www.getinfosec.news Open in urlscan Pro
172.67.138.119 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Submission: On October 04 via api (October 4th 2021, 5:18:08 am UTC) from GB — Scanned from DE

Summary HTTP 49 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 25 IPs in 4 countries across 22 domains to perform 49 HTTP transactions. The main IP is 172.67.138.119, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.getinfosec.news.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2021. Valid for: a year.

This is the only time www.getinfosec.news was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	172.67.138.119 172.67.138.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.74 142.250.185.74	15169 (GOOGLE) (GOOGLE)
1	104.16.19.94 104.16.19.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.87.20 104.16.87.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	216.58.212.168 216.58.212.168	15169 (GOOGLE) (GOOGLE)
3	13.225.87.15 13.225.87.15	16509 (AMAZON-02) (AMAZON-02)
1	104.16.124.175 104.16.124.175	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.186.46 142.250.186.46	15169 (GOOGLE) (GOOGLE)
1	74.125.206.155 74.125.206.155	15169 (GOOGLE) (GOOGLE)
3	142.250.185.195 142.250.185.195	15169 (GOOGLE) (GOOGLE)
1	52.95.135.22 52.95.135.22	16509 (AMAZON-02) (AMAZON-02)
4	172.66.43.18 172.66.43.18	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
3	195.181.175.54 195.181.175.54	60068 (CDN77 ^_^) (CDN77 ^_^)
2	13.224.193.105 13.224.193.105	16509 (AMAZON-02) (AMAZON-02)
1	54.187.119.242 54.187.119.242	16509 (AMAZON-02) (AMAZON-02)
1	44.229.66.179 44.229.66.179	16509 (AMAZON-02) (AMAZON-02)
1	87.248.118.22 87.248.118.22	34010 (YAHOO-IRD) (YAHOO-IRD)
1	13.225.87.60 13.225.87.60	16509 (AMAZON-02) (AMAZON-02)
2	151.101.114.208 151.101.114.208	54113 (FASTLY) (FASTLY)
1	151.101.114.109 151.101.114.109	54113 (FASTLY) (FASTLY)
1	23.185.0.3 23.185.0.3	54113 (FASTLY) (FASTLY)
1	199.60.103.226 199.60.103.226	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	172.67.217.166 172.67.217.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
49	25

10 172.67.138.119 (United States)

ASN13335 (CLOUDFLARENET, US)

www.getinfosec.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.19.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.87.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.168 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.87.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-15.fra2.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.124.175 (None, )

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.46 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.206.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wk-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.95.135.22 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ap-southeast-2.amazonaws.com

newsyapp.s3.ap-southeast-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.66.43.18 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.iconfinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.181.175.54 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: frankfurt-53.cdn77.com

img.icons8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.193.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-105.fra2.r.cloudfront.net

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.229.66.179 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-229-66-179.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.248.118.22 (Frankfurt am Main, Germany)

ASN34010 (YAHOO-IRD, GB)
PTR: e1.ycpi.vip.deb.yahoo.com

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-60.fra2.r.cloudfront.net

www.thesun.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.208 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

images.unsplash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.185.0.3 (United States)

ASN54113 (FASTLY, US)

www.clearswift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.60.103.226 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.secureworld.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.217.166 (United States)

ASN13335 (CLOUDFLARENET, US)

twt-thumbs.washtimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	getinfosec.news www.getinfosec.news	525 KB
5	stripe.com js.stripe.com q.stripe.com m.stripe.com	71 KB
4	iconfinder.com cdn2.iconfinder.com	20 KB
3	icons8.com img.icons8.com	7 KB
3	gstatic.com fonts.gstatic.com	68 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	unsplash.com images.unsplash.com	704 KB
2	stripe.network m.stripe.network	17 KB
2	wp.com i1.wp.com	68 KB
2	googletagmanager.com www.googletagmanager.com	77 KB
1	washtimes.com twt-thumbs.washtimes.com	109 KB
1	secureworld.io www.secureworld.io	21 KB
1	clearswift.com www.clearswift.com
1	vimeocdn.com i.vimeocdn.com	1 KB
1	thesun.co.uk www.thesun.co.uk	775 KB
1	yimg.com s.yimg.com	27 KB
1	amazonaws.com newsyapp.s3.ap-southeast-2.amazonaws.com	103 KB
1	doubleclick.net stats.g.doubleclick.net	413 B
1	unpkg.com unpkg.com	2 KB
1	jsdelivr.net cdn.jsdelivr.net	32 KB
1	cloudflare.com cdnjs.cloudflare.com	16 KB
1	googleapis.com fonts.googleapis.com	1 KB
49	22

	Domain	Requested by
10	www.getinfosec.news	www.getinfosec.news
4	cdn2.iconfinder.com	www.getinfosec.news
3	img.icons8.com	www.getinfosec.news
3	fonts.gstatic.com	fonts.googleapis.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	js.stripe.com	www.getinfosec.news js.stripe.com
2	images.unsplash.com	www.getinfosec.news
2	m.stripe.network	js.stripe.com m.stripe.network
2	i1.wp.com	www.getinfosec.news
2	www.googletagmanager.com	www.getinfosec.news www.googletagmanager.com
1	twt-thumbs.washtimes.com	www.getinfosec.news
1	www.secureworld.io	www.getinfosec.news
1	www.clearswift.com	www.getinfosec.news
1	i.vimeocdn.com	www.getinfosec.news
1	www.thesun.co.uk	www.getinfosec.news
1	s.yimg.com	www.getinfosec.news
1	m.stripe.com	m.stripe.network
1	q.stripe.com	www.getinfosec.news
1	newsyapp.s3.ap-southeast-2.amazonaws.com	www.getinfosec.news
1	stats.g.doubleclick.net	www.google-analytics.com
1	unpkg.com	www.getinfosec.news
1	cdn.jsdelivr.net	www.getinfosec.news
1	cdnjs.cloudflare.com	www.getinfosec.news
1	fonts.googleapis.com	www.getinfosec.news
49	24

This site contains links to these domains. Also see Links.

Domain
www.buymeacoffee.com
www.linkedin.com
www.facebook.com
twitter.com
securityaffairs.co
www.proofpoint.com
i1.wp.com
yoroi.company
www.washyourhands.xyz
locofootball.com
impactosocial.co
www.winks.app
getinfosecnews.blogspot.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-06` - `2022-07-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2021-07-09` - `2021-11-03`	4 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.s3-ap-southeast-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.icons8.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-13` - `2022-05-13`	2 years	crt.sh
*.stripe.com DigiCert SHA2 Secure Server CA	`2021-09-08` - `2022-09-07`	a year	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-13` - `2021-11-03`	4 months	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-09-06` - `2021-10-27`	2 months	crt.sh
*.nukcdn.com Amazon	`2021-05-17` - `2022-06-15`	a year	crt.sh
*.camp-fire.jp GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-20` - `2022-06-21`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-18` - `2022-06-19`	a year	crt.sh
clearswift.co.jp R3	`2021-09-15` - `2021-12-14`	3 months	crt.sh
www.secureworld.io Cloudflare Inc ECC CA-3	`2021-07-17` - `2022-07-16`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy
Frame ID: 55E921EC66AB10128D686BA178D5E5F7
Requests: 42 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html
Frame ID: F0E1E483F7E2E987F783E4940435AB59
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: FCCB0926A7815A544ADCB2202A922841
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TA544 group behind a spike in Ursnif malware campaigns targeting Italy ⋅ Cyber Security News

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

49
Requests

98 %
HTTPS

0 %
IPv6

22
Domains

24
Subdomains

25
IPs

4
Countries

2665 kB
Transfer

4671 kB
Size

13
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://www.buymeacoffee.com/getinfosec
Title: Buy me a coffee

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy&title=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy&summary=Proofpoint%20researchers%20reported%20that%20TA544%20threat%20actors%20are%20behind%20a%20new%20Ursnif%20campaign%20that%20is%20targeting%20Italian%20organizations.%20%20Proofpoint%20res&source=https://www.getinfosec.news

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/share?app_id=645057395962262&display=popup&href=https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy&url=https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/115245/cyber-crime/ursnif-targets-italian-banks.html
Title: Ursnif

