d7bbaacf09 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Fri, 09 Dec 2022 20:14:07 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 zFNpl+s1AMS+TfcR7luEfw== ETag 0x8DADA21ECF6CA27 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id f5dee63b-901e-002e-12ae-8f3cb1000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 34392 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/8/3/3/0/8/4/833084489786ec974d068ff001ee6d7b9450a20d.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	a141204bd3d040b527136999dbcf449ab36b47b2.jpg trustwave.blob.core.windows.net/cache/a/1/4/1/2/0/ Redirect Chain https://www.trustwave.com/media/19977/chatgpt-webinar-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=133292449220000000 https://trustwave.blob.core.windows.net/cache/a/1/4/1/2/0/a141204bd3d040b527136999dbcf449ab36b47b2.jpg	32 KB 32 KB	256ms 109ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/a/1/4/1/2/0/a141204bd3d040b527136999dbcf449ab36b47b2.jpg Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 4f970b54e11a6a745d7b0c6591373e7442bf4ab41cbb30808aee7ab8da54eab0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:56 GMT Last-Modified Mon, 22 May 2023 16:02:46 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 3ueDGMEsha+tzaokOKvXVg== ETag 0x8DB5ADDFBBDC0EE x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id d51a127d-201e-0092-5fae-8fea70000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 32380 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/a/1/4/1/2/0/a141204bd3d040b527136999dbcf449ab36b47b2.jpg cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H/1.1	200 OK	a88291a0c297c06670b78d6a15c1185d097e3aa7.png trustwave.blob.core.windows.net/cache/a/8/8/2/9/1/ Redirect Chain https://www.trustwave.com/media/19712/microsoftteams-image-1.png?anchor=center&mode=crop&width=400&rnd=133229500950000000 https://trustwave.blob.core.windows.net/cache/a/8/8/2/9/1/a88291a0c297c06670b78d6a15c1185d097e3aa7.png	8 KB 8 KB	339ms 111ms	Image image/jpeg	52.239.171.228 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://trustwave.blob.core.windows.net/cache/a/8/8/2/9/1/a88291a0c297c06670b78d6a15c1185d097e3aa7.png Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol HTTP/1.1 Server 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 4becef474d3ea9bd6d4a8bc03814e706ce193b2dd730dc97b423a967e41a5fe0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Fri, 26 May 2023 08:47:57 GMT Last-Modified Fri, 10 Mar 2023 20:09:26 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 utg0dwee7Fo+7n+2WXULTg== ETag 0x8DB21A359735889 x-ms-meta-ImageProcessedBy ImageProcessor.Web/4.10.0.100 Content-Type image/jpeg x-ms-request-id de12a083-101e-000f-33ae-8f18ca000000 Cache-Control public, max-age=31536000 x-ms-version 2009-09-19 Content-Length 7757 Redirect headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server x-aspnet-version x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 location https://trustwave.blob.core.windows.net/cache/a/8/8/2/9/1/a88291a0c297c06670b78d6a15c1185d097e3aa7.png cache-control no-cache content-length 219 x-xss-protection 1; mode=block
GET H2	200	MaterialIcons-Regular.woff2 www.trustwave.com/fonts/material-icons/	43 KB 43 KB	1190ms 1188ms	Font application/x-font-woff2	52.151.96.240 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.trustwave.com/fonts/material-icons/MaterialIcons-Regular.woff2 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/dist/css/styles.min.css?id=1037 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.trustwave.com/dist/css/styles.min.css?id=1037 Origin https://www.trustwave.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff last-modified Tue, 23 May 2023 07:53:02 GMT server x-aspnet-version etag "0369994b8dd91:0" x-frame-options SAMEORIGIN content-type application/x-font-woff2 accept-ranges bytes content-length 44300 x-xss-protection 1; mode=block
