www.secureworks.com Open in urlscan Pro
23.100.35.118 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.secureworks.com/cyber-threat-intelligence/threats/gozi
Effective URL:
https://www.secureworks.com/research/gozi
Submission: On November 27 via api (November 27th 2020, 2:20:31 pm UTC) from US

Summary HTTP 110 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 30 IPs in 7 countries across 28 domains to perform 110 HTTP transactions. The main IP is 23.100.35.118, located in San Jose, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.secureworks.com.
TLS certificate: Issued by Thawte RSA CA 2018 on August 28th 2020. Valid for: a year.

This is the only time www.secureworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	23.100.35.118 23.100.35.118	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
59	2a02:26f0:170... 2a02:26f0:1700:d::1737:6ea4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:12a:8000::2 2620:12a:8000::2	54113 (FASTLY) (FASTLY)
1	2.20.174.197 2.20.174.197	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	209.167.231.17 209.167.231.17	7160 (NETDYNAMICS) (NETDYNAMICS)
1	142.0.173.134 142.0.173.134	7160 (NETDYNAMICS) (NETDYNAMICS)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
6	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	92.123.6.139 92.123.6.139	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.224.93.80 13.224.93.80	16509 (AMAZON-02) (AMAZON-02)
1	163.171.132.119 163.171.132.119	54994 (QUANTILNE...) (QUANTILNETWORKS)
2	13.224.93.109 13.224.93.109	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:10c... 2a02:26f0:10c:58e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
1	13.226.159.67 13.226.159.67	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81a::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE)
2	162.247.242.21 162.247.242.21	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:815::2002	15169 (GOOGLE) (GOOGLE)
1	206.19.49.24 206.19.49.24	17225 (ATT-CERFN...) (ATT-CERFNET-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1 3	13.224.93.30 13.224.93.30	16509 (AMAZON-02) (AMAZON-02)
2 2	52.31.242.159 52.31.242.159	16509 (AMAZON-02) (AMAZON-02)
110	30

2 23.100.35.118 (San Jose, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 2a02:26f0:1700:d::1737:6ea4 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

pcdnscwx001.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:12a:8000::2 (United States)

ASN54113 (FASTLY, US)

live-scwx-pe.pantheonsite.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.20.174.197 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-174-197.deploy.static.akamaitechnologies.com

img.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 209.167.231.17 (United States) 2 redirects

ASN7160 (NETDYNAMICS, US)
PTR: e017.en25.com

s1659.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.0.173.134 (United States)

ASN7160 (NETDYNAMICS, US)

web.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 92.123.6.139 (France)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-6-139.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.93.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-80.zrh50.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.93.109 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-109.zrh50.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c:58e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.250 (Ascension Island) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.159.67 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-67.dus51.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.21 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-9.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.93.30 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-30.zrh50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.242.159 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-242-159.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	azureedge.net pcdnscwx001.azureedge.net	1 MB
6	google-analytics.com www.google-analytics.com	19 KB
4	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	google.de www.google.de	744 B
3	google.com www.google.com	531 B
3	adnxs.com 2 redirects secure.adnxs.com	3 KB
3	6sc.co j.6sc.co c.6sc.co b.6sc.co	8 KB
3	crazyegg.com script.crazyegg.com	36 KB
3	eloqua.com 2 redirects s1659.t.eloqua.com	2 KB
3	cookielaw.org cdn.cookielaw.org	24 KB
3	secureworks.com 1 redirects www.secureworks.com web.secureworks.com	56 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	nr-data.net bam.nr-data.net	461 B
2	licdn.com snap.licdn.com	3 KB
2	driftt.com js.driftt.com	45 KB
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	bing.com bat.bing.com	9 KB
2	pantheonsite.io live-scwx-pe.pantheonsite.io	15 KB
1	ml-api.io attr.ml-api.io	485 B
1	ml-attr.com 1 redirects s.ml-attr.com	284 B
1	demandbase.com tag.demandbase.com	17 KB
1	googleadservices.com www.googleadservices.com	12 KB
1	newrelic.com js-agent.newrelic.com	11 KB
1	jquery.com code.jquery.com	30 KB
1	en25.com img.en25.com	3 KB
1	googletagmanager.com www.googletagmanager.com	54 KB
110	28

	Domain	Requested by
59	pcdnscwx001.azureedge.net	www.secureworks.com pcdnscwx001.azureedge.net
6	www.google-analytics.com	www.googletagmanager.com
3	www.google.de
3	www.google.com
3	stats.g.doubleclick.net	www.google-analytics.com
3	secure.adnxs.com	2 redirects j.6sc.co
3	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
3	s1659.t.eloqua.com	2 redirects www.secureworks.com
3	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
2	segments.company-target.com	1 redirects
2	match.prod.bidr.io	2 redirects
2	px.ads.linkedin.com	1 redirects
2	bam.nr-data.net	js-agent.newrelic.com
2	snap.licdn.com	www.secureworks.com snap.licdn.com
2	js.driftt.com	www.secureworks.com js.driftt.com
2	bat.bing.com	www.googletagmanager.com
2	live-scwx-pe.pantheonsite.io	www.secureworks.com pcdnscwx001.azureedge.net
2	www.secureworks.com	1 redirects
1	b.6sc.co
1	api.company-target.com	tag.demandbase.com
1	c.6sc.co	j.6sc.co
1	apt.techtarget.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.linkedin.com	1 redirects
1	attr.ml-api.io
1	s.ml-attr.com	1 redirects
1	trk.techtarget.com	www.secureworks.com
1	tag.demandbase.com	www.secureworks.com
1	j.6sc.co	www.secureworks.com
1	www.googleadservices.com	www.googletagmanager.com
1	js-agent.newrelic.com	www.secureworks.com
1	code.jquery.com	cdn.cookielaw.org
1	web.secureworks.com	www.secureworks.com
1	img.en25.com	www.secureworks.com
1	www.googletagmanager.com	www.secureworks.com
110	35

This site contains links to these domains. Also see Links.

Domain
cookiepedia.co.uk
onetrust.com
portal.secureworks.com
investors.secureworks.com
twitter.com
www.linkedin.com
www.facebook.com
www.secureworks.co.uk
web.secureworks.com
github.com
pcdnscwx001.azureedge.net
www.delltechnologies.com
www.secureworks.jp

Subject Issuer	Validity	Valid
www.secureworks.com Thawte RSA CA 2018	`2020-08-28` - `2021-09-02`	a year	crt.sh
*.azureedge.net DigiCert SHA2 Secure Server CA	`2020-11-21` - `2021-11-30`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
*.pantheon.io DigiCert SHA2 Secure Server CA	`2020-07-16` - `2021-07-20`	a year	crt.sh
*.en25.com DigiCert SHA2 Secure Server CA	`2020-08-13` - `2021-11-12`	a year	crt.sh
*.t.eloqua.com DigiCert SHA2 Secure Server CA	`2020-03-09` - `2022-04-08`	2 years	crt.sh
web.secureworks.com Thawte EV RSA CA 2018	`2020-07-09` - `2022-04-09`	2 years	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-23` - `2021-05-07`	6 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2020-10-27` - `2021-04-27`	6 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-06-09` - `2021-06-09`	a year	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2020-01-07` - `2021-04-07`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-14` - `2021-11-15`	a year	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
drift.com Amazon	`2020-09-21` - `2021-10-23`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.ml-api.io Amazon	`2020-02-06` - `2021-03-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-09` - `2021-10-28`	a year	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://www.secureworks.com/research/gozi
Frame ID: 587000D6A368F8F279FA3AECCC23D829
Requests: 109 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 02DA336516793746B8C7AF9071307253
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.secureworks.com/cyber-threat-intelligence/threats/gozi HTTP 307
https://www.secureworks.com/cyber-threat-intelligence/threats/gozi HTTP 301
https://www.secureworks.com/research/gozi Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

110
Requests

100 %
HTTPS

48 %
IPv6

28
Domains

35
Subdomains

30
IPs

7
Countries

1585 kB
Transfer

3195 kB
Size

0
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More Information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://portal.secureworks.com/portal/loginIDP
Title: Login

Search URL Search Domain Scan URL

URL: https://investors.secureworks.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.secureworks.com/research/gozi&text=Gozi%20Trojan&via=Secureworks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.secureworks.com/research/gozi&source=Secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.secureworks.com/research/gozi

Search URL Search Domain Scan URL

URL: https://www.secureworks.co.uk/
Title: U.K.