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Title: TA544

Search URL Search Domain Scan URL

URL: https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png?ssl=1

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/blog/security-briefs/ta544-targets-italian-organizations-ursnif-malware
Title: analysis

Search URL Search Domain Scan URL

URL: https://twitter.com/luigi_martire94
Title: Luigi Martire

Search URL Search Domain Scan URL

URL: https://yoroi.company/research/ursnif-long-live-the-steganography/
Title: more complex attack chain

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs
Title: @securityaffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://securityaffairs.co/wordpress/
Title: SecurityAffairs

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html
Title: TA544 group behind a spike in Ursnif malware campaigns targeting Italy

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress
Title: Security Affairs

Search URL Search Domain Scan URL

URL: http://www.washyourhands.xyz/9781516/global-industry-analysts-predicts-the-world-hand-wash-market-to-reach-98-million-by-2026
Title: Global Industry Analysts Predicts the World Hand Wash Market to Reach $9.8 Million by 2026

Search URL Search Domain Scan URL

URL: https://locofootball.com/7591289/watch-emotional-moment-lionel-messi-is-reunited-with-wife-antonela-after-returning-from-copa-america-2021
Title: Watch emotional moment Lionel Messi is reunited with wife Antonela after returning from Copa America 2021

Search URL Search Domain Scan URL

URL: https://impactosocial.co/7197360/mercado-global-de-adhesivos-de-bajo-impacto-amigables-con-la-piel-un-vistazo-a-las-oportunidades-futuras-en-todo-el-mundo-3m-scapa-healthcare-le-mans-vinoturismoriojacom
Title: Mercado global de adhesivos de bajo impacto / amigables con la piel: un vistazo a las oportunidades futuras en todo el mundo | 3M, Scapa Healthcare, Le Mans - Vinoturismorioja.com

Search URL Search Domain Scan URL

URL: https://impactosocial.co/4905946/santander-argentina-destino-173-millones-para-inversion-social-ambitocom
Title: Santander Argentina destinó $173 millones para inversión social - ámbito.com

Search URL Search Domain Scan URL

URL: http://www.winks.app/7069210/taking-patient-advocacy-for-cancer-clinical-trials-to-a-new-level
Title: Taking Patient Advocacy for Cancer Clinical Trials to a New Level

Search URL Search Domain Scan URL

URL: https://twitter.com/GetinfosecN

Search URL Search Domain Scan URL

URL: https://getinfosecnews.blogspot.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy Show response
www.getinfosec.news/10079328/ 94 KB
25 KB 815ms
785ms Document
text/html 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769d19a8eff00012bedb55d08fec5ff74c858b7a07ce5d7cc81fb38fd0af446c

Request headers

:method: GET
:authority: www.getinfosec.news
:scheme: https
:path: /10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 04 Oct 2021 05:18:01 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; expires=Mon, 04-Oct-2021 07:18:01 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D; expires=Mon, 04-Oct-2021 07:18:01 GMT; Max-Age=7200; path=/; httponly
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rtj7ivWVcagwRhf2lasMo%2FQB%2Bf%2Bi3UI8%2BfSsiopkUKk6ERtBY3y0gH2wCHmka7yxrwr5j8uM%2FUO0mburcgNmu4Vsh5Wxq4dpFthqynAvkwyVT4yeyWwTF8h1geW7k5fKwVhhQETE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 698bf2772fc39760-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 61ms
22ms Stylesheet
text/css 142.250.185.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f10.1e100.net

Software

ESF /

Resource Hash

30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 03:41:28 GMT
server: ESF
date: Mon, 04 Oct 2021 05:18:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Mon, 04 Oct 2021 05:18:01 GMT

GET
H2 200 app.css
www.getinfosec.news/css/site/ 69 KB
11 KB 194ms
192ms Stylesheet
text/css 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/css/site/app.css
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80e4a6df511aabcfa44f256c549e278654914ed7ccec2dfda39c6f200ec2934c

Request headers

:path: /css/site/app.css
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:01 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 01 Oct 2021 12:29:11 GMT
server: cloudflare
etag: W/"112e3-5cd49b5e513fe-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z86uG%2FIrQYm82PS9dlafneec2ARiedXswUDLxfj318kbKC2ZzOPpUDk%2BFv39wQCRUkB%2BNmTRcDbx048dV2SKUF7BzOBs2HNs9PJJCYbEcf4wQ91YrfRilR8iuWd4KwauvrbZZoWX"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf27c38799760-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 arlo.css
www.getinfosec.news/css/site/ 11 KB
2 KB 190ms
189ms Stylesheet
text/css 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/css/site/arlo.css
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6fda8f8cdeeaa0e5f548b20df29aa7411032f0a9e438910f54d6bfbcaa4539d

Request headers

:path: /css/site/arlo.css
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:01 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 12 Sep 2021 18:58:07 GMT
server: cloudflare
etag: W/"2b72-5cbd0edd83cde-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmsHhaAXkng7i9CSD4ZtT5i%2FJSQYNt3504bGuQvcEuSxpZa0nV%2BNGN3ze1m9SGNnOsNXIxdNpqupXV%2FffFjkRW1ZRECpZ9TV2nv8g9ZQFLhdh4Jl2febu7G13N1dLcdPZksparys"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf27c387a9760-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 moment.min.js Show response
cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/ 52 KB
16 KB 34ms
13ms Script
application/javascript 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/moment.min.js

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1825037
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15508
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f26-d04c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yutgVs%2BhqZeYKx6CIh7lisdVO117Li7uBwLkB2ywNG2LJlq8qN2mT5hd9b0OhXZ1IAUhvdegMyakD1tVeaXfERmNXx3K2S8HGQgoVZmj8JMaE6ZXamK2nNK3QG7SLhdnTERHzBRc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 698bf27c5c8f324c-FRA
expires: Sat, 24 Sep 2022 05:18:01 GMT

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.6.0/dist/ 87 KB
32 KB 42ms
22ms Script
application/javascript 104.16.87.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2122391
x-jsd-version: 3.6.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19161-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"15d9d-uC0jjU4x/fYYuuisEabIEsA90NQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 698bf27c5d965c20-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 73ms
37ms Script
application/javascript 216.58.212.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-166935235-1

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.168 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

19a209eb740fbd46bef39309731207981d62020eb6d9f0c951a80c4b1fe1cb8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:02 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38904
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Oct 2021 05:18:02 GMT

GET
H2 200 / Show response
js.stripe.com/v3/ 258 KB
68 KB 794ms
743ms Script
application/javascript 13.225.87.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.15 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-15.fra2.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

37d6a9699305d6caf6db3c009200c10270e355aa6dba482f7f3197e22af3ff64

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
content-encoding: gzip
vary: Accept-Encoding
x-amz-request-id: V40F77B5KBW314NP
x-cache: Miss from cloudfront
x-edge-origin-shield-skipped: 0
x-amz-id-2: 6AHi6SCtrWQMyzJVLgwLlX4MLS+5cFRRpjusx7rL4fRE6xSmIrNEwTNhIS+4ZuqWjr9g4SIYQvs=
access-control-allow-origin: *
last-modified: Thu, 30 Sep 2021 23:06:04 GMT
server: AmazonS3
etag: W/"00424e331eee70d972b18ccf90b828f2"
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
cache-control: max-age=60
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: NmgzIV_CfpAb2MmYLNkwQfzOXWsEM_l30viex2FUi3R2Q8FvhBTnNQ==

GET
H2 200 vue-multiselect.min.css
unpkg.com/vue-multiselect@2.1.0/dist/ 7 KB
2 KB 32ms
15ms Stylesheet
text/css 104.16.124.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/vue-multiselect@2.1.0/dist/vue-multiselect.min.css

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.124.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddffc1fb5857d5643c0113e624d013e677a00538184616877dbce212abbbfc41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16853738
vary: Accept-Encoding
last-modified: Sun, 18 Mar 2018 17:24:25 GMT
server: cloudflare
etag: W/"1c46-REXhA/xTGnqKrQ6n7ISPoCcwNxc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 58d3b4c2bb751a5656a7cf69b7a7e1ca
cache-control: public, max-age=31536000
cf-ray: 698bf27cbdff4e26-FRA

GET
H3 200 app.js Show response
www.getinfosec.news/js/site/content/ 2 MB
454 KB 487ms
487ms Script
application/javascript 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/js/site/content/app.js
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 326f8198ae844997832b6357f9d20f822311b28679d25988925b686528c700a5