GET H2	200	json Show response forms.hscollectedforms.net/collected-forms/v1/config/	116 B 475 B	128ms 127ms	XHR application/json	2606:4700::6811:69c7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=21158977&utk= Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:69c7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 932082305544d3426acaefac13815f07c276046aee77847071d1dfc1754636e4 Request headers Accept application/json, text/plain, */* Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT content-encoding br cf-cache-status DYNAMIC x-hubspot-correlation-id 44c7ce24-788d-462e-bc31-bd759bac1550 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 3 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d7f70337-a384-4672-9378-e8fa30266cac server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.trustwave.com x-evy-trace-virtual-host all cache-control max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-5flz8 access-control-max-age 180 x-robots-tag none access-control-allow-headers * cf-ray 7cd4c1997e1124e9-LHR
GET H3	200	css2 fonts.googleapis.com/ Frame 4F02	7 KB 687 B	53ms 52ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2a6d7a06a4458b56f188177654688a18648aaf4800feee0a4a09a858f46bc920 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 26 May 2023 08:47:56 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 26 May 2023 07:29:48 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 26 May 2023 08:47:56 GMT
GET H2	200	generic match.adsrvr.org/track/cmf/	70 B 266 B	143ms 43ms	Image image/gif	52.223.40.198 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://match.adsrvr.org/track/cmf/generic?ttd_pid=id17evj&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|a0f60aa3-328c-462e-b79a-86b8ea8cba76 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.223.40.198 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-type image/gif pragma no-cache date Fri, 26 May 2023 08:47:56 GMT cache-control private,no-cache, must-revalidate x-aspnet-version 4.0.30319 content-length 70 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET H2	200	t.gif wec-assets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/	43 B 298 B	431ms 332ms	Image image/gif	18.66.122.59 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://wec-assets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif?d=a0f60aa3-328c-462e-b79a-86b8ea8cba76&s=76b82aee-d8b9-4aaa-a9bb-e9b2f0f5685c&p=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&cb=1685090876396&t=404%20Not%20Found%20%7C%20Trustwave&r=&e=page_viewed&u=bfb2c8fb-2249-4665-b548-8bf3823922b6-1685090876396 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.59 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-59.fra60.r.cloudfront.net Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000 via 1.1 a4233498d2bd44dbd411d60d86f8334e.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P2 x-cache Miss from cloudfront content-type image/gif content-length 43 x-amz-cf-id 8legM6wjvTY9o5er59jlKmxSA18HcZBQjnR-7ozIIIt-OS1MUGSjhg==
GET H2	200	trans.gif 0952a406420af53caf3809de5e09fe95.azr.footprintdns.com/apc/	43 B 377 B	573ms 251ms	Image image/gif	2a01:111:f100:1003::4134:36d3 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://0952a406420af53caf3809de5e09fe95.azr.footprintdns.com/apc/trans.gif?914c456761b14cf58f54a4c180d2ddf9 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a01:111:f100:1003::4134:36d3 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-machinename ch1app011 x-content-type-options nosniff last-modified Wed, 10 May 2023 19:49:28 GMT server Microsoft-IIS/10.0 etag "054b1877883d91:0" x-powered-by ASP.NET content-type image/gif access-control-allow-origin * access-control-expose-headers X-UserHostAddress, X-EndPoint, X-FrontEnd, X-MachineName x-endpoint ch1prdapp01 accept-ranges bytes content-length 43 x-userhostaddress 2001:ac8:21::
GET H2	200	/ www.facebook.com/tr/	0 186 B	172ms 43ms	Image text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=657537318161329&ev=PageView&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&rl=&if=false&ts=1685090876437&sw=1600&sh=1200&v=2.9.104&r=stable&ec=0&o=30&fbp=fb.1.1685090876434.928046519&it=1685090876040&coo=false&rqm=GET Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H3	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 609 B	137ms 136ms	Image image/gif	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hubspot-correlation-id 49b8c555-5f42-425d-a7c9-b6d34aa5cc90 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e0e5c000-810b-47c6-b65d-c5e5bb348482 server cloudflare x-trace 2B56E48F2F18FA04964566FB0E84293D9C5BF786EA000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-dfxrz access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 7cd4c199f935dd2b-LHR