Search URL Search Domain Scan URL

URL: https://web.secureworks.com/RedcloakTour
Title: Take a tour of Red Cloak™ Threat Detection & Response Every Thursday & 11 am EDT / 4 pm BST with live Q&A. Register Now

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/secureworks
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/secureworks
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/secureworks
Title:

Search URL Search Domain Scan URL

URL: https://github.com/secureworks
Title:

Search URL Search Domain Scan URL

URL: https://pcdnscwx001.azureedge.net/~/media/Files/Corporate/modernslaverystatement_21.ashx?modified=20200305203009
Title: Supply Chain Transparency

Search URL Search Domain Scan URL

URL: https://www.delltechnologies.com/
Title: Dell Technologies

Search URL Search Domain Scan URL

URL: https://www.secureworks.jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fwww.secureworks.com%2fresearch%2fgozi&source=Secureworks

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3a%2f%2fwww.secureworks.com%2fresearch%2fgozi&hashtags=Secureworks&via=Secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3a%2f%2fwww.secureworks.com%2fresearch%2fgozi

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.secureworks.com/cyber-threat-intelligence/threats/gozi HTTP 307
https://www.secureworks.com/cyber-threat-intelligence/threats/gozi HTTP 301
https://www.secureworks.com/research/gozi Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled HTTP 302
https://s1659.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&elqCookie=1

Request Chain 66

https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&firstPartyCookieDomain=web.secureworks.com HTTP 302
https://web.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&elq1pcGUID=FE4A6DE4C7B5427C8B6E3BB5A3869291

Request Chain 79

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.secureworks.com&pId=1063162976943556757

Request Chain 90

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1606486804991&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2386324%26time%3D1606486804991%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%252Fresearch%252Fgozi%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1606486804991&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&liSync=true

Request Chain 99

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AADqDk6_ghYAABC10EPyAQ HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADqDk6_ghYAABC10EPyAQ&verifyHash=f9fcd4236db2080f382dcaa493c2daeed2243668

110 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set gozi Show response
www.secureworks.com/research/
Redirect Chain

http://www.secureworks.com/cyber-threat-intelligence/threats/gozi
https://www.secureworks.com/cyber-threat-intelligence/threats/gozi
https://www.secureworks.com/research/gozi

223 KB
54 KB

448ms
448ms

Document
text/html

23.100.35.118
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/research/gozi

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.100.35.118 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

cc1c0969844629b5443c7de89554e7400bd974daa3c08e058c6c79f349514c13

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	X-Frame-Options: DENY DENY
X-Xss-Protection	1; mode=block

Request headers

Host: www.secureworks.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ApplicationGatewayAffinity=324eae91ff21aeb30e33c21363d7e7070cea41b85ecb475862c8f50aedf97aa4; ApplicationGatewayAffinityCORS=324eae91ff21aeb30e33c21363d7e7070cea41b85ecb475862c8f50aedf97aa4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASP.NET_SessionId=3r0aociltti1k53zh1o3bwug; path=/; HttpOnly; SameSite=Lax SC_ANALYTICS_GLOBAL_COOKIE=c6dff7f50536450db7781c3e3550b56c|False; expires=Mon, 25-Nov-2030 14:20:02 GMT; path=/; HttpOnly
X-Frame-Options: X-Frame-Options: DENY DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Date: Fri, 27 Nov 2020 14:20:02 GMT
Content-Length: 52850

Redirect headers

Content-Type: text/html; charset=utf-8
Location: /research/gozi
Server: Microsoft-IIS/10.0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Set-Cookie: ApplicationGatewayAffinity=324eae91ff21aeb30e33c21363d7e7070cea41b85ecb475862c8f50aedf97aa4;Path=/;Domain=www.secureworks.com ApplicationGatewayAffinityCORS=324eae91ff21aeb30e33c21363d7e7070cea41b85ecb475862c8f50aedf97aa4;Path=/;Domain=www.secureworks.com;SameSite=None;Secure
Date: Fri, 27 Nov 2020 14:20:01 GMT
Content-Length: 131

GET
H2 200 html5reset-1.6.1.css
pcdnscwx001.azureedge.net/content/app/css/ 1 KB
2 KB 53ms
7ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/css/html5reset-1.6.1.css

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Nov 2020 21:32:18 GMT
server: Microsoft-IIS/10.0
etag: "0dd7ff8f1b2d61:0"
x-frame-options: DENY
content-type: text/css
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 573
x-content-type-options: nosniff

GET
H2 200 western-typographies.css
pcdnscwx001.azureedge.net/content/app/css/ 2 KB
1 KB 54ms
8ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/css/western-typographies.css?v=05012019

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Nov 2020 21:32:18 GMT
server: Microsoft-IIS/10.0
etag: "0dd7ff8f1b2d61:0"
x-frame-options: DENY
content-type: text/css
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 365
x-content-type-options: nosniff

GET
H2 200 main.css
pcdnscwx001.azureedge.net/content/app/css/ 437 KB
66 KB 54ms
9ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

082f552d6e044d9776e0e549b955b2e2fd5346fd82481116c9a4f7eb1f925bbf

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Nov 2020 13:14:08 GMT
server: Microsoft-IIS/10.0
etag: "3d92408b75b3d61:0"
x-frame-options: DENY
content-type: text/css
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 65850
x-content-type-options: nosniff

GET
H2 200 jquery-3.3.1.min.js Show response
pcdnscwx001.azureedge.net/content/app/js/ 85 KB
31 KB 60ms
15ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/js/jquery-3.3.1.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Nov 2020 21:32:18 GMT
server: Microsoft-IIS/10.0
etag: "0dd7ff8f1b2d61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 30358
x-content-type-options: nosniff

GET
H2 200 knockout.3.5.0.min.js Show response
pcdnscwx001.azureedge.net/content/app/js/ 66 KB
26 KB 61ms
16ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/js/knockout.3.5.0.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

97407a0e155a4f783c0848c3515025b308ac6b4e1599f5936e73ad62a236c394

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Nov 2020 21:32:18 GMT
server: Microsoft-IIS/10.0
etag: "0dd7ff8f1b2d61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 25042
x-content-type-options: nosniff

GET
H2 200 react.production.min.js Show response
pcdnscwx001.azureedge.net/content/react/lib/ 12 KB
6 KB 61ms
16ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/react/lib/react.production.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Jul 2020 21:41:40 GMT
server: Microsoft-IIS/10.0
etag: W/"0821ae27060d61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 4898
x-content-type-options: nosniff

GET
H2 200 react-dom.production.min.js Show response
pcdnscwx001.azureedge.net/content/react/lib/ 116 KB
38 KB 63ms
18ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/react/lib/react-dom.production.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Jul 2020 21:41:40 GMT
server: Microsoft-IIS/10.0
etag: "0821ae27060d61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 38049
x-content-type-options: nosniff

GET
H2 200 Arke.SecureWorks.EloquaFormV2.js Show response
pcdnscwx001.azureedge.net/content/app/js/form/ 5 KB
3 KB 63ms
19ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/js/form/Arke.SecureWorks.EloquaFormV2.js?v=11052020

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

11b8cb90c14ea180dae7d0c0a9c47e98b4c7a7a408ef867ef8c64c846612519c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Nov 2020 21:32:18 GMT
server: Microsoft-IIS/10.0
etag: "0dd7ff8f1b2d61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1828
x-content-type-options: nosniff

GET
H2 200 emergency-icon-02.ashx
pcdnscwx001.azureedge.net/~/media/Images/Icons/ 1 KB
2 KB 7ms
7ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Icons/emergency-icon-02.ashx?modified=20200713133031

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

dd521f8f0cb2b38870c852086eff9c00365c88a82a7430a597bcebdd8a9c6569

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 13 Jul 2020 13:30:31 GMT
server: Microsoft-IIS/10.0
etag: 3c8ba49ec7994d569f5a624ba34bd1db
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/png
cache-control: public, max-age=71011
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="emergency-icon-02.png"
accept-ranges: bytes
content-length: 1105
x-content-type-options: nosniff
expires: Sat, 28 Nov 2020 10:03:33 GMT

GET
H2 200 sw_logo_black.ashx
pcdnscwx001.azureedge.net/~/media/Images/logos/ 5 KB
6 KB 7ms
6ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/logos/sw_logo_black.ashx?modified=20200805202625&la=en&hash=00B7331C64676ED90B47EC4C68B55240

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b5ecd7807e3023d657d18fbe832848e8e65843843ebd748f7225e314b17d5221

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 05 Aug 2020 20:26:25 GMT
server: Microsoft-IIS/10.0
etag: 33b882a931e84894a7c864998125bcce
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, max-age=566161
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="sw_logo_black.svg"
accept-ranges: bytes
content-length: 4728
x-content-type-options: nosniff
expires: Fri, 04 Dec 2020 03:36:03 GMT