Request headers

:path: /js/site/content/app.js
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:02 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 01 Oct 2021 12:29:11 GMT
server: cloudflare
etag: W/"1b1b1e-5cd49b5e5815e-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zi6PWVQsVJzYXJSOcMXkZZHNlh2mZSPrWgFHSivJ15Z7ibH%2FFb4mZ4LaxxJpgmEQEhGrZFziWkk3T3jgBNYG%2BtUm2H4IG3DjnlxmcZRPUOPs9O4gDutXeCI8vh0pN79qaN1kpSIx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf27cab8c1782-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 60ms
38ms Script
application/javascript 216.58.212.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-153426991-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-166935235-1

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.168 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

2484073ea80f5f8d7d808b5a11a2f9b075dbeeee899148902d67ef1a1fa2f185

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:02 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38908
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Oct 2021 05:18:02 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 31ms
6ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153426991-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 4616
date: Mon, 04 Oct 2021 04:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Mon, 04 Oct 2021 06:01:06 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 30ms
14ms XHR
text/plain 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1200300125&t=pageview&_s=1&dl=https%3A%2F%2Fwww.getinfosec.news%2F10079328%2Fta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy&ul=en-us&de=UTF-8&dt=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy%20%E2%8B%85%20Cyber%20Security%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=425155360&gjid=2125114176&cid=743514236.1633324683&tid=UA-153426991-1&_gid=1155314188.1633324683&_r=1&gtm=2ou9r0&z=1726971918

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getinfosec.news/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.getinfosec.news
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 23ms
14ms XHR
text/plain 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1200300125&t=pageview&_s=1&dl=https%3A%2F%2Fwww.getinfosec.news%2F10079328%2Fta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy&ul=en-us&de=UTF-8&dt=TA544%20group%20behind%20a%20spike%20in%20Ursnif%20malware%20campaigns%20targeting%20Italy%20%E2%8B%85%20Cyber%20Security%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=684435061&gjid=2095483712&cid=743514236.1633324683&tid=UA-166935235-1&_gid=1155314188.1633324683&_r=1&gtm=2ou9r0&z=2083849889

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getinfosec.news/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 05:18:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.getinfosec.news
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
413 B 46ms
13ms XHR
text/plain 74.125.206.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-166935235-1&cid=743514236.1633324683&jid=684435061&gjid=2095483712&_gid=1155314188.1633324683&_u=YEDAAUABAAAAAC~&z=1746488184

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.206.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getinfosec.news/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 04 Oct 2021 05:18:02 GMT
content-type: text/plain
access-control-allow-origin: https://www.getinfosec.news
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 31ms
6ms Font
font/woff2 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.getinfosec.news
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 06:39:46 GMT
x-content-type-options: nosniff
age: 81497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 03 Oct 2022 06:39:46 GMT

GET
H3 200 feather-sprite.svg
www.getinfosec.news/img/ 58 KB
12 KB 188ms
188ms Other
image/svg+xml 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/img/feather-sprite.svg
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc2604e4b0c63665fe5c730c319b560b47ef23b9dad0e6a6b5a9192a428afe17

Request headers

:path: /img/feather-sprite.svg
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D; _ga=GA1.2.743514236.1633324683; _gid=GA1.2.1155314188.1633324683; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: same-origin
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Nov 2019 23:16:55 GMT
server: cloudflare
etag: W/"e76b-597e37e41ab90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lMV8xQlMwjZiAwS7V7hKfkrddswghCRuJeMf9ugt0gQRtMD2Zlc3VjyS%2FRIq8ZrCmJhiuOlk7%2BOzHFnFpt0c5WC0pdOiKkOI1CP1htaX7bjBkIv6HSbMOS7wj2yRAJDFT3cUUseX"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf2860c021782-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
22 KB 45ms
21ms Font
font/woff2 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.getinfosec.news
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 16:36:33 GMT
x-content-type-options: nosniff
age: 132090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:56 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 02 Oct 2022 16:36:33 GMT

GET
H3 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
22 KB 40ms
17ms Font
font/woff2 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.getinfosec.news
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 04:13:08 GMT
x-content-type-options: nosniff
age: 522295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Sep 2022 04:13:08 GMT

GET
H/1.1 200
OK 441-skull-4751587-640-1591904604.png
newsyapp.s3.ap-southeast-2.amazonaws.com/production/ 103 KB
103 KB 1192ms
334ms Image
image/png 52.95.135.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://newsyapp.s3.ap-southeast-2.amazonaws.com/production/441-skull-4751587-640-1591904604.png
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.135.22 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 92ea613270d1df64f254b35b96044cff459dcd34a5b8767743626866479ce38a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 05:18:05 GMT
Last-Modified: Thu, 11 Jun 2020 19:43:26 GMT
Server: AmazonS3
x-amz-request-id: XGC71E0GKSXGX7D1
ETag: "ea218222cfcc904c8979f90acd80fdee"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 105541
x-amz-id-2: aM7LlGkw7BExyja2taeBMBQHG48nh8DNqPMmKrVjdxeCFdqkwla8LHkEKYBrw4ggZV/VGgucuow=

GET
H2 200 Jee-61-512.png
cdn2.iconfinder.com/data/icons/pinterest-ui/48/ 7 KB
7 KB 56ms
28ms Image
image/webp 172.66.43.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn2.iconfinder.com/data/icons/pinterest-ui/48/Jee-61-512.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.43.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a2969a29378d4ee5f0771e46e3d9e663a06ccc2101d97033442184fd7327355

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242010
cf-polished: origFmt=png, origSize=16248
content-disposition: inline; filename="Jee-61-512.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 7486
x-request-id: ba6f1f62-a6ee-428c-ac36-670bf0412eca
expires: Tue, 04 Oct 2022 05:18:03 GMT
last-modified: Fri, 01 Oct 2021 09:38:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 698bf286cdafc2fe-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 social_style_3_in-512.png
cdn2.iconfinder.com/data/icons/social-icon-3/512/ 4 KB
4 KB 53ms
26ms Image
image/webp 172.66.43.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn2.iconfinder.com/data/icons/social-icon-3/512/social_style_3_in-512.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.43.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f76c3cf15fc3f9f7e8d4faa34bdc1df43d03c2009090db4e78542137768bb550

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242010
cf-polished: origFmt=png, origSize=11037
content-disposition: inline; filename="social_style_3_in-512.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3598
x-request-id: bcccb9d4-da52-4765-a419-6916f3e9df08
expires: Tue, 04 Oct 2022 05:18:03 GMT
last-modified: Fri, 01 Oct 2021 09:38:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 698bf286cdaac2fe-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 social_style_3_facebook-512.png
cdn2.iconfinder.com/data/icons/social-icon-3/512/ 2 KB
3 KB 51ms
24ms Image
image/webp 172.66.43.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn2.iconfinder.com/data/icons/social-icon-3/512/social_style_3_facebook-512.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.43.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ca19963383a46a2cc4c97af98af5d81bd6935eb816a6be6bb8a6c1c7dab8591

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243572
cf-polished: origFmt=png, origSize=8003
content-disposition: inline; filename="social_style_3_facebook-512.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2418
x-request-id: b2d5fb5d-4d39-40d2-8377-0b2166fd905e
expires: Tue, 04 Oct 2022 05:18:03 GMT
last-modified: Tue, 28 Sep 2021 09:41:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 698bf286cdadc2fe-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 social_style_3_twiter-512.png
cdn2.iconfinder.com/data/icons/social-icon-3/512/ 6 KB
6 KB 58ms
31ms Image
image/webp 172.66.43.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn2.iconfinder.com/data/icons/social-icon-3/512/social_style_3_twiter-512.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.43.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dadb3cc5d2f39d2ce8d7086f952917fa40f2577c89a54977f4223618fc7d0541

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
age: 206887
cf-polished: origFmt=png, origSize=12958
content-disposition: inline; filename="social_style_3_twiter-512.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5712
x-request-id: f1f51903-3cbf-41c9-9972-b26d789524f2
expires: Tue, 04 Oct 2022 05:18:03 GMT
last-modified: Fri, 01 Oct 2021 09:38:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 698bf286cdaec2fe-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 Ursnif-TA544.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 29 KB
30 KB 21ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png?resize=547%2C458&ssl=1