POST H3	200	collect Show response www.google-analytics.com/j/	4 B 24 B	51ms 51ms	XHR text/plain	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j100&a=2145031151&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&ul=en-us&de=UTF-8&dt=404%20Not%20Found%20%7C%20Trustwave&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABQAAAACAAI~&jid=1520997716&gjid=837453144&cid=1910463862.1685090876&tid=UA-123880220-1&_gid=1232995528.1685090876&_r=1&_slc=1&gtm=45He35o0n8154M2ZJN&z=203544650 Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.trustwave.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.0	200 OK	visitWebPage 815-rfm-693.mktoresp.com/webevents/	43 B 121 B	1062ms 174ms	Ping image/gif	199.15.214.243 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://815-rfm-693.mktoresp.com/webevents/visitWebPage?_mchNc=1685090876496&_mchCn=&_mchId=815-RFM-693&_mchTk=_mch-trustwave.com-1685090876495-77045&_mchHo=www.trustwave.com&_mchPo=&_mchRu=%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.15.214.243 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software BigIP / Resource Hash cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Connection Keep-Alive Content-Length 43 Server BigIP
GET H3	200	logo_48.png www.gstatic.com/recaptcha/api2/ Frame 4966	2 KB 2 KB	46ms 46ms	Image image/png	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/recaptcha/api2/logo_48.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Tue, 23 May 2023 14:33:37 GMT x-content-type-options nosniff age 238459 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2228 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type image/png cache-control public, max-age=604800 accept-ranges bytes expires Tue, 30 May 2023 14:33:37 GMT
GET H3	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 4966	15 KB 15 KB	44ms 43ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=jm4i8g9cbqv Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 23:28:35 GMT x-content-type-options nosniff age 465561 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 23:28:35 GMT
GET H3	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 4966	15 KB 15 KB	62ms 61ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=jm4i8g9cbqv Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 17:47:45 GMT x-content-type-options nosniff age 486011 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15552 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:33:02 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 17:47:45 GMT
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 608 B	145ms 144ms	Image image/gif	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=8 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hubspot-correlation-id 01785343-119f-453d-aa98-f7da328ec355 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 9e484ef4-949d-4937-8f82-fdd97d8dc418 server cloudflare x-trace 2B34888228FF5946D018D73828B9F9719771B31BB1000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-f4t27 access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 7cd4c19a7a39dd2b-LHR
GET H3	200	webworker.js www.google.com/recaptcha/api2/ Frame 4966	102 B 134 B	73ms 73ms	Other text/javascript	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=jm4i8g9cbqv Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 1bf768716a75b7620d341f775d10d79ee73a3a47f6609a24ca25dd88e4aeda95 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=jm4i8g9cbqv User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:56 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE cross-origin-embedder-policy require-corp x-frame-options SAMEORIGIN report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 112 x-xss-protection 1; mode=block expires Fri, 26 May 2023 08:47:56 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	7 B 155 B	48ms 47ms	XHR text/plain	2a00:1450:400c:c0c::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-123880220-1&cid=1910463862.1685090876&jid=1520997716&gjid=837453144&_gid=1232995528.1685090876&_u=YADAAEAAQAAAACAAI~&z=1734521623 Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.trustwave.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ot_guard_logo.svg Show response cookie-cdn.cookiepro.com/logos/static/	497 B 390 B	65ms 63ms	Fetch image/svg+xml	2606:4700::6812:1153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/logos/static/ot_guard_logo.svg Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202305.