GET
H2 200 btn-arrow.svg
pcdnscwx001.azureedge.net/content/rc/images/ 2 KB
3 KB 8ms
7ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/content/rc/images/btn-arrow.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: image/svg+xml
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 2096
x-content-type-options: nosniff

GET
H2 200 arrow-back.svg
pcdnscwx001.azureedge.net/content/rc/images/ 1 KB
2 KB 8ms
8ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/content/rc/images/arrow-back.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: image/svg+xml
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 1025
x-content-type-options: nosniff

GET
H2 200 blue_mesh_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2D/004%20blue%20mesh/ 49 KB
51 KB 9ms
8ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2D/004%20blue%20mesh/blue_mesh_360x190.ashx?modified=20180130151343

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6977fbc057927802533b66343c7d51580a8c5989aa849a9cb61571b1a267c531

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 30 Jan 2018 15:13:43 GMT
server: Microsoft-IIS/10.0
etag: da528d966a24428eab4064c0694c0eeb
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=570319
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="blue_mesh_360x190.jpg"
accept-ranges: bytes
content-length: 50443
x-content-type-options: nosniff
expires: Fri, 04 Dec 2020 04:45:21 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 172 KB
54 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7676c6176c65a393eef7101a38bf18ec575eed9ce47963368911fcebeef712e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:02 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55077
x-xss-protection: 0
last-modified: Fri, 27 Nov 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 27 Nov 2020 14:20:02 GMT

GET
H2 200 visuelt-light.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 63 KB
65 KB 22ms
7ms Font
font/x-woff 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-light.woff

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.secureworks.com
Referer: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: font/x-woff
access-control-allow-origin: *
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 64920
x-content-type-options: nosniff

GET
H2 200 visuelt-medium.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 36 KB
37 KB 28ms
13ms Font
font/x-woff 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-medium.woff

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.secureworks.com
Referer: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: font/x-woff
access-control-allow-origin: *
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 36448
x-content-type-options: nosniff

GET
H2 200 0005_human_man-laptop-car_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/lifestyle-0005_man-laptop-car/ 41 KB
42 KB 7ms
7ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/lifestyle-0005_man-laptop-car/0005_human_man-laptop-car_360x190.ashx?modified=20191220134740

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

cc2f10208ba8d203c2394ea63ee4e71fd8baf8f56a03f87f2cdcffa2cf693c93

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 20 Dec 2019 13:47:40 GMT
server: Microsoft-IIS/10.0
etag: 1363494125be4f98974784681b82997b
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=348557
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="0005_human_man-laptop-car_360x190.jpg"
accept-ranges: bytes
content-length: 42146
x-content-type-options: nosniff
expires: Tue, 01 Dec 2020 15:09:19 GMT

GET
H2 200 podcast-thumb-01.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Podcasts/ 42 KB
44 KB 9ms
8ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Podcasts/podcast-thumb-01.ashx?modified=20200930171415

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

99349d6261b1df0deaa347406ebd15a8d8d9c8cedd0ab077533a15e1366b08ea

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 30 Sep 2020 17:14:15 GMT
server: Microsoft-IIS/10.0
etag: c12bfa897cca462a810a04b511d91402
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=566255
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="podcast-thumb-01.jpg"
accept-ranges: bytes
content-length: 43394
x-content-type-options: nosniff
expires: Fri, 04 Dec 2020 03:37:37 GMT

GET
H2 200 gozi-regentries-2.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 2 KB
3 KB 38ms
37ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-regentries-2.ashx?h=52&w=448&la=en&modified=20151210203202&hash=CDFE9FCCAF576510E723837899B7D47F

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

a13b8d523b5f87d18f1221e435f0e6d4fbbed9a5c9c2310f3cce82ae33b76d9f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:02 GMT
server: Microsoft-IIS/10.0
etag: 89d5c4e9454049acb4d0a64cc5c5f072
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-regentries-2.gif"
cache-control: public, max-age=272642
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 2059
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:04:04 GMT

GET
H2 200 gozi-certs-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 3 KB
4 KB 107ms
106ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-certs-1.ashx?h=33&w=449&la=en&modified=20151210203157&hash=CA46FF8ED9574F103CEE1914BE0AE094

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0ef96fd1ea5e530eb77f991b40c088ca9398b09c4345747fe49efbc4b9ddc095

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:57 GMT
server: Microsoft-IIS/10.0
etag: f9a07cff13bd4edaa7dd5dae1b571361
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-certs-1.gif"
cache-control: public, max-age=272595
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 3315
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:03:17 GMT

GET
H2 200 gozi-certs-2.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 9 KB
11 KB 25ms
24ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-certs-2.ashx?h=164&w=449&la=en&modified=20151210203157&hash=41A37F94C7C3429E432C6D6369C2D347

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

52c48cad14d20cd2955f2ba301dcdc8ce0ac8e52385600ad691ae4356ed138bc

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:57 GMT
server: Microsoft-IIS/10.0
etag: f8f015acc4474a8a9a1a2680424dbed9
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-certs-2.gif"
cache-control: public, max-age=272554
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 9629
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:02:36 GMT

GET
H2 200 gozi-options-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 3 KB
4 KB 27ms
26ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-options-1.ashx?h=31&w=448&la=en&modified=20151210203200&hash=FAC939583613164CBA6476EC707E0C7E

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

322bb4b255f663dbaf92ea361b9db38eb5a1b35500529f15d5c09b2dc5254147

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:00 GMT
server: Microsoft-IIS/10.0
etag: b0a1a9130870491d993f63a4af92ca9d
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-options-1.gif"
cache-control: public, max-age=272643
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 3253
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:04:05 GMT

GET
H2 200 gozi-options-2.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 9 KB
10 KB 28ms
27ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-options-2.ashx?h=146&w=447&la=en&modified=20151210203201&hash=3C8D1CF725522282059835720679CF40

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

60d78ce2bbe13268fd961cde861b5c858726506f855c20afe528589bb22fb181

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:01 GMT
server: Microsoft-IIS/10.0
etag: f52d66d5235948008d82d6394b48a4fc
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-options-2.gif"
cache-control: public, max-age=272580
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 8955
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:03:02 GMT

GET
H2 200 gozi-options-4.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 9 KB
10 KB 29ms
28ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-options-4.ashx?h=135&w=448&la=en&modified=20151210203201&hash=ADFFE8030C447A278324D0B351D3D7FE

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

53392cde4a875777ceb0256d64031c5abaf2fdd0bb21f3aa905c87f85514b91d

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:01 GMT
server: Microsoft-IIS/10.0
etag: e06409a82b5845a281f8b791fd0687ad
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-options-4.gif"
cache-control: public, max-age=272485
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 8978
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:01:27 GMT

GET
H2 200 gozi-bofa-mitm-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 27 KB
28 KB 32ms
28ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-bofa-mitm-1.ashx?h=484&w=423&la=en&modified=20151210203156&hash=31315A4911E696D548920B50552E58C5

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

a43eff93b5a1e60bde786637542fac49f83d0550f5b0645a43bc88a5f524edad

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:56 GMT
server: Microsoft-IIS/10.0
etag: abf07c2d86de44b7b153b6014ecdcb96
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-bofa-mitm-1.gif"
cache-control: public, max-age=272481
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 27173
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:01:23 GMT

GET
H2 200 gozi-olly-error-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 5 KB
6 KB 36ms
32ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-olly-error-1.ashx?h=127&w=450&la=en&modified=20151210203159&hash=DAC6913EBAF3220D961AE7B206938729

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

4e220a9dd3fd44ffbda2af63dac7613e29d5266f32adad83c309f032b90ac656

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:59 GMT
server: Microsoft-IIS/10.0
etag: e573431a332c4a8ca0cca3fd1616508e
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-olly-error-1.gif"
cache-control: public, max-age=272547
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 5271
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:02:29 GMT

GET
H2 200 gozi-olly-wheretobone-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 11 KB
12 KB 31ms
27ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-olly-wheretobone-1.ashx?h=259&w=447&la=en&modified=20151210203200&hash=A42FF8ED4334F702E381D0197ED3D61D

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3b8f7c924f365b4249ece10659736578e8d1e5a8ddc5c520c102b6b8fdc84ac6

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:00 GMT
server: Microsoft-IIS/10.0
etag: 4341e3ced67648a2b3f07e85a26f06d5
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-olly-wheretobone-1.gif"
cache-control: public, max-age=272686
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 11166
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:04:48 GMT