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

6b86c6ae7b5af2b9cbaed71f58731bb6446fbebadb68e1ef38f7af406423f044

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 04 Oct 2021 05:18:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 03 Oct 2021 19:53:00 GMT
server: nginx
etag: "7aff7301493370b3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png>; rel="canonical"
content-length: 30152
expires: Wed, 04 Oct 2023 07:53:00 GMT

GET
H3 200 data Show response
www.getinfosec.news/comment/ 2 B
1 KB 283ms
282ms XHR
application/json 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/comment/data?contentId=10079328&siteId=441&orderBy=updated_at&orderType=desc
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0=
accept-language: de-DE,de;q=0.9
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D; _ga=GA1.2.743514236.1633324683; _gid=GA1.2.1155314188.1633324683; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
:path: /comment/data?contentId=10079328&siteId=441&orderBy=updated_at&orderType=desc
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
X-XSRF-TOKEN: eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B3cgrKSSDZm3r3Pia%2Ft%2FiCMY1t0%2BZ%2B6yfBBn7ss7XVIpfdHxP9jZZYvb2NbcsdaSxI1pcS%2B8Z7eWkGe648G%2FXiEwqvqJ3gAPMJ%2BAtjSCsp7MnefasWVDmwnPKthI43tEF6zZdFSU"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InM2RzJhQnM1QUNMVzBzMDBSN1c5M1E9PSIsInZhbHVlIjoiYUNWOWR1aUtRYXMwNkxGTTlmb1ZSYnhLdU5jMEVFbnltakhBSW53Zndla2dVcVlHcHV3bGhyZE9OSXFySVJoWm5EbnBRRWZ0aWxMSkxONmgzREhUR0ZmUGlzekVwS2N6Q3YvN28zdFk5bW9ucTd4VnRLbU14ak8yNEExaEVzbUsiLCJtYWMiOiI2NzIyMWVhNTY3YTViNTg2ZDVkNjI2MWFkMDM3YmY3Njg4OTA3YTNkNzBiNjUzNzVmOTU3NzQ1MTAxMTk3YjBlIn0%3D; expires=Mon, 04-Oct-2021 07:18:03 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6IjJEMjFCMWMrUXNCZjMzWCtBeXBOMnc9PSIsInZhbHVlIjoiektaK3k4a1BHd2hUUnRZYXRTS1dWQVF5SzhmRFNvRDE0TmVPT3JpdmRxV2I2R0ljb09wTEVWVFNKdGlQNmhuL1J3dTdMS0RyY0ZXNFBFeVB3TUZDYzdDWEh4eTI5dXg5WEFkSHplc2pmbEVtSmd2N0d1N1N2eUpKRloxRWNLQngiLCJtYWMiOiJjMzI3ZDI2Zjc3YjkyZTc2MzRmOWU2MmVhYWZjNzI3MjYzYTY3ODU4NTVhMGZhYmRmZTdlMTEzYzkxNDM3ZjhhIn0%3D; expires=Mon, 04-Oct-2021 07:18:03 GMT; Max-Age=7200; path=/; httponly
cf-ray: 698bf286ac791782-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2

GET
H3 200 related-contents Show response
www.getinfosec.news/content/ 13 KB
4 KB 314ms
314ms XHR
application/json 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/content/related-contents?siteId=441&contentId=10079328&limit=5
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0521c1db32bd8ef76c1b0d6d764feefa167409ef81b4fd4cd08142ec5814592

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0=
accept-language: de-DE,de;q=0.9
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D; _ga=GA1.2.743514236.1633324683; _gid=GA1.2.1155314188.1633324683; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
:path: /content/related-contents?siteId=441&contentId=10079328&limit=5
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
X-XSRF-TOKEN: eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PedS%2BMa2oHcmzt2Sna%2Fnpxm%2FL0mVa7QIYVvX2Q1Z7OjwbIawU3DJ8uvKa8WwMf7gV1d%2BOrYqid3LXtvstqvnT56ekpI7wlW1VKhFAe1pI0gh%2BvybNVrz1SH7%2BSopjiKhtUsLpNyL"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ii83dEc5dkE5cGhYVTh1K0QzNkE2K3c9PSIsInZhbHVlIjoiMTN3d3FpS0c4NlpJa2pTWjV2TmRpUTArdm9rcWdzTnJibnNFRThtVGJ6Tk1rcU90NW9NdzR1L2ZObFJadytYc0c5bmVjTDVXdWNyM2NFK2RIOEVZUVpLTXgzRXdGREVHbUdxejFZWW10ZmNpOXZxVkh6Z3RnRFUrVnZ0eVdxQ0siLCJtYWMiOiJiOTZjMTRjNzk5ZWM0NjdlYTU1MTI1NTk1MzIzN2EzOGExY2YyMzJkZjNiZjdiYjk0ZTlkZDk2MThjODlmYjVlIn0%3D; expires=Mon, 04-Oct-2021 07:18:03 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6IldIVWpHTWIxWktuZ3BRNHhSSm05OHc9PSIsInZhbHVlIjoiemdFUkpvRFVYY2ZQTk5VY2w5eElVUkhaTFQ0dm9VRXpDZGRXZ2dSUTVyMVRVbGwweGF0dTh5NlUzcXhlMitqOUR5dS85TENXT3NQRGpqWmxiOFBsY0w5ZFhEOFlLU1d2U21tcEthOVZOS3p1bktzbGhaR3oxVTJrV2JsSkxnT2UiLCJtYWMiOiIyYjFjMjEzOTAxOWZkYzA3MDU3YjVkNzk0ODY0MGVjNzA3NTc5ZDQyODljNzUwMDU2ZTYyZWUzMDA4MGNhNThlIn0%3D; expires=Mon, 04-Oct-2021 07:18:03 GMT; Max-Age=7200; path=/; httponly
cf-ray: 698bf286ac7a1782-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 most-discussed Show response
www.getinfosec.news/content/ 4 KB
3 KB 1373ms
1373ms XHR
application/json 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/content/most-discussed?siteId=441&limit=3&period=7
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5c154fa037f2d7f3fb6732ac0a4146a82b22e146e11f1f37f5ec92f54fcd475

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0=
accept-language: de-DE,de;q=0.9
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D; _ga=GA1.2.743514236.1633324683; _gid=GA1.2.1155314188.1633324683; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
:path: /content/most-discussed?siteId=441&limit=3&period=7
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
X-XSRF-TOKEN: eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:04 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LapBldSJbc4bkkyhAByU1CaAtBw2Tt9A9c4HL8MA0jhCWd1OGVlsdhsqR3fnF7fQZ%2BpWWkHb8DL3dGkd9VFHvxdRJS8SIB1MZROFqSSOqCKdUzY6ZJRMrnUiMcD0MSsuWKqv%2Bhk"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IllrRTJaWnkvRHRUWVptVm1PTXlISGc9PSIsInZhbHVlIjoiQ2JndjRsdFR1SjMzOGxFS3gxOTVLRWs3cnhBYTVqWjNZaUhGVWtwak15MldEa1k4VmNzdm5QcnZOYXg4WHhiSFduMCtUZmNzYkRNTSs4L2hHaXF5eXRBay85dC9MODI0RGpXUkhxWEJFazRmbTNxZzViQTRiazVVMmZoaUtsK0EiLCJtYWMiOiIyNDIyNDViNGQzNDdjODIyZTVmMTUyOTZmMjk2NzA0OTEyNjJiNjg5NDRlYjgyOGY4NGUwZDJjMmMxMTU1ZDVjIn0%3D; expires=Mon, 04-Oct-2021 07:18:04 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6InZHVTc2N0dKMzlhdEkxZ3FFV2ZTQVE9PSIsInZhbHVlIjoieGZ5V0h1eEo4V2p4M2lZR2lNZWNwUmF1ekNWeUZrT2U4TE5zNkFYbmwyTDdCdzZnY25RcW5sVjlvQU5HMFNMcm43aU5kWEt2a3FPVDhGek5IR0RVZUZkVHVCbDQ5NzZTTG9uRnhnUVhaVWtIbEhoN1pZbXJYdFpLWWdlQklPOWwiLCJtYWMiOiJjYzM4YmVjNzU0ODI5MWE0NmRjYmNmZTcxMzU3NzJjNDAwMmIzMGEwMzAxMDY2MDUyODc0YWE3Yjg2Y2JhNGNlIn0%3D; expires=Mon, 04-Oct-2021 07:18:04 GMT; Max-Age=7200; path=/; httponly
cf-ray: 698bf286ac7c1782-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 twitter.png
img.icons8.com/fluent/96/000000/ 3 KB
3 KB 39ms
7ms Image
image/png 195.181.175.54
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/fluent/96/000000/twitter.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.175.54 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