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 26 May 2023 08:47:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 tXyZydHjxQshFMbbBT1/8A== age 10580 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 07:08:33 GMT server cloudflare vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 64ce9fb5-a01e-0069-7f0e-8f0101000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 7cd4c19aae3176af-LHR expires Sat, 27 May 2023 08:47:56 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	71ms 70ms	Image image/gif	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-123880220-1&cid=1910463862.1685090876&jid=1520997716&_u=YADAAEAAQAAAACAAI~&z=191626940 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.co.uk/ads/	42 B 108 B	68ms 67ms	Image image/gif	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-123880220-1&cid=1910463862.1685090876&jid=1520997716&_u=YADAAEAAQAAAACAAI~&z=191626940 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 08:47:56 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 31 B	45ms 44ms	Image text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=657537318161329&ev=Microdata&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&rl=&if=false&ts=1685090876941&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22404%20Not%20Found%20%7C%20Trustwave%22%2C%22meta%3Adescription%22%3A%22404%20Error%20means%20the%20page%20you%27ve%20requested%20doesn%27t%20exist.%20The%20page%20may%20have%20been%20removed%2C%20renamed%20or%20perhaps%20it%20just%20needed%20a%20day%20off.%20Maybe%20it%27s%20out%20there%2C%20somewhere...%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Asite_name%22%3A%22Trustwave%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Ftrustwave.azureedge.net%2Fmedia%2F14810%2Fblackoutintheredroom-hero-socialmeta.jpg%3Frnd%3D131867887250000000%22%2C%22og%3Atitle%22%3A%22404%20Not%20Found%20%7C%20Trustwave%22%2C%22og%3Adescription%22%3A%22404%20Error%20means%20the%20page%20you%27ve%20requested%20doesn%27t%20exist.%20The%20page%20may%20have%20been%20removed%2C%20renamed%20or%20perhaps%20it%20just%20needed%20a%20day%20off.%20Maybe%20it%27s%20out%20there%2C%20somewhere...%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.104&r=stable&ec=1&o=30&fbp=fb.1.1685090876434.928046519&it=1685090876040&coo=false&es=automatic&tm=3&rqm=GET Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	trans.gif 0952a406420af53caf3809de5e09fe95.azr.footprintdns.com/apc/	43 B 111 B	126ms 126ms	Image image/gif	2a01:111:f100:1003::4134:36d3 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://0952a406420af53caf3809de5e09fe95.azr.footprintdns.com/apc/trans.gif?cb582e73f1a0286987351a623916e01b Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a01:111:f100:1003::4134:36d3 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-machinename ch1app011 x-content-type-options nosniff last-modified Wed, 10 May 2023 19:49:28 GMT server Microsoft-IIS/10.0 etag "054b1877883d91:0" x-powered-by ASP.NET content-type image/gif access-control-allow-origin * access-control-expose-headers X-UserHostAddress, X-EndPoint, X-FrontEnd, X-MachineName x-endpoint ch1prdapp01 accept-ranges bytes content-length 43 x-userhostaddress 2001:ac8:21::
GET H2	200	trans.gif dc9696521f22d45588e1488918a62d92.azr.footprintdns.com/apc/	43 B 381 B	266ms 100ms	Image image/gif	2603:1020:b01:2::4a MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://dc9696521f22d45588e1488918a62d92.azr.footprintdns.com/apc/trans.gif?c60276d7d06929958d713dee387276e3 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2603:1020:b01:2::4a Geneva, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:57 GMT x-machinename gva20app032 x-content-type-options nosniff last-modified Wed, 10 May 2023 19:49:28 GMT server Microsoft-IIS/10.0 etag "054b1877883d91:0" x-powered-by ASP.NET content-type image/gif access-control-allow-origin * access-control-expose-headers X-UserHostAddress, X-EndPoint, X-FrontEnd, X-MachineName x-endpoint gva20prdapp03 accept-ranges bytes content-length 43 x-userhostaddress 2001:ac8:21::