GET
H2 200 gozi-olly-getprocaddress-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 4 KB
6 KB 35ms
31ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-olly-getprocaddress-1.ashx?h=112&w=329&la=en&modified=20151210203159&hash=D7D4D961DDDF3FD8A78F9CC3824C1B59

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

da3785a5a50b484106bed0418e2f7afc436222f23d6478bd0924e9b11efab834

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:59 GMT
server: Microsoft-IIS/10.0
etag: 807cc8356b704fa08bc7a21631f99818
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-olly-getprocaddress-1.gif"
cache-control: public, max-age=520064
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 4602
x-content-type-options: nosniff
expires: Thu, 03 Dec 2020 14:47:46 GMT

GET
H2 200 gozi-olly-endofimportsloop-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 8 KB
10 KB 29ms
25ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-olly-endofimportsloop-1.ashx?h=297&w=379&la=en&modified=20151210203158&hash=925C2A211833BED48208FBE11A1B48C8

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

09a3af3599c0b97138ca73e38908f5c32970ee041ab8dc6e17bcf59c2726bc60

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:58 GMT
server: Microsoft-IIS/10.0
etag: fcdf7b94c1a24970b5943389fc3bc8c8
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-olly-endofimportsloop-1.gif"
cache-control: public, max-age=272636
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 8553
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:03:58 GMT

GET
H2 200 gozi-olly-survivereboot-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 4 KB
5 KB 37ms
33ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-olly-survivereboot-1.ashx?h=189&w=449&la=en&modified=20151210203200&hash=A8A8C48CD3CCAEDA3EF10CA5672D6490

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f799a8eba0ec634f20425e1cf5e0667481588db8c4eb1f0e3bb335551062451d

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:00 GMT
server: Microsoft-IIS/10.0
etag: 97e4d0e9398a4aedb225db012b68fd3e
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-olly-survivereboot-1.gif"
cache-control: public, max-age=272574
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 3751
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:02:56 GMT

GET
H2 200 gozi-olly-dirtywork-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 3 KB
4 KB 40ms
37ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-olly-dirtywork-1.ashx?h=101&w=449&la=en&modified=20151210203158&hash=FA82A16E0C5B194CEB7C776FB4344351

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

8eee56767401db8d6ea185a39f7c4e374c215173d084f70c65aa666d05a49968

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:58 GMT
server: Microsoft-IIS/10.0
etag: a383b2dc4e9e4b58ab4b11b27cff9b2b
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-olly-dirtywork-1.gif"
cache-control: public, max-age=520016
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 3268
x-content-type-options: nosniff
expires: Thu, 03 Dec 2020 14:46:58 GMT

GET
H2 200 gozi-olly-decryption-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 11 KB
12 KB 40ms
36ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-olly-decryption-1.ashx?h=344&w=450&la=en&modified=20151210203158&hash=8390915B141A2953CD8437CD707CB2FD

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c1beaf32e702a53336a463c56bb185bbb54e8546f69dbc7ad737fbd522ea207e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:58 GMT
server: Microsoft-IIS/10.0
etag: d3f0ee0354ad4d9b921e09ef10c9807e
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-olly-decryption-1.gif"
cache-control: public, max-age=272617
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 11482
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:03:39 GMT

GET
H2 200 gozi-server-scanresults-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 21 KB
22 KB 37ms
34ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-server-scanresults-1.ashx?h=159&w=450&la=en&modified=20151210203203&hash=2A1E878C0C6C73F962E95C65A191A752

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f89c119fabe1871a56c78b03c4c42c88190920f97d68c5d0d19deac0fa7470ff

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:03 GMT
server: Microsoft-IIS/10.0
etag: 9084daf58735441ea9e906c8f6622c1c
x-frame-options: DENY
content-type: image/jpeg
content-disposition: inline; filename="gozi-server-scanresults-1.jpg"
cache-control: public, max-age=272528
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 21275
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:02:10 GMT

GET
H2 200 gozi-server-index-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 13 KB
14 KB 114ms
112ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-server-index-1.ashx?h=225&w=362&la=en&modified=20151210203202&hash=C00DF748230436D961E30E4F37356E54

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d1ae3c158bad4fd2ee4b3b0075ab3a959cda40af45181ab7bd4965f1be4025bf

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:02 GMT
server: Microsoft-IIS/10.0
etag: 52bb2efedfd24922af5b1237f1e09e6e
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-server-index-1.gif"
cache-control: public, max-age=272587
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 13275
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:03:09 GMT

GET
H2 200 gozi-undercover-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 1 KB
3 KB 57ms
55ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-undercover-1.ashx?h=97&w=422&la=en&modified=20151210203204&hash=2B72C867BD277B68697AF4489723BBE1

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b9923c974991754822d3e577d432a31a2101956828b2d6fc75b8d63edfb5a147

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:04 GMT
server: Microsoft-IIS/10.0
etag: b04913f5b559464ab45b5d3e41e92e5e
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-undercover-1.gif"
cache-control: public, max-age=272564
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 1452
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:02:46 GMT

GET
H2 200 gozi-snatch-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 61 KB
62 KB 44ms
42ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-snatch-1.ashx?h=307&w=446&la=en&modified=20151210203203&hash=4D9DA56FFF5874C674458B49D9C5A810

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5b618c640090de32a81c9f3cb188a0079215219be605ac2f3049198a13a984e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:32:03 GMT
server: Microsoft-IIS/10.0
etag: 8fd8eecf97014bf1ab9c4f71ff8fdb94
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-snatch-1.gif"
cache-control: public, max-age=272408
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 62154
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:00:10 GMT

GET
H2 200 gozi-76service-1.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 7 KB
8 KB 43ms
41ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-76service-1.ashx?h=194&w=380&la=en&modified=20151210203155&hash=42B7E25FE29EB965CE30E4D99D593A1F

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ff0f66b941bb3bb90768d737dc9d1132bd07890f1978a3a4019dfffcad80366f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:55 GMT
server: Microsoft-IIS/10.0
etag: cde939c71da84f58ad617205b7f36b88
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-76service-1.gif"
cache-control: public, max-age=272440
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 7074
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:00:42 GMT

GET
H2 200 gozi-76service-2.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/ 22 KB
24 KB 90ms
88ms Image
image/gif 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/066%20Gozi%20Trojan/gozi-76service-2.ashx?h=180&w=413&la=en&modified=20151210203156&hash=8622839BA492818FD545D8D3B5493841

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

36223284849182d5db0dbd81deea10660922da395b24cd146d6439e4bf68dd87

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Dec 2015 20:31:56 GMT
server: Microsoft-IIS/10.0
etag: 3004d70d419548158a330d3b769fe310
x-frame-options: DENY
content-type: image/gif
content-disposition: inline; filename="gozi-76service-2.gif"
cache-control: public, max-age=272503
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 22984
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 18:01:45 GMT

GET
H2 200 112cf759-b07b-4df7-b9c1-b87dc63309fb.js Show response
cdn.cookielaw.org/langswitch/ 1 KB
1 KB 18ms
17ms Script
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/langswitch/112cf759-b07b-4df7-b9c1-b87dc63309fb.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5ca0ad73064122932dddb8b1a95ce78abd25cb76569bbb0c7381356bee1dd0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 27 Nov 2020 14:20:02 GMT
content-encoding: GZIP
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: F0Pi2/A0fvAQwKAiuhBzzA==
age: 788
vary: Accept-Encoding
content-length: 669
cf-request-id: 06abac586600002b16b50c6000000001
x-ms-lease-status: unlocked
last-modified: Wed, 09 Sep 2020 14:49:43 GMT
server: cloudflare
etag: 0x8D854CF96E38D97
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 7046fbaf-701e-0034-6ecf-b4774e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5f8c7cd3dc492b16-FRA

GET
H2 200 SEC03076_Secureworks-Connect_Website%20Graphics_375x410.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0045_secureworks-connect/ 67 KB
69 KB 47ms
41ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0045_secureworks-connect/SEC03076_Secureworks-Connect_Website%20Graphics_375x410.ashx?modified=20201118134911

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

43991406cc5a93d80ff7272bad5ca72c967331003e979d7d3c243fe61e3f98c1

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 18 Nov 2020 13:49:11 GMT
server: Microsoft-IIS/10.0
etag: 31c16c81da2a466fa1dfb2690ee304d2
x-frame-options: DENY
content-type: image/jpeg
content-disposition: inline; filename="SEC03076_Secureworks-Connect_Website Graphics_375x410.jpg"
cache-control: public, max-age=375573
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 68925
x-content-type-options: nosniff
expires: Tue, 01 Dec 2020 22:39:35 GMT