frankfurt-53.cdn77.com

Software

CDN77-Turbo /

Resource Hash

ebe7f14bba97f98b8bfc5d1e959dbbfe26509adc4bfb32b27f55b52d204776d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 04 Oct 2021 05:18:03 GMT
icon-size: 96
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 254565
x-dns-prefetch-control: off
content-length: 2736
x-xss-protection: 1; mode=block
x-77-nzt: AcO1rzVvEM7vZeIDAA==
x-accel-expires: @1633372518
not-found-platform: false
last-modified: Thu, 30 Sep 2021 15:00:43 GMT
server: CDN77-Turbo
x-77-nzt-ray: 6ARC9lSHLhM=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: true
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: 5MQ0gPAYYx7a
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210930223957658

GET
H2 200 tumblr.png
img.icons8.com/color/96/000000/ 1 KB
2 KB 39ms
7ms Image
image/png 195.181.175.54
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/color/96/000000/tumblr.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.175.54 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

frankfurt-53.cdn77.com

Software

CDN77-Turbo /

Resource Hash

e9db9f4845d50ce4cfb88a6d0f81f3ce432e2d0893684b5c4819c87732b6b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 04 Oct 2021 05:18:03 GMT
icon-size: 96
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 138001
x-dns-prefetch-control: off
content-length: 1381
x-xss-protection: 1; mode=block
x-77-nzt: AcO1rzXVfAvvERsCAA==
x-accel-expires: @1633489082
not-found-platform: false
last-modified: Fri, 01 Oct 2021 22:21:15 GMT
server: CDN77-Turbo
x-77-nzt-ray: v5t4Y/o+Qks=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: 13976
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210930223958474

GET
H2 200 blogger.png
img.icons8.com/color/96/000000/ 1 KB
2 KB 39ms
8ms Image
image/png 195.181.175.54
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/color/96/000000/blogger.png

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.175.54 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

frankfurt-53.cdn77.com

Software

CDN77-Turbo /

Resource Hash

a1a8769db6fd1e983f9dba8483855c7d9486e4ba9ca39c85bd352ad80ab74094

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 04 Oct 2021 05:18:03 GMT
icon-size: 96
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 35691
x-dns-prefetch-control: off
content-length: 1368
x-xss-protection: 1; mode=block
x-77-nzt: AcO1rzVdQBvva4sAAA==
x-accel-expires: @1633591392
not-found-platform: false
last-modified: Sun, 03 Oct 2021 05:57:16 GMT
server: CDN77-Turbo
x-77-nzt-ray: iwt5bkxJY9c=
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15552000; includeSubDomains
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: 65072
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20210930223957658

POST
H3 200 activity Show response
www.getinfosec.news/auth/ 0
1 KB 307ms
307ms XHR
text/html 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/auth/activity
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode: cors
origin: https://www.getinfosec.news
x-xsrf-token: eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0=
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: XSRF-TOKEN=eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0%3D; newsy_session=eyJpdiI6IkxRbU4zaXpLVUxyYkZQNStvS1ZlakE9PSIsInZhbHVlIjoiQUVpKzZiRlRLSEpmOGEvOFNleGtud3lEd01ETUNkUStPdm9IcER1RG5RRWVjaEFtYU0vd25TRmZldmRobGY0THR3Ui9xM0tUTDNReEgwVDJMMWdvTXFOOUVld2VOMjNxdjhFWEI3ZXRNdjdnYXBJUDlkeEhLQmE2clAzbTA5N1oiLCJtYWMiOiI5Yzg4MDhkMTc5OTA1YTI2ZmQwNjRhN2Y3YzYyODg3MTlhNDk0YWRkOTY2MWZjMzYxZDEwMTQwY2IxOWExOGNmIn0%3D; _ga=GA1.2.743514236.1633324683; _gid=GA1.2.1155314188.1633324683; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1
content-length: 319
:path: /auth/activity
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
X-XSRF-TOKEN: eyJpdiI6Im10YUxTcXNyNSt6WTE2MWswRjloNUE9PSIsInZhbHVlIjoiczE4WkhoUkR5OGc3anVBMTVqaG1yeDBwSndLbXNoUzR5R1VCblAyeG5oZWNUN2o3YXNjcU5mK1FQRnpURXFPdm4zS1htV05tU1EvSUwzQU5jYUZNdkR3cG8zWmVZRFFDTFFXaFZ5TDA4SnNDNUhzMDRuNGJTeU8ycmZDS3F5S1EiLCJtYWMiOiIzMWFkYjA5YmUxZWZlYzViMTEzZGQ4ZTVlMjZkMWE5Y2I4MDIzODQ1ZmQzMmY3ZTIwMDkxNjFlNjMwMjNjODY1In0=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4sr6zTdALZXNO4EmKBEUa%2BGRN1pTBfcoTf1OVBRFwOXShuP0hxIXovQla1vk5VGyKLh6Q2YeykojT00DXB3SLg5i%2FB6q%2B3aj1Q4hs2U9VDOtfbka5HfQP%2BC9cG577codxe%2FZtE5"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkpMSDZERW0yU281UUFjWEROZHN2emc9PSIsInZhbHVlIjoicEEzRklXbGh3ZHlLYzlaOVk3TmpKNis0Z2dqSGIwOEE1Q3lCUWV2MGM0Y2JtSlc4YjA5MzJFemFvcjhCMkVNdXFTYnkwQ3c4OUg0Yldjb0lRZDhMTWZXbkJhdjg2Vk1RcXNaRTJlZk1PM0pVaFpySnFMVXlGQ3NBd2RmT21oNzIiLCJtYWMiOiJkNWM0Njk0ZTJhNTJlYTE3ZTBmZGRkNzYxYjIzYzRiMjAwYjBkOTQ1ODcyNDBiZDBlZjE2YmY5Y2MzZGQwN2RkIn0%3D; expires=Mon, 04-Oct-2021 07:18:03 GMT; Max-Age=7200; path=/ newsy_session=eyJpdiI6InNlWFNycldacWgyTVNCTVpDd1N3cmc9PSIsInZhbHVlIjoiZGl0aGJUUTFkckw0UjNidGZaQ09HM3ZPdnp3YWQyQXp4anNOVGZxeXhocEtHb1dCSDZIOE1sSVVRaG1rMU16NjVXanRlRDY1cEF3UEFxUmc2LzIzay9DZk14OG9jYVNtaXhQbTRwNUdYM25mZXdlSEhHeWlseE9xRjgyUWhkWVgiLCJtYWMiOiIzM2QzYjc4M2I0NzdjY2RmZTc2MGI3Y2U3ZDEyYjkwM2ViYjU2M2Q2ZWYyMDRiMmU4MjhkOTI5YTM5MDg3NTVjIn0%3D; expires=Mon, 04-Oct-2021 07:18:03 GMT; Max-Age=7200; path=/; httponly
cf-ray: 698bf286ac801782-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html Show response
js.stripe.com/v3/ Frame F0E1 215 B
968 B 21ms
21ms Document
text/html 13.225.87.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.15 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-15.fra2.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1942d92c0cf67997cea0dc7c6058f7d4231a56aadafacacc15ed65c1e8a49925

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.getinfosec.news/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/

Response headers

content-type: text/html; charset=utf-8
content-length: 215
x-amz-id-2: wP4JbVEuta1tprozsohHUcJjp7NdrNuB/nkb+R53vE4UCGR6mY7Plo3YVGB4td0z+e4uvOwQwOg=
x-amz-request-id: P74P13P9KCN95434
last-modified: Thu, 30 Sep 2021 22:19:33 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
x-edge-origin-shield-skipped: 0
date: Mon, 04 Oct 2021 05:17:22 GMT
cache-control: max-age=60
etag: "79f4c4ec97e4a9c650a8aa5dc0a621df"
x-cache: Hit from cloudfront
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: eZ8Dh3mtAMMVDhym2GJBFPq6PIn2wgaQKTQP9LbWZeDEmF19myVsFQ==
age: 42