GET H2	200	trans.gif dc9696521f22d45588e1488918a62d92.azr.footprintdns.com/apc/	43 B 111 B	50ms 50ms	Image image/gif	2603:1020:b01:2::4a MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://dc9696521f22d45588e1488918a62d92.azr.footprintdns.com/apc/trans.gif?f70ac4a820b1857962bf94cb0e14eee2 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2603:1020:b01:2::4a Geneva, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:57 GMT x-machinename gva20app032 x-content-type-options nosniff last-modified Wed, 10 May 2023 19:49:28 GMT server Microsoft-IIS/10.0 etag "054b1877883d91:0" x-powered-by ASP.NET content-type image/gif access-control-allow-origin * access-control-expose-headers X-UserHostAddress, X-EndPoint, X-FrontEnd, X-MachineName x-endpoint gva20prdapp03 accept-ranges bytes content-length 43 x-userhostaddress 2001:ac8:21::
GET H2	200	trans.gif 4a9e71566be447c087a1cfb5086a8f20.azr.footprintdns.com/apc/	43 B 381 B	284ms 103ms	Image image/gif	2603:1020:f01:2::30 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://4a9e71566be447c087a1cfb5086a8f20.azr.footprintdns.com/apc/trans.gif?3fb9d834a67c83c3d01b44bfc3ea4ec1 Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2603:1020:f01:2::30 Stavanger, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-machinename svg20app011 x-content-type-options nosniff last-modified Wed, 10 May 2023 19:49:28 GMT server Microsoft-IIS/10.0 etag "054b1877883d91:0" x-powered-by ASP.NET content-type image/gif access-control-allow-origin * access-control-expose-headers X-UserHostAddress, X-EndPoint, X-FrontEnd, X-MachineName x-endpoint svg20prdapp01 accept-ranges bytes content-length 43 x-userhostaddress 2001:ac8:21::
GET H2	200	trans.gif 4a9e71566be447c087a1cfb5086a8f20.azr.footprintdns.com/apc/	43 B 111 B	52ms 52ms	Image image/gif	2603:1020:f01:2::30 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://4a9e71566be447c087a1cfb5086a8f20.azr.footprintdns.com/apc/trans.gif?862c9779ba361c8d52062dad381affeb Requested by Host: www.trustwave.com URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/nickispy-c-android-malware-analysis-demo/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2603:1020:f01:2::30 Stavanger, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 08:47:56 GMT x-machinename svg20app011 x-content-type-options nosniff last-modified Wed, 10 May 2023 19:49:28 GMT server Microsoft-IIS/10.0 etag "054b1877883d91:0" x-powered-by ASP.NET content-type image/gif access-control-allow-origin * access-control-expose-headers X-UserHostAddress, X-EndPoint, X-FrontEnd, X-MachineName x-endpoint svg20prdapp01 accept-ranges bytes content-length 43 x-userhostaddress 2001:ac8:21::
GET H2	200	r.gif Show response www.atmrum.net/report/v1/atm/	7 B 163 B	26ms 26ms	XHR image/gif	204.79.197.234 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.atmrum.net/report/v1/atm/r.gif?MonitorID=atm&rid=8782cd6ce2688b7a4dfdfa6a15c164c3&w3c=true&prot=https:&v=2017061301&tag=602cc9bb0a513db2b327299487211347&DATA=[{%22RequestID%22:%220952a406420af53caf3809de5e09fe95%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:574},{%22RequestID%22:%220952a406420af53caf3809de5e09fe95%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:127},{%22RequestID%22:%22dc9696521f22d45588e1488918a62d92%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:266},{%22RequestID%22:%22dc9696521f22d45588e1488918a62d92%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:51},{%22RequestID%22:%224a9e71566be447c087a1cfb5086a8f20%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:285},{%22RequestID%22:%224a9e71566be447c087a1cfb5086a8f20%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:53}] Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash f82624464e9e95dfae29e0e54c360aff84dda3c419fc8c3bd10ef668bbe7df9e Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin https://www.trustwave.com date Fri, 26 May 2023 08:47:57 GMT cache-control no-store x-msedge-ref Ref A: 6E8DF5E749A24B23BCA0C9AEDA5815E5 Ref B: MAN30EDGE0908 Ref C: 2023-05-26T08:47:57Z content-type image/gif