GET
H2 200 human_0006_man-laptop_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2018/Human/human_man_laptop/ 64 KB
65 KB 38ms
33ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2018/Human/human_man_laptop/human_0006_man-laptop_360x190.ashx?modified=20180613214800

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

095da0c5c45a7ee44ee3fcb10c8467e89bd21dec339c6be6ca30ea55fdd3ccc7

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 13 Jun 2018 21:48:00 GMT
server: Microsoft-IIS/10.0
etag: e5ac6f5804a7475b8fdbfcfa22c8be33
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=248243
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="human_0006_man-laptop_360x190.jpg"
accept-ranges: bytes
content-length: 65701
x-content-type-options: nosniff
expires: Mon, 30 Nov 2020 11:17:25 GMT

GET
H2 200 red-carbon_375x410.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2019/abstract_0007_red-carbon/ 44 KB
45 KB 40ms
35ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2019/abstract_0007_red-carbon/red-carbon_375x410.ashx?modified=20190731190257

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

fa9e263370d6f1a0e0608f6fa0c2fd083eba7d1f3d2c4a7ef0c70b0f798b6cfe

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 31 Jul 2019 19:02:57 GMT
server: Microsoft-IIS/10.0
etag: b1c8c5b624c740a9a8af95004c106f4e
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=169813
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="red-carbon_375x410.jpg"
accept-ranges: bytes
content-length: 44904
x-content-type-options: nosniff
expires: Sun, 29 Nov 2020 13:30:15 GMT

GET
H2 200 computer2men_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2D/058%20computer%202%20men/ 48 KB
49 KB 41ms
36ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2D/058%20computer%202%20men/computer2men_360x190.ashx?modified=20180129192040

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e7df1ea5872ea78df36575269bdf6a9dbc01297df168346deab966cc81dbfc80

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 29 Jan 2018 19:20:40 GMT
server: Microsoft-IIS/10.0
etag: e4f5101d51724748b305367fe810d964
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=354526
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="computer2men_360x190.jpg"
accept-ranges: bytes
content-length: 48674
x-content-type-options: nosniff
expires: Tue, 01 Dec 2020 16:48:48 GMT

GET
H2 200 abstract_0021_green_motion-blur-lines_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0021_motion-blur-lines/green_motion-blur-lines/ 28 KB
29 KB 50ms
45ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0021_motion-blur-lines/green_motion-blur-lines/abstract_0021_green_motion-blur-lines_360x190.ashx?modified=20200121200711

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ee5e51d9fa072231ae3f967006451eeb76d6f14b536f31f25519c316fb9526b0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 21 Jan 2020 20:07:11 GMT
server: Microsoft-IIS/10.0
etag: 089c6a1c6ebf4a94861d199c6ea7f7e3
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=360551
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="abstract_0021_green_motion-blur-lines_360x190.jpg"
accept-ranges: bytes
content-length: 28519
x-content-type-options: nosniff
expires: Tue, 01 Dec 2020 18:29:13 GMT

GET
H2 200 things_0023_mri_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Things/023%20MRI/ 27 KB
28 KB 58ms
53ms Image
image/jpeg 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Things/023%20MRI/things_0023_mri_360x190.ashx?modified=20151112154001

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

99219f60d8b1d07ecd4e6b28fe4d3bfdf1407d5038175eb9e2c01c1788a0fba9

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 12 Nov 2015 15:40:01 GMT
server: Microsoft-IIS/10.0
etag: b5fcf558fde247c4a8b191d55929d200
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=519298
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="things_0023_mri_360x190.jpg"
accept-ranges: bytes
content-length: 27155
x-content-type-options: nosniff
expires: Thu, 03 Dec 2020 14:35:00 GMT

GET
H2 200 linkedin.ashx
pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/ 966 B
2 KB 46ms
42ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/linkedin.ashx?modified=20151001162233

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 01 Oct 2015 16:22:33 GMT
server: Microsoft-IIS/10.0
etag: 0381e34e4c5a42c49da29271c74c47a6
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, max-age=345368
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="linkedin.svg"
accept-ranges: bytes
content-length: 966
x-content-type-options: nosniff
expires: Tue, 01 Dec 2020 14:16:10 GMT

GET
H2 200 twitter.ashx
pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/ 1 KB
2 KB 46ms
42ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/twitter.ashx?modified=20151001162249

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 01 Oct 2015 16:22:49 GMT
server: Microsoft-IIS/10.0
etag: ec6990570ccd41139b7ce0f297010c73
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, max-age=147507
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="twitter.svg"
accept-ranges: bytes
content-length: 1339
x-content-type-options: nosniff
expires: Sun, 29 Nov 2020 07:18:29 GMT

GET
H2 200 facebook2.ashx
pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/ 587 B
2 KB 46ms
42ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/facebook2.ashx?modified=20190116141121

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Jan 2019 14:11:21 GMT
server: Microsoft-IIS/10.0
etag: 83a284c3f8dc4e0695cacbc73ba98d2f
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, max-age=117323
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="facebook2.svg"
accept-ranges: bytes
content-length: 587
x-content-type-options: nosniff
expires: Sat, 28 Nov 2020 22:55:25 GMT

GET
H2 200 github.ashx
pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/ 1 KB
2 KB 47ms
43ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/github.ashx?modified=20190116135435

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Jan 2019 13:54:35 GMT
server: Microsoft-IIS/10.0
etag: 1b7369e537844d1a9514570987ea7777
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, max-age=349726
date: Fri, 27 Nov 2020 14:20:02 GMT
content-disposition: inline; filename="github.svg"
accept-ranges: bytes
content-length: 1129
x-content-type-options: nosniff
expires: Tue, 01 Dec 2020 15:28:48 GMT

GET
H2 200 dell-technologies.png
pcdnscwx001.azureedge.net/content/app/img/ 2 KB
4 KB 48ms
45ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/content/app/img/dell-technologies.png

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: image/png
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 2543
x-content-type-options: nosniff

GET
H2 200 libs.min.js Show response
pcdnscwx001.azureedge.net/content/app/js/ 156 KB
42 KB 22ms
19ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/js/libs.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

58b410a2aaad21a9a4d3aebefc8f3a8b5020b07cb9859d3873c8e7fd8dc74c90

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Nov 2020 21:32:18 GMT
server: Microsoft-IIS/10.0
etag: "0dd7ff8f1b2d61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 42076
x-content-type-options: nosniff

GET
H2 200 main.js Show response
pcdnscwx001.azureedge.net/content/app/js/ 170 KB
46 KB 25ms
22ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/js/main.js?v=11052020-3

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7bbd6dd03dfa8a6f93a70fb3e418978e6dd7a0947fd33261c1eda16aa2d1ef8e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Nov 2020 12:53:54 GMT
server: Microsoft-IIS/10.0
etag: "64dbab772b3d61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 45610
x-content-type-options: nosniff

GET
H2 200 products.js Show response
pcdnscwx001.azureedge.net/content/rc/js/ 130 KB
29 KB 28ms
25ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/rc/js/products.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

81c7050fb96f1d247ebe514a61d8a6c2544b986a7d06afb27dcd36f3e5a3843f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 14 Jul 2020 19:46:24 GMT
server: Microsoft-IIS/10.0
etag: "0a88a74175ad61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 28572
x-content-type-options: nosniff

GET
H2 200 scripts Show response
live-scwx-pe.pantheonsite.io/wp-json/pdg/v1/ 44 KB
14 KB 48ms
8ms Script
text/javascript 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://live-scwx-pe.pantheonsite.io/wp-json/pdg/v1/scripts

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2133bc8f2141e52b23e6fc17eea05a9b2314f136b9732e4cecd4583f903d948e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-styx-req-id: fdf33616-30b9-11eb-953e-e240e6a6a9f9
age: 708
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-cache: HIT, HIT
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe2-a-86b67549cd-k2khn
content-length: 14159
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17330-MDW, cache-fra19140-FRA
pragma: cache
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server: nginx
x-timer: S1606486803.578616,VS0,VE2
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
expires: Fri, 27 Nov 2020 17:08:15 GMT
cache-control: max-age=10800
accept-ranges: bytes
x-robots-tag: noindex
link: <https://live-scwx-pe.pantheonsite.io/wp-json/>; rel="https://api.w.org/"
x-cache-hits: 2, 1

GET
H2 200 default.css
pcdnscwx001.azureedge.net/content/app/css/highlighter/ 1 KB
2 KB 29ms
27ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/css/highlighter/default.css