GET
H2 200 Ursnif-TA544.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 38 KB
39 KB 20ms
13ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png?w=646&ssl=1

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

80b47c89ad12957e2f936f5b0dcbb4590c359cbc89e5050da3493f24604f7632

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 04 Oct 2021 05:18:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 03 Oct 2021 19:46:32 GMT
server: nginx
etag: "790df15d0f8d8244"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Ursnif-TA544.png>; rel="canonical"
content-length: 39410
expires: Wed, 04 Oct 2023 07:46:32 GMT

GET
H2 200 m-outer-a630934868d6eead16233600eabc02b0.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame F0E1 1 KB
2 KB 22ms
21ms Script
application/javascript 13.225.87.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-a630934868d6eead16233600eabc02b0.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.15 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-15.fra2.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7aa8a31521fca34e454549169275a559b334ff604261a4a2ef89319d3bf5cf6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-79f4c4ec97e4a9c650a8aa5dc0a621df.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"8240ee835643f4c573d637d6184b80e7"
age: 39
x-cache: Hit from cloudfront
x-edge-origin-shield-skipped: 0
x-amz-request-id: AZVTNBWMXMF06GXG
x-amz-id-2: 7EhITAvsfX0VFQX6WCfvVvC3LxYrQrfD3LsxaETFqnnkaKnq9LCSGioK4AfCoDYtzAMfiY6Jn9U=
access-control-allow-origin: *
last-modified: Thu, 30 Sep 2021 22:19:33 GMT
server: AmazonS3
date: Mon, 04 Oct 2021 05:17:25 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
cache-control: max-age=60
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: Gyd2d87Hh5c4uXE-iMlAcNIhxVNOW0Zu_AJQFlLnJ00swFajUqXL9Q==

GET
H2 200 inner.html Show response
m.stripe.network/ Frame FCCB 932 B
2 KB 44ms
7ms Document
text/html 13.224.193.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-a630934868d6eead16233600eabc02b0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.193.105 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-193-105.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c4a8402fde1e397bcabe7467c0de035e7851eeb1bad9af5d1b67487e7d7f2a4a

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: m.stripe.network
:scheme: https
:path: /inner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.stripe.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/

Response headers

content-type: text/html; charset=utf-8
content-length: 932
date: Mon, 04 Oct 2021 05:16:43 GMT
accept-ranges: bytes
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
x-content-type-options: nosniff
cache-control: max-age=300, public
content-security-policy: connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
x-edge-origin-shield-skipped: 0
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: IbJBDnfrNIuOn1pk6-oAIN6QExSRZPI3xXQ8G4wAyhwMsFxpvIbrsw==
age: 81

POST
H2 200 csp-report
q.stripe.com/ Frame FCCB 0
121 B 503ms
163ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
x-envoy-upstream-service-time: 0
server: nginx
content-length: 0
strict-transport-security: max-age=31556926; includeSubDomains; preload

GET
H2 200 out-4.5.40.js Show response
m.stripe.network/ Frame FCCB 85 KB
16 KB 8ms
8ms Script
application/javascript 13.224.193.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.40.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.193.105 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-193-105.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

6a6915872afa798395a56c7aa50d086cb325ff7214ad78ada3c7a96350bbad39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:17:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Cloudfront
age: 6
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-edge-origin-shield-skipped: 0
content-type: application/javascript
via: 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
cache-control: max-age=300, public
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA2-C1
timing-allow-origin: *
vary: Accept-Encoding,Accept-Encoding
x-amz-cf-id: _b35wiSnV2jDNjzQnmCPYkLHL2sf2sDhwKzYihcbATViQWGKJQjI4A==

POST
H2 200 6 Show response
m.stripe.com/ Frame FCCB 156 B
518 B 501ms
168ms XHR
text/plain 44.229.66.179
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.40.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.229.66.179 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-229-66-179.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

1ad609e63b3fe9dcc7cbb330fc67e262b50075d496d45aad1e82445ed0461ffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

GET
H2 200 fc0a46f3afadff082713c647af5d7160
s.yimg.com/uu/api/res/1.2/vi7du2NNd0s_pQmdhcZ7Jw--~B/aD0zNTA7dz00MDA7YXBwaWQ9eXRhY2h5b24-/https://media.zenfs.com/en/prnewswire.com/ 26 KB
27 KB 32ms
7ms Image
image/jpeg 87.248.118.22
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/uu/api/res/1.2/vi7du2NNd0s_pQmdhcZ7Jw--~B/aD0zNTA7dz00MDA7YXBwaWQ9eXRhY2h5b24-/https://media.zenfs.com/en/prnewswire.com/fc0a46f3afadff082713c647af5d7160

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.118.22 Frankfurt am Main, Germany, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

e1.ycpi.vip.deb.yahoo.com

Software

ATS /

Resource Hash

9c6364f36b51319619fa0927fb7d9464190560679aeeb0c3bc5ddf258b57f4a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:15:09 GMT
x-content-type-options: nosniff
age: 174
cld_latency: 1
edge-cache-tag: 289811272935654050523388859859489405728,249131114936749253239845780442754598620,ae7a14591aaf8d474cdb3f92111c923e
cld_cache: HIT
cld_hits: 1
x-cache: HIT
strict-transport-security: max-age=15552000
content-length: 26610
x-xss-protection: 1; mode=block
cld_by: cache-wdc5531-WDC
x-served-by: cache-wdc5531-WDC
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Sep 2021 14:35:51 GMT
server: ATS
x-timer: S1633324510.754360,VS0,VE1
etag: "67e36b6677288b8eb88b7ce0e3f18c3d"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1

GET
H2 200 SPORT-PREVIEW-Messi-5.jpg
www.thesun.co.uk/wp-content/uploads/2021/07/ 773 KB
775 KB 109ms
83ms Image
image/webp 13.225.87.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thesun.co.uk/wp-content/uploads/2021/07/SPORT-PREVIEW-Messi-5.jpg?strip=all&quality=100&w=1200&h=800&crop=1

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-60.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

28d9b78d460e1eb7cb2718dd999ff6882a9241bc13ffb921d4dc020da267cb8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
via: 1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
x-edge-origin-shield-skipped: 0, 0
x-cache: Miss from cloudfront
content-length: 791818
x-rq: lhr3 109 195 443
last-modified: Sun, 19 Sep 2021 09:10:09 GMT
server: nginx
etag: "793fed882117ef86"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: iChzOam9wzQy0WkggidSwqE61BFluXQx8-X30zMn3jc3tlmzytDTFw==
expires: Mon, 19 Sep 2022 09:10:09 GMT

GET
H2 200 photo-1610654398165-2a9cf95137fd
images.unsplash.com/ 465 KB
465 KB 29ms
7ms Image
image/jpeg 151.101.114.208
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.unsplash.com/photo-1610654398165-2a9cf95137fd?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=MXwyMzg1fDB8MXxzZWFyY2h8MTR8fEludmVyc2klQzMlQjNuJTIwZGUlMjBJbXBhY3RvfGVufDB8fDJ8&ixlib=rb-1.2.1&q=80&w=1080

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.208 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

85881872103df3e6b5645e0011fd2bbfcfca491b0996b2a92ff11a91f22108c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
x-content-type-options: nosniff
last-modified: Fri, 01 Oct 2021 15:06:01 GMT
server: imgix
age: 223922
x-cache: HIT, HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=315360000
x-imgix-id: 5d4d00bdd10dcc5d52637a46a37355a3bd53e886
accept-ranges: bytes
content-length: 475904
cross-origin-resource-policy: cross-origin
x-served-by: cache-sjc10030-SJC, cache-hhn4055-HHN

GET
H2 200 photo-1610662037089-70d7e77c1534
images.unsplash.com/ 238 KB
238 KB 40ms
17ms Image
image/jpeg 151.101.114.208
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.unsplash.com/photo-1610662037089-70d7e77c1534?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=MXwyMzg1fDB8MXxzZWFyY2h8MTJ8fEludmVyc2klQzMlQjNuJTIwZGUlMjBJbXBhY3RvfGVufDB8fDJ8&ixlib=rb-1.2.1&q=80&w=1080