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	207ms 141ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877869&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 0b16a505-08ce-4c4a-b535-a2ea33ad04b7 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 89fc0b97-0773-4391-9479-4509475cc90d server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BSvk400djE30kv0WvjRciCUezPB9aBRqOMObXzOpvd3MAL51X4qIutPoEdOizGssh8X1fGuLZRIAFuX9sCS8mL3GYxmfrkLPrvK433Qwb7%2BQCNnR5S0lh4KDgkMxkjLASHJq12UvjpKTp%2FTsYjP6"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-2c4rt x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a339d075c3-LHR x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 599 B	203ms 143ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=68741a11-8e56-4f23-ba7f-b2307e77714c&fci=1c936b61-b0d3-4662-a3e5-550b2a87d245&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877870&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c1babfcf-6a40-4b73-9045-2e6ce83cd442 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 6ef2d34f-7340-4f24-aa61-dbb4c82a08d5 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D6G%2BjJciTfVeWkYbk81QMIDHbRwBa5Sk5fUCOcjo4JXoG3Dju8F6F06GPrbghexnPE%2BdvTCWcFB6BZ6Uw%2BLZ8rW8VuBomi%2Be63ghYRok9vb1c%2BzB2dEk1fSDRofFMfRgXCS%2BAWiwLCfBbPP5WkAI"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-fccxc x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a339d575c3-LHR x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	203ms 144ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=68741a11-8e56-4f23-ba7f-b2307e77714c&fci=1c936b61-b0d3-4662-a3e5-550b2a87d245&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877871&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 9481f051-4b98-43e7-8ffe-c0c9ce13b106 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ea40211a-bc4a-4cb1-850e-885278916efd server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vwURbgwfuHp2RxhrMc3J%2FLELdbu1JPQ1mWQUqwTMkiGATcYgZ62Va%2Fiz0yayOswnO%2BZYHyehuIe2KhKOlwHcvJDmzMN9Tv5Iukgtj1E6uk%2BOE8UESImjKsbRPN%2BoIp9pGPh8cz84iktSQbQBK708"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-nzmfg x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a339d475c3-LHR x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 631 B	179ms 142ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=92358282-9e9e-4fe6-a21f-c30c1e55336d&fci=7337fead-93f8-4799-b673-d0a9db564abd&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877873&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 23fdafdd-fdd0-47f2-88fe-4cb51232ff5a p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e7c50d4f-ea44-4ff1-8cc3-af22885abff2 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTayvGrE5cNszGnKJO1c7R2RoKP8smxZOGHAtltkOZeSH%2FwrNIRspGFvmg8wslZxSDeVQSuyapA8tqSUW9yNL8oNohI4mHcHD2%2FRjNKSn5pt73lLM4rWE0u%2B12hG3FhsDHWTuZPBHI2C8CkH26bS"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-fccxc x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a339d675c3-LHR x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 636 B	186ms 149ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=92358282-9e9e-4fe6-a21f-c30c1e55336d&fci=7337fead-93f8-4799-b673-d0a9db564abd&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877873&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 7ef09ccf-0b0d-4fd7-aef9-7557285bbc70 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 7 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id bbee015e-77f0-4f26-9491-3e699fc4031e server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=raYIhJ9g30pUO%2FWsReHW9MUPuWXgUx%2FwRGW3XGuNmYJMst9wpJ3x8dnqY%2FaT0%2FjhpMCBQXjU0OvMhPVU1s93aqREqdlwC8PORRLmHOgxR19nWXSqyQIFVOgtz1WxGit8SZeu1Lzihb8x8hE31Sz5"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-86grs x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a339d275c3-LHR x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 643 B	179ms 142ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=de7ea1d6-a749-4248-88db-dc813310bec6&fci=9d868852-7935-49b8-9f1d-dbe50d2b7287&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877874&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 6c68a887-804f-487c-b786-a3d85b807a7e p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 0aca7103-1e4e-47d9-884a-304df07c48c6 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1H%2FkuxV94%2FnVmHXjdxk5jnup84DZLeBPqQ%2Fwf7vlZ7LD8K5Cx%2BexbFqPYmCbmPBXRRPlEfMkPkLoIqfBj0Y%2F0IpSMkDB8EwM4%2F4CwtssvIeIN79jlvmcpK%2BaGMdPNI0xZQrzFUREAJroZE7vlc1K"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a339d175c3-LHR x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	155ms 154ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=de7ea1d6-a749-4248-88db-dc813310bec6&fci=9d868852-7935-49b8-9f1d-dbe50d2b7287&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877875&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id a7eccb42-74f3-4bf3-aad2-3199eb7e47a7 