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 14 Oct 2020 18:33:09 GMT
server: Microsoft-IIS/10.0
etag: "ea83b7758a2d61:0"
x-frame-options: DENY
content-type: text/css
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 580
x-content-type-options: nosniff

GET
H2 200 highlight.pack.js Show response
pcdnscwx001.azureedge.net/content/app/js/libs/ 50 KB
21 KB 30ms
28ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/js/libs/highlight.pack.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Nov 2020 21:32:18 GMT
server: Microsoft-IIS/10.0
etag: "0dd7ff8f1b2d61:0"
x-frame-options: DENY
content-type: application/javascript
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 20267
x-content-type-options: nosniff

GET
H2 200 icomoon.ttf
pcdnscwx001.azureedge.net/content/app/fonts/icomoon-new/ 3 KB
4 KB 14ms
13ms Font
application/octet-stream 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/fonts/icomoon-new/icomoon.ttf?8und5p

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.secureworks.com
Referer: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: application/octet-stream
access-control-allow-origin: *
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 2904
x-content-type-options: nosniff

GET
H2 200 visuelt-black.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 34 KB
35 KB 8ms
7ms Font
font/x-woff 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-black.woff

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.secureworks.com
Referer: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: font/x-woff
access-control-allow-origin: *
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 35128
x-content-type-options: nosniff

GET
H2 200 visuelt-bold.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 35 KB
37 KB 9ms
9ms Font
font/x-woff 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-bold.woff

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

acc248ead4890c65f3e2792cfe555e4d98c961f4b564bc4a77e86270dd3051f7

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.secureworks.com
Referer: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: font/x-woff
access-control-allow-origin: *
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 36300
x-content-type-options: nosniff

GET
H2 200 icomoon.ttf
pcdnscwx001.azureedge.net/content/app/fonts/icomoon/ 3 KB
4 KB 10ms
10ms Font
application/octet-stream 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/fonts/icomoon/icomoon.ttf?3dz4z

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.secureworks.com
Referer: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: application/octet-stream
access-control-allow-origin: *
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 2736
x-content-type-options: nosniff

GET
H2 200 arrow.svg
pcdnscwx001.azureedge.net/content/app/img/svg/ 2 KB
3 KB 7ms
7ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx001.azureedge.net/content/app/img/svg/arrow.svg

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: image/svg+xml
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 2359
x-content-type-options: nosniff

GET
H2 200 visuelt-regular.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 34 KB
35 KB 7ms
7ms Font
font/x-woff 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-regular.woff

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.secureworks.com
Referer: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=11052020-1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 15 Jun 2020 08:15:26 GMT
server: Microsoft-IIS/10.0
etag: "023ab1fed42d61:0"
x-frame-options: DENY
content-type: font/x-woff
access-control-allow-origin: *
date: Fri, 27 Nov 2020 14:20:02 GMT
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 34560
x-content-type-options: nosniff

GET
H/1.1 200
OK elqCfg.min.js Show response
img.en25.com/i/ 6 KB
3 KB 139ms
46ms Script
application/x-javascript 2.20.174.197
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img.en25.com/i/elqCfg.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.20.174.197 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-20-174-197.deploy.static.akamaitechnologies.com

Software

Resource Hash

6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection: keep-alive
Content-Length: 2115
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 16 Oct 2020 14:38:37 GMT
Date: Fri, 27 Nov 2020 14:20:02 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store
ETag: "ee5a418caa3d61:0"
Accept-Ranges: bytes
Expires: Fri, 27 Nov 2020 14:20:02 GMT

GET
H2 200 6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js Show response
cdn.cookielaw.org/consent/ 70 KB
17 KB 11ms
11ms Script
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/112cf759-b07b-4df7-b9c1-b87dc63309fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e3029651acd5396424095ee660fd7af6a3a957b15da16171be2fc346f92a25c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 27 Nov 2020 14:20:02 GMT
content-encoding: GZIP
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 7RsK3jQTdd5GbbFUBCnn3Q==
age: 788
vary: Accept-Encoding
content-length: 17456
cf-request-id: 06abac594b00002b167f0c9000000001
x-ms-lease-status: unlocked
last-modified: Wed, 09 Sep 2020 14:49:49 GMT
server: cloudflare
etag: 0x8D854CF9A1EDB8D
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 184fee44-801e-00ed-5a97-b1d162000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5f8c7cd548a22b16-FRA

GET
H2 200 track_event Show response
live-scwx-pe.pantheonsite.io/wp-json/pdg/v1/ 2 B
566 B 377ms
365ms XHR
application/json 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://live-scwx-pe.pantheonsite.io/wp-json/pdg/v1/track_event?url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi

Requested by

Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/js/jquery-3.3.1.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-styx-req-id: a3b69bf9-30bb-11eb-b81a-36f1e05633be
age: 0
x-cache: MISS, MISS
x-cache-hits: 0, 0
strict-transport-security: max-age=300
content-length: 22
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17361-MDW, cache-fra19144-FRA
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server: nginx
x-timer: S1606486803.804381,VS0,VE359
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
accept-ranges: bytes
x-robots-tag: noindex
link: <https://live-scwx-pe.pantheonsite.io/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname: styx-fe2-b-787ccf59d-hcbtt

GET
H/1.1

200
OK

svrGP.aspx
s1659.t.eloqua.com/visitor/v200/
Redirect Chain

https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled
https://s1659.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&elqCookie=1

49 B
388 B

203ms
203ms

Image
image/gif

209.167.231.17
NETDYNAMICS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1659.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&elqCookie=1

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

209.167.231.17 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

e017.en25.com

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Fri, 27 Nov 2020 14:20:03 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Type: image/gif
Content-Length: 49
X-XSS-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Fri, 27 Nov 2020 14:20:03 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Location: https://s1659.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&elqCookie=1
Cache-Control: private,no-store
Content-Type: text/html; charset=utf-8
Content-Length: 264
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1

200
OK

svrGP.aspx
web.secureworks.com/visitor/v200/
Redirect Chain

https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&firstPartyCookieDomain=web.secureworks.com
https://web.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&elq1pcGUID=FE4A6DE4C7B5427C8B6E3BB5A3869291

49 B
525 B

892ms
329ms

Image
image/gif

142.0.173.134
NETDYNAMICS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&elq1pcGUID=FE4A6DE4C7B5427C8B6E3BB5A3869291

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.173.134 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Fri, 27 Nov 2020 14:20:04 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: private,no-store
Content-Type: image/gif
Content-Length: 49
X-XSS-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Fri, 27 Nov 2020 14:20:02 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Location: https://web.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=327&optin=disabled&elq1pcGUID=FE4A6DE4C7B5427C8B6E3BB5A3869291
Cache-Control: no-store
Content-Type: text/html; charset=utf-8
Content-Length: 297
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H2 200 optanon.css
cdn.cookielaw.org/skins/6.5.0/default_flat_top_two_button_black/v2/css/ 23 KB
6 KB 27ms
26ms Stylesheet
text/css 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/skins/6.5.0/default_flat_top_two_button_black/v2/css/optanon.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 27 Nov 2020 14:20:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: FYelWtAijHiKzOk3w5ur4Q==
age: 7153
vary: Accept-Encoding
content-length: 5551
cf-request-id: 06abac5b8600002b16ba118000000001
x-ms-lease-status: unlocked
last-modified: Thu, 27 Aug 2020 03:43:13 GMT
server: cloudflare
etag: 0x8D84A3B536C442F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: ab87d8a3-d01e-011f-5665-b645a3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5f8c7cd8db9c2b16-FRA

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 31ms
11ms Script
application/javascript 2001:4de0:ac19::1:b:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Origin: https://www.secureworks.com
Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:03 GMT
content-encoding: gzip
last-modified: Sat, 20 Jan 2018 17:26:44 GMT
server: nginx
etag: W/"5a637bd4-1538f"
vary: Accept-Encoding
x-hw: 1606486803.dop109.fr8.t,1606486803.cds236.fr8.hn,1606486803.cds057.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 200 nr-1184.min.js Show response
js-agent.newrelic.com/ 27 KB
11 KB 76ms
25ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1184.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:04 GMT
content-encoding: gzip
x-amz-request-id: A21809B1C987C063
x-cache: HIT
content-length: 10624
x-amz-id-2: 5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4=
x-served-by: cache-hhn4020-HHN
last-modified: Mon, 28 Sep 2020 16:34:45 GMT
server: AmazonS3
x-timer: S1606486805.967631,VS0,VE0
etag: "3d7f312be60d08a2568e311e4762f3af"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 29991