Requested by

Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.208 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

ddd82454b3228d2a49d9b133e912a6011d23edcaf3cf9290c040a90b995b65a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Sep 2021 09:55:04 GMT
server: imgix
age: 2316179
x-cache: HIT, HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=315360000
x-imgix-id: 609476c3ca861e2ac4048ce07c48f0db11e88521
accept-ranges: bytes
content-length: 243886
cross-origin-resource-policy: cross-origin
x-served-by: cache-sjc10070-SJC, cache-hhn4055-HHN

GET
H2 200 1170653964_1280
i.vimeocdn.com/video/ 958 B
1 KB 35ms
8ms Image
image/avif 151.101.114.109
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vimeocdn.com/video/1170653964_1280
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d58b45299511217e52f494af4b0bdc4471ef55db555429263a866f46d5dafa3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:03 GMT
via: vvarnish, 1.1 varnish, 1.1 varnish
age: 2144066
x-viewmaster-lossless-format: false
x-cache: miss, HIT, HIT
x-backend-server: varnish
content-length: 958
viewmaster-server: viewmaster-us-central1-0x7d
x-served-by: cache-dfw18657-DFW, cache-hhn4046-HHN
x-timer: S1633324684.730438,VS0,VE0
etag: 8b59593be94ef6cebd376ebbe25a25aa
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 404 file-transfer-collaboration.png
www.clearswift.com/sites/default/files/styles/blog-main-image/public/images/blog/ 0
0 302ms
279ms Image
text/html 23.185.0.3
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.clearswift.com/sites/default/files/styles/blog-main-image/public/images/blog/file-transfer-collaboration.png?itok=IaffPL0d
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.185.0.3 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 Trojan%20App%20Stats.jpg
www.secureworld.io/hs-fs/hubfs/ 20 KB
21 KB 75ms
25ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.secureworld.io/hs-fs/hubfs/Trojan%20App%20Stats.jpg?width=600&name=Trojan%20App%20Stats.jpg
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68fd2db599418d133b6b3411e0cb342cb61ccea3b21cf7b204edf7e7ccb66c29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

age: 236704
x-amz-server-side-encryption: AES256
edge-cache-tag: F-56471435397,P-2221756,FLS-ALL
x-edge-origin-shield-skipped: 0
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Trojan%20App%20Stats.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
cf-bgj: imgq:85,h2pri
etag: "6dd7d3d19fd50567775c1ba9c5bfec5e"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1633026405655
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
date: Mon, 04 Oct 2021 05:18:04 GMT
via: 1.1 9b097dfab92228268a37145aac5629c1.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=73392
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 20118
last-modified: Thu, 30 Sep 2021 18:26:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aNwaGDdUzUoZ0FAMDg3KXJRREndyMElGYC2sVdFviurMiGCFy%2BRPPfoBII2m%2BEoT4fEcEe9G1K%2FWhuyT7Ew6gz4lekv3PG6T5%2BqwVomlDw%2BCe7QLv8zwdwfsRykxKY4jLQCABw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 698bf28f89f44e74-FRA
x-amz-cf-id: lfeJMn3elLp8zw6TTM0sRecGWXg_MIhb-6RkzA5-CFUUpFX5_2dnDA==

GET
H2 200 ccba50cfccdd1b18580f6a70670087f3_c0-155-2362-1532_s1200x700.jpg
twt-thumbs.washtimes.com/media/image/2014/06/26/ 108 KB
109 KB 611ms
568ms Image
image/jpeg 172.67.217.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twt-thumbs.washtimes.com/media/image/2014/06/26/ccba50cfccdd1b18580f6a70670087f3_c0-155-2362-1532_s1200x700.jpg?8b0ecdf04148a292d977849569ac05e79bc8322e
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: becfedee633c9b73e5df5873896ddff0cb8c45a310f2b2a5722df31a6837b2a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:05 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "77e7b6aef722564c503726122aee136f5ad52df6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LV6eYujsZLzei42yByNlqFraRl4OU0C0G5NYfqVJd5pxaFxP0Nrv46EpLA9IR5DKNKpQVN%2BeFLrobGjrnUVhZoJHuYWzbyOVbIhscPPqnXSiLhtxRY7hlMP9KOAuLu6ZtOlW8D4yGcc3GAM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 698bf28f9f70410e-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 111062
expires: Tue, 05 Oct 2021 05:18:05 GMT

GET
H3 200 feather-sprite.svg
www.getinfosec.news/img/ 58 KB
12 KB 15ms
15ms Other
image/svg+xml 172.67.138.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getinfosec.news/img/feather-sprite.svg
Requested by: Host: www.getinfosec.news
URL: https://www.getinfosec.news/js/site/content/app.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc2604e4b0c63665fe5c730c319b560b47ef23b9dad0e6a6b5a9192a428afe17

Request headers

:path: /img/feather-sprite.svg
pragma: no-cache
cookie: _ga=GA1.2.743514236.1633324683; _gid=GA1.2.1155314188.1633324683; _gat_gtag_UA_153426991_1=1; _gat_gtag_UA_166935235_1=1; __stripe_mid=505ba1db-6e3d-4542-a2c2-9095eb29bd14ee7bec; __stripe_sid=13dcf2e3-efd8-4004-a7fa-a0c4a3fd9a8314967c; XSRF-TOKEN=eyJpdiI6IllrRTJaWnkvRHRUWVptVm1PTXlISGc9PSIsInZhbHVlIjoiQ2JndjRsdFR1SjMzOGxFS3gxOTVLRWs3cnhBYTVqWjNZaUhGVWtwak15MldEa1k4VmNzdm5QcnZOYXg4WHhiSFduMCtUZmNzYkRNTSs4L2hHaXF5eXRBay85dC9MODI0RGpXUkhxWEJFazRmbTNxZzViQTRiazVVMmZoaUtsK0EiLCJtYWMiOiIyNDIyNDViNGQzNDdjODIyZTVmMTUyOTZmMjk2NzA0OTEyNjJiNjg5NDRlYjgyOGY4NGUwZDJjMmMxMTU1ZDVjIn0%3D; newsy_session=eyJpdiI6InZHVTc2N0dKMzlhdEkxZ3FFV2ZTQVE9PSIsInZhbHVlIjoieGZ5V0h1eEo4V2p4M2lZR2lNZWNwUmF1ekNWeUZrT2U4TE5zNkFYbmwyTDdCdzZnY25RcW5sVjlvQU5HMFNMcm43aU5kWEt2a3FPVDhGek5IR0RVZUZkVHVCbDQ5NzZTTG9uRnhnUVhaVWtIbEhoN1pZbXJYdFpLWWdlQklPOWwiLCJtYWMiOiJjYzM4YmVjNzU0ODI5MWE0NmRjYmNmZTcxMzU3NzJjNDAwMmIzMGEwMzAxMDY2MDUyODc0YWE3Yjg2Y2JhNGNlIn0%3D
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: same-origin
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getinfosec.news
referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getinfosec.news/10079328/ta544-group-behind-a-spike-in-ursnif-malware-campaigns-targeting-italy?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 05:18:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 21 Nov 2019 23:16:55 GMT
server: cloudflare
age: 3
etag: W/"e76b-597e37e41ab90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qyx1gLdsEuANVmftCsxXQHuUXOhcwHFvDAhW%2FygdYNQIU0WzfUa0CaDHNVWlFv9X4HPxjAnJDdZpRR%2BtYpsvtcqEzCMl4sWA8yS60XHcujMcEIrXCYPbZjNozTzVNdstWq5%2B5rKj"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698bf2994c941782-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST 6
m.stripe.com/ Frame FCCB 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: m.stripe.com
URL: https://m.stripe.com/6