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 0b00f26f-6298-4e4c-b694-68a832d0cf39 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70%2FMcQwpvw6Uo%2BWlyIYhcBXcCmr%2FP25Pb4RtIfiCdiB4wIVT2cACsET%2BOK3I%2FAWSFCuwrCZFAReFVsNpcnkTSIYBJvFEP47qWeVAQQL6Jpy0BYvDBuT8GM4DZJ4jqkG8HHDIe6KW5WWMW57oOAxp"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-mc94g x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a41adf75c3-LHR x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 596 B	137ms 137ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=cfc901a2-eafd-46d4-a988-cdec75f02fd1&fci=fd015141-7461-44ed-bd8d-d9d3bb6d65b9&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877876&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8d770b6b-02ae-46ca-9668-0b3b56a5ec97 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 0cfdb70f-4ffe-4914-8ca8-99627d5354aa server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SyRhLT%2B4RurX17oXnpdnHInbJIEXuyTO3SlRFkAQS1ROehjL5QcjgQ%2FfiQfwZnPHgzTEtifGJNP1Dct%2Bg0rfLl3f7trRMytTUQMmtBcU6RGR7%2F9e8sb%2F%2BSSmurCwW9Isx6dXOJAIELQGj%2FKi%2FFlz"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-nzmfg x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a41ae075c3-LHR x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 636 B	142ms 141ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=cfc901a2-eafd-46d4-a988-cdec75f02fd1&fci=fd015141-7461-44ed-bd8d-d9d3bb6d65b9&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1944070336&v=1.1&a=21158977&rcu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fmiscellaneous%2Ferror-pages%2F404%2F&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fnickispy-c-android-malware-analysis-demo%2F&t=404+Not+Found+%7C+Trustwave&cts=1685090877876&vi=69993304917fa35a30107888a5e2d677&nc=true&u=94548739.69993304917fa35a30107888a5e2d677.1685090877865.1685090877865.1685090877865.1&b=94548739.1.1685090877865&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.trustwave.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 08:47:58 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 2df06d9d-80ff-410e-aca4-bf9a491ed99c p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b948e17f-3acd-4421-a934-b8f5224508ec server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9tcZHGAS1J6vdRfDM6mEHX%2BNov0Xs1gRo5uN4mXkVMxjIgVrqHl2MbnGWINX3iRoOOCWK3%2FdoyBXHrh04Is4vGp3DTXEo%2FoLvdkKDFeytuB8FjKehOjdurbpC9dTpbk3rq%2BDFcs2bFtkTwvHzDWP"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-z7z79 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7cd4c1a41ae275c3-LHR x-robots-tag none
OPTIONS H2	200	track dc.services.visualstudio.com/v2/ Frame	0 0	147ms 38ms	Preflight	13.69.106.89 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://dc.services.visualstudio.com/v2/track Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.69.106.89 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type,sdk-context Access-Control-Request-Method POST Origin https://www.trustwave.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context access-control-allow-methods POST access-control-allow-origin * access-control-max-age 3600 content-length 0 date Fri, 26 May 2023 08:47:57 GMT x-content-type-options nosniff
POST H2	200	track Show response dc.services.visualstudio.com/v2/	98 B 283 B	134ms 133ms	XHR application/json	13.69.106.89 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://dc.services.visualstudio.com/v2/track Requested by Host: az416426.vo.msecnd.net URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.69.106.89 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 0ad86418b4e86571e77d3476d94457a6892c00ee72fd39e5f956ffa00a1222f8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://www.trustwave.com/ accept-language en-GB,en;q=0.9 Sdk-Context appId User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Content-type application/json Response headers x-ms-session-id 916A4DA0-B22C-46C0-89CA-FDD75FA97FBF strict-transport-security max-age=31536000 date Fri, 26 May 2023 08:47:57 GMT x-content-type-options nosniff access-control-max-age 3600 content-type application/json; charset=utf-8 access-control-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context content-length 98

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

s7.addthis.com

URL

https://s7.addthis.com/js/300/addthis_widget.js