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 1813
date: Fri, 27 Nov 2020 13:49:51 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 27 Nov 2020 15:49:51 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 27 KB
8 KB 31ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:04 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: 44054B11F2A74090B4852B4693022E1E Ref B: FRAEDGE1418 Ref C: 2020-11-27T14:20:04Z
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
12 KB 92ms
35ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

3ed9a1f341d738aa72dd6bfed40dc7c0490c47964c94f528a7c3c83c9fc60dc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11766
x-xss-protection: 0
server: cafe
etag: 17525612010000590567
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 27 Nov 2020 14:20:05 GMT

GET
H2 200 6279.js Show response
script.crazyegg.com/pages/scripts/0097/ 3 KB
2 KB 31ms
14ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0097/6279.js?446246
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ba257ebacb02fb63c4143bd8500d938781ceed14dc1366cf471e8b2c99ebe39

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:04 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 536
cf-polished: origSize=2833
ce-version: 11.1.156
cf-request-id: 06abac61e8000005cc5aa22000000001
last-modified: Fri, 27 Nov 2020 14:11:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
cf-ray: 5f8c7ce30eda05cc-FRA
cf-bgj: minify

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 15 KB
7 KB 113ms
37ms Script
application/javascript 92.123.6.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.6.139 , France, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-6-139.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 22:09:24 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5f6d1914-3a6c"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 6116

GET
H2 200 cd4e45c0.min.js Show response
tag.demandbase.com/ 62 KB
17 KB 126ms
26ms Script
application/javascript 13.224.93.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/cd4e45c0.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b63a29874562edf5bede71bb6d62278853b20b1255ebf260143ba3216bb78a6

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: rKaP34enDnCW7rx0GuaQrce3N9GpEPik
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 14:13:49 GMT
server: AmazonS3
age: 3269
etag: "521d1f8a42ad328412273bba3a5d81c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 376bac901e689131d2a41914df1245d9.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Fri, 27 Nov 2020 13:25:37 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: S2iOGAQCEc2LRGjsaZ49oZ0fUXLuXf8eEL7kPdmkMx3oyY2G5N5upQ==

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 98ms
27ms Script
text/javascript 163.171.132.119
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:05 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 460
X-Ws-Request-Id: 5fc10b15_PSdgflkfFRA2sg7_64731-60360
Content-Type: text/javascript
Via: 1.1 VMmgasbIAD1am50:2 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control: max-age=600
X-Cache-Spec: Yes
X-Px: ht PSdgflkfFRA2gb73FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Fri, 27 Nov 2020 14:22:25 GMT

GET
H2 200 2mnfp3myy8iz.js Show response
js.driftt.com/include/1606487100000/ 138 KB
45 KB 206ms
157ms Script
application/javascript 13.224.93.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1606487100000/2mnfp3myy8iz.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.109 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-93-109.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

14f1f92d97f73a7f1323367d937a9df8641153e9662af9fdfe68224718f49ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:05 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 23 Nov 2020 14:49:17 GMT
server: nginx
etag: W/"c579b10a2283ddaf9327821e44e8ea44"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
cache-control: max-age=10
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ibT_7h6IbBn5fgZnnnoiMVCYa8AX2EUF3XsIefsEXm5BpdkdXD5DKw==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 18ms
18ms Script
application/x-javascript 2a02:26f0:10c:58e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/gozi
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=29366
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.secureworks.com&pId=1063162976943556757

4 B
485 B

423ms
345ms

Image
image/jpeg

13.226.159.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.secureworks.com&pId=1063162976943556757
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-67.dus51.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:05 GMT
Via: 1.1 3395b043e03ecb4acfd925a6e5a26e92.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUS51-C1
x-amzn-RequestId: 348bb444-1746-4983-bdfe-fa9388bfb9dc
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-5fc10b15-492a00b02a3e7c533f26d0fc;Sampled=0
Connection: keep-alive
x-amz-apigw-id: Wq6rZFprIAMFR2A=
Content-Length: 4
X-Amz-Cf-Id: 5hveocxw9VKctm1gpo5DV_WY5-zqMF3uATkqdbHt8sIzXIaFOG1aXw==

Redirect headers

Pragma: no-cache
Date: Fri, 27 Nov 2020 14:20:05 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.240:80
AN-X-Request-Uuid: 8bcd2a2e-6ff1-45f4-87b2-d35b6eb87898
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=www.secureworks.com&pId=1063162976943556757
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
91 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1042506-1&cid=337369892.1606486805&jid=217658377&gjid=271858825&_gid=1356555824.1606486805&_u=YGBAgEABAAAAAE~&z=361405458

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 27 Nov 2020 14:20:04 GMT
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
69 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1281488-1&cid=337369892.1606486805&jid=1939681147&gjid=939657760&_gid=1356555824.1606486805&_u=YGDAiEABBAAAAE~&z=1864155720

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 27 Nov 2020 14:20:04 GMT
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
384 B 34ms
20ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 05:13:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32825
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
58 B 35ms
21ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1481606712&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&ul=en-us&de=UTF-8&dt=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAiEABBAAAAE~&jid=1939681147&gjid=939657760&cid=337369892.1606486805&tid=UA-1281488-1&_gid=1356555824.1606486805&gtm=2wgb41P6Z7M2&cd1=non-company%20visitor&cd2=non-company%20visitor&cd3=non-company%20visitor&cd4=non-company%20visitor&cd5=non-company%20visitor&cd6=non-company%20visitor&cd7=non-company%20visitor&cd8=non-company%20visitor&cd9=non-company%20visitor&cd10=non-company%20visitor&cd11=non-company%20visitor&cd12=non-company%20visitor&cd13=non-company%20visitor&cd14=non-company%20visitor&cd15=non-company%20visitor&cd16=non-company%20visitor&z=385537841

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 05:13:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32825
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:10c:58e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=29402
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1799

GET
H2 204 0
bat.bing.com/action/ 0
93 B 28ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=56073499&Ver=2&mid=03a3c376-f129-4c26-b10b-2fb3d648648d&sid=a4fa23f030bb11ebb744c3e5907eaa40&vid=a4fa4df030bb11eba22b3d232ac74470&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&kw=Gozi%20Trojan&p=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&r=&lt=3864&evt=pageLoad&msclkid=N&sv=1&rn=386659
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 27 Nov 2020 14:20:04 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 00439F78E945451ABA2F1F549AAB7B9A Ref B: FRAEDGE1418 Ref C: 2020-11-27T14:20:04Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 34ms
32ms Image
image/gif 2a00:1450:4001:81a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1042506-1&cid=337369892.1606486805&jid=217658377&_u=YGBAgEABAAAAAE~&z=1539530684

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:20:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 33ms
32ms Image
image/gif 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1042506-1&cid=337369892.1606486805&jid=217658377&_u=YGBAgEABAAAAAE~&z=1539530684

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:20:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK a198656738 Show response
bam.nr-data.net/1/ 57 B
275 B 546ms
135ms Script
text/javascript 162.247.242.21
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/a198656738?a=380774640&v=1184.ab39b52&to=bwBXMEpSWEpRUUcIDlZKeDJ7HGVQRFdQDhNdJloKTEFZVVxXQU4oVgFQHA%3D%3D&rst=3919&ck=1&ref=https://www.secureworks.com/research/gozi&ap=245&be=1286&fe=3832&dc=1676&perf=%7B%22timing%22:%7B%22of%22:1606486801070,%22n%22:0,%22f%22:825,%22dn%22:825,%22dne%22:825,%22c%22:825,%22ce%22:825,%22rq%22:825,%22rp%22:1273,%22rpe%22:1445,%22dl%22:1278,%22di%22:1676,%22ds%22:1676,%22de%22:1687,%22dc%22:3831,%22l%22:3831,%22le%22:3864%7D,%22navigation%22:%7B%7D%7D&fp=1430&fcp=1430&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.21 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-9.nr-data.net
Software: /
Resource Hash: d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

GET
H2 200 6279.json Show response
script.crazyegg.com/pages/data-scripts/0097/ 12 KB
2 KB 32ms
18ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6279.json?t=5354956
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6279.js?446246
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de9f120af8ee8afed898d9a0fe2bab72ddb24d56574153e3a6a5653403179555

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:05 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 536
ce-version: 11.1.156
content-length: 1841
cf-request-id: 06abac620d00002c4e8aa83000000001
last-modified: Fri, 27 Nov 2020 14:11:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
cf-ray: 5f8c7ce34c2a2c4e-FRA

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1606486804991&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2386324%26time%3D1606486804991%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1606486804991&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&liSync=true