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.getinfosec.news/	1970-01-20 15:13:16	Name: _ga Value: GA1.2.743514236.1633324683
.getinfosec.news/	1970-01-19 21:43:31	Name: _gid Value: GA1.2.1155314188.1633324683
.getinfosec.news/	1970-01-19 21:42:04	Name: _gat_gtag_UA_153426991_1 Value: 1
.getinfosec.news/	1970-01-19 21:42:04	Name: _gat_gtag_UA_166935235_1 Value: 1
.unsplash.com/	1970-01-20 06:27:40	Name: ugid Value: f582c65c17455764db674961cf94f47e5444415
www.thesun.co.uk/	1969-12-31 23:59:59	Name: nuk_customer_country_code Value: DE
www.thesun.co.uk/	1969-12-31 23:59:59	Name: nuk_customer_region_code Value: HE
m.stripe.com/	1970-01-20 15:13:16	Name: m Value: 49c9bdcc-d5d8-4beb-bf0e-bb9412a33c793d48e6
.www.getinfosec.news/	1970-01-20 06:27:40	Name: __stripe_mid Value: 505ba1db-6e3d-4542-a2c2-9095eb29bd14ee7bec
.www.getinfosec.news/	1970-01-19 21:42:06	Name: __stripe_sid Value: 13dcf2e3-efd8-4004-a7fa-a0c4a3fd9a8314967c
www.getinfosec.news/	1970-01-19 21:42:11	Name: XSRF-TOKEN Value: eyJpdiI6IllrRTJaWnkvRHRUWVptVm1PTXlISGc9PSIsInZhbHVlIjoiQ2JndjRsdFR1SjMzOGxFS3gxOTVLRWs3cnhBYTVqWjNZaUhGVWtwak15MldEa1k4VmNzdm5QcnZOYXg4WHhiSFduMCtUZmNzYkRNTSs4L2hHaXF5eXRBay85dC9MODI0RGpXUkhxWEJFazRmbTNxZzViQTRiazVVMmZoaUtsK0EiLCJtYWMiOiIyNDIyNDViNGQzNDdjODIyZTVmMTUyOTZmMjk2NzA0OTEyNjJiNjg5NDRlYjgyOGY4NGUwZDJjMmMxMTU1ZDVjIn0%3D
www.getinfosec.news/	1970-01-19 21:42:11	Name: newsy_session Value: eyJpdiI6InZHVTc2N0dKMzlhdEkxZ3FFV2ZTQVE9PSIsInZhbHVlIjoieGZ5V0h1eEo4V2p4M2lZR2lNZWNwUmF1ekNWeUZrT2U4TE5zNkFYbmwyTDdCdzZnY25RcW5sVjlvQU5HMFNMcm43aU5kWEt2a3FPVDhGek5IR0RVZUZkVHVCbDQ5NzZTTG9uRnhnUVhaVWtIbEhoN1pZbXJYdFpLWWdlQklPOWwiLCJtYWMiOiJjYzM4YmVjNzU0ODI5MWE0NmRjYmNmZTcxMzU3NzJjNDAwMmIzMGEwMzAxMDY2MDUyODc0YWE3Yjg2Y2JhNGNlIn0%3D
.www.secureworld.io/	1969-12-31 23:59:59	Name: __cfruid Value: 4257b8f1ca1c1135674fce75a03acbf3c53b7ac9-1633324684

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.clearswift.com/sites/default/files/styles/blog-main-image/public/images/blog/file-transfer-collaboration.png?itok=IaffPL0d Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdn2.iconfinder.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
i.vimeocdn.com
i1.wp.com
images.unsplash.com
img.icons8.com
js.stripe.com
m.stripe.com
m.stripe.network
newsyapp.s3.ap-southeast-2.amazonaws.com
q.stripe.com
s.yimg.com
stats.g.doubleclick.net
twt-thumbs.washtimes.com
unpkg.com
www.clearswift.com
www.getinfosec.news
www.google-analytics.com
www.googletagmanager.com
www.secureworld.io
www.thesun.co.uk
m.stripe.com
104.16.124.175
104.16.19.94
104.16.87.20
13.224.193.105
13.225.87.15
13.225.87.60
142.250.185.195
142.250.185.74
142.250.186.46
151.101.114.109
151.101.114.208
172.66.43.18
172.67.138.119
172.67.217.166
192.0.77.2
195.181.175.54
199.60.103.226
216.58.212.168
23.185.0.3
44.229.66.179
52.95.135.22
54.187.119.242
74.125.206.155
87.248.118.22
1942d92c0cf67997cea0dc7c6058f7d4231a56aadafacacc15ed65c1e8a49925
19a209eb740fbd46bef39309731207981d62020eb6d9f0c951a80c4b1fe1cb8b
1a2969a29378d4ee5f0771e46e3d9e663a06ccc2101d97033442184fd7327355
1ad609e63b3fe9dcc7cbb330fc67e262b50075d496d45aad1e82445ed0461ffb
2484073ea80f5f8d7d808b5a11a2f9b075dbeeee899148902d67ef1a1fa2f185
28d9b78d460e1eb7cb2718dd999ff6882a9241bc13ffb921d4dc020da267cb8a
2ca19963383a46a2cc4c97af98af5d81bd6935eb816a6be6bb8a6c1c7dab8591
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
326f8198ae844997832b6357f9d20f822311b28679d25988925b686528c700a5
37d6a9699305d6caf6db3c009200c10270e355aa6dba482f7f3197e22af3ff64
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
68fd2db599418d133b6b3411e0cb342cb61ccea3b21cf7b204edf7e7ccb66c29
6a6915872afa798395a56c7aa50d086cb325ff7214ad78ada3c7a96350bbad39
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b86c6ae7b5af2b9cbaed71f58731bb6446fbebadb68e1ef38f7af406423f044
769d19a8eff00012bedb55d08fec5ff74c858b7a07ce5d7cc81fb38fd0af446c
7aa8a31521fca34e454549169275a559b334ff604261a4a2ef89319d3bf5cf6c
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
80b47c89ad12957e2f936f5b0dcbb4590c359cbc89e5050da3493f24604f7632
80e4a6df511aabcfa44f256c549e278654914ed7ccec2dfda39c6f200ec2934c
85881872103df3e6b5645e0011fd2bbfcfca491b0996b2a92ff11a91f22108c6
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
92ea613270d1df64f254b35b96044cff459dcd34a5b8767743626866479ce38a
9c6364f36b51319619fa0927fb7d9464190560679aeeb0c3bc5ddf258b57f4a3
a0521c1db32bd8ef76c1b0d6d764feefa167409ef81b4fd4cd08142ec5814592
a1a8769db6fd1e983f9dba8483855c7d9486e4ba9ca39c85bd352ad80ab74094
a6fda8f8cdeeaa0e5f548b20df29aa7411032f0a9e438910f54d6bfbcaa4539d
becfedee633c9b73e5df5873896ddff0cb8c45a310f2b2a5722df31a6837b2a7
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c4a8402fde1e397bcabe7467c0de035e7851eeb1bad9af5d1b67487e7d7f2a4a
cc2604e4b0c63665fe5c730c319b560b47ef23b9dad0e6a6b5a9192a428afe17
d58b45299511217e52f494af4b0bdc4471ef55db555429263a866f46d5dafa3d
d5c154fa037f2d7f3fb6732ac0a4146a82b22e146e11f1f37f5ec92f54fcd475
dadb3cc5d2f39d2ce8d7086f952917fa40f2577c89a54977f4223618fc7d0541
ddd82454b3228d2a49d9b133e912a6011d23edcaf3cf9290c040a90b995b65a6
ddffc1fb5857d5643c0113e624d013e677a00538184616877dbce212abbbfc41
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9db9f4845d50ce4cfb88a6d0f81f3ce432e2d0893684b5c4819c87732b6b875
ebe7f14bba97f98b8bfc5d1e959dbbfe26509adc4bfb32b27f55b52d204776d1
f76c3cf15fc3f9f7e8d4faa34bdc1df43d03c2009090db4e78542137768bb550
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.getinfosec.news Open in urlscan Pro 172.67.138.119 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

49 Requests

98 %HTTPS

0 %IPv6

22 Domains

24 Subdomains

25 IPs

4 Countries

2665 kBTransfer

4671 kBSize

13 Cookies

23 Outgoing links

Redirected requests

49 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.getinfosec.news Open in urlscan Pro
172.67.138.119 Public Scan

Screenshot
Live screenshot

Full Image

49
Requests

98 %
HTTPS

0 %
IPv6

22
Domains

24
Subdomains

25
IPs

4
Countries

2665 kB
Transfer

4671 kB
Size

13
Cookies

49 HTTP transactions
0 data transactions