0
42 B

177ms
176ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1606486804991&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:05 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server: Play
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: 4HzR7DxjSxaAVfHj3yoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action: 1
content-length: 0
x-li-uuid: +nAZ5jxjSxZA/KQJ/SoAAA==
pragma: no-cache
x-li-pop: afd-prod-lor1
x-msedge-ref: Ref A: 5C93767F4B124886A7D3FF3FB5CFF8EA Ref B: FRAEDGE0717 Ref C: 2020-11-27T14:20:05Z
x-frame-options: sameorigin
date: Fri, 27 Nov 2020 14:20:04 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1606486804991&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 11.1.156.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 98 KB
32 KB 19ms
18ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.156.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6279.js?446246
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c296926f0373bc2a7adca2ac63a50ce44726c012e2d888cba37339313b9cde8

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:05 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 24 Nov 2020 16:53:53 GMT
server: cloudflare
age: 246008
cf-polished: origSize=104478
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
cf-ray: 5f8c7ce36fec05cc-FRA
cf-request-id: 06abac6225000005cc659fc000000001
cf-bgj: minify

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/?random=1606486805054&cv=9&fst=1606486805054&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&tiba=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d79e03ae9ba6f2c15d8d6376af019715406adf5258944c4a27d31ab83226092e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1036
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
450 B 497ms
123ms Image
image/gif 206.19.49.24
ATT-CERFNET-BLOCK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=17588164&version=2.0&ref=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&r=1606486805058
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:05 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=40
Content-Length: 43

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
375 B 123ms
39ms XHR
text/plain 92.123.6.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.6.139 , France, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-6-139.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5622f97d9af2f67f4a7d88715e99eb39cbea84719bedb47f30a855d85925b59e

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:05 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.secureworks.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
711 B 87ms
30ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 27 Nov 2020 14:20:05 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.229:80
AN-X-Request-Uuid: 9c0e394d-e9be-4198-b37e-57835f8370b5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.secureworks.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/648366107/ 42 B
317 B 21ms
20ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/648366107/?random=1606486805054&cv=9&fst=1606485600000&num=1&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&tiba=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=3462499388&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:20:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/648366107/ 42 B
530 B 50ms
36ms Image
image/gif 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/648366107/?random=1606486805054&cv=9&fst=1606485600000&num=1&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&tiba=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=3462499388&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:20:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 429 B
939 B 122ms
78ms XHR
application/json 13.224.93.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&page_title=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&src=tag&key=bd6faef5461d3df6bcbccb67a2eb484c
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/cd4e45c0.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-30.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: c23ebf2c0ec8e37a6a0a179720c9763bf4e1f0ed993fe7d0ad41d4d9774fe957

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 14:20:05 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
request-id: 59488a02-d001-4559-b3c5-976a10f8b214
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.secureworks.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oxbX1bMRTMJwnd-vbba3o_iW1a6FUvXFwgmcryn0DyosOdKct1Jw3A==
expires: Thu, 26 Nov 2020 14:20:05 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AADqDk6_ghYAABC10EPyAQ
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADqDk6_ghYAABC10EPyAQ&verifyHash=f9fcd4236db2080f382dcaa493c2daeed2243668

26 B
409 B

111ms
111ms

Image
image/gif

13.224.93.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADqDk6_ghYAABC10EPyAQ&verifyHash=f9fcd4236db2080f382dcaa493c2daeed2243668
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-30.zrh50.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:05 GMT
Via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH50-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: ee1986ceb06b97c5
X-Amz-Cf-Id: 382g8fsKgvecoXrZFOF4ZN1hp8xDak9K35_PAz03i69auMyMh_P_Jw==

Redirect headers

Date: Fri, 27 Nov 2020 14:20:05 GMT
Via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH50-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AADqDk6_ghYAABC10EPyAQ&verifyHash=f9fcd4236db2080f382dcaa493c2daeed2243668
Connection: keep-alive
trace-id: a8aa4d5e75494f2a
Content-Length: 0
X-Amz-Cf-Id: 42t_sWRgADsv2scN9A6aavrNaoEMtYNL-72BzGKn90EE-REF3x4E7g==

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 328ms
248ms Image
image/gif 92.123.6.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=&visitor=fb18cef4-5751-4325-819b-069340f6a3b2&session=9722c5dc-b8be-4c31-87b7-f7d8f6aa9a91&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20the%20Gozi%20Trojan%2C%20the%20SecureWorks%20full%20investigation%2C%20including%20how%20it%20was%20discovered%2C%20identified%2C%20and%20countered.%22%2C%22keywords%22%3A%22Gozi%20Trojan%22%2C%22title%22%3A%22Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks%22%7D&cb=86805157&r=&thirdParty=%7B%7D&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.6.139 , France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-6-139.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 27 Nov 2020 14:20:05 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 19:02:58 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502962-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 index.html
js.driftt.com/deploy/assets/ Frame 02DA 0
0 28ms
28ms Document
text/html 13.224.93.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/index.html

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1606487100000/2mnfp3myy8iz.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.109 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-93-109.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /deploy/assets/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.secureworks.com/research/gozi
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.secureworks.com/research/gozi

Response headers

content-type: text/html; charset=utf-8
content-length: 894
server: nginx
last-modified: Mon, 23 Nov 2020 14:49:17 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 27 Nov 2020 14:20:05 GMT
etag: "e19740f9b91aa76438e308744191a77e"
cache-control: max-age=10
x-cache: Hit from cloudfront
via: 1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: p9FQi3iCwqPn9FzWNguxWs5lml-S-IbuNWXP_vi3VDtWFOsaliIEDw==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1042506-1&cid=337369892.1606486805&jid=1781959517&gjid=1342750696&_gid=1356555824.1606486805&_u=aHDAiEABBAAAAE~&z=345721181

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 27 Nov 2020 14:20:08 GMT
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
154 B 6ms
5ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1481606712&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&ul=en-us&de=UTF-8&dt=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%202123567&_u=aHDAiEABBAAAAE~&jid=1781959517&gjid=1342750696&cid=337369892.1606486805&tid=UA-1042506-1&_gid=1356555824.1606486805&gtm=2wgb41P6Z7M2&z=687278877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 13:17:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3739
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 6ms
6ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1481606712&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&ul=en-us&de=UTF-8&dt=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Message%20Received&el=Playbook%20ID%3A%202123567&_u=aHDAiEABBAAAAE~&jid=&gjid=&cid=337369892.1606486805&tid=UA-1042506-1&_gid=1356555824.1606486805&gtm=2wgb41P6Z7M2&z=872351021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 13:17:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3739
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 32ms
31ms Image
image/gif 2a00:1450:4001:81a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1042506-1&cid=337369892.1606486805&jid=1781959517&_u=aHDAiEABBAAAAE~&z=915631844

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:20:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 30ms
30ms Image
image/gif 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1042506-1&cid=337369892.1606486805&jid=1781959517&_u=aHDAiEABBAAAAE~&z=915631844

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 14:20:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 6ms
6ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1481606712&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fgozi&ul=en-us&de=UTF-8&dt=Gozi%20Trojan%20Threat%20Analysis%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Message%20Received&el=Playbook%20ID%3A%202123567&_u=aHDAiEABBAAAAE~&jid=&gjid=&cid=337369892.1606486805&tid=UA-1042506-1&_gid=1356555824.1606486805&gtm=2wgb41P6Z7M2&z=2075396520

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Nov 2020 05:13:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32828
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK a198656738 Show response
bam.nr-data.net/events/1/ 24 B
186 B 135ms
134ms XHR
image/gif 162.247.242.21
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/a198656738?a=380774640&v=1184.ab39b52&to=bwBXMEpSWEpRUUcIDlZKeDJ7HGVQRFdQDhNdJloKTEFZVVxXQU4oVgFQHA%3D%3D&rst=13919&ck=1&ref=https://www.secureworks.com/research/gozi
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.21 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-9.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.secureworks.com/research/gozi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.secureworks.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

133 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	X-Frame-Options: DENY DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.company-target.com
apt.techtarget.com
attr.ml-api.io
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
cdn.cookielaw.org
code.jquery.com
googleads.g.doubleclick.net
img.en25.com
j.6sc.co
js-agent.newrelic.com
js.driftt.com
live-scwx-pe.pantheonsite.io
match.prod.bidr.io
pcdnscwx001.azureedge.net
px.ads.linkedin.com
s.ml-attr.com
s1659.t.eloqua.com
script.crazyegg.com
secure.adnxs.com
segments.company-target.com
snap.licdn.com
stats.g.doubleclick.net
tag.demandbase.com
trk.techtarget.com
web.secureworks.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.secureworks.com
13.224.93.109
13.224.93.30
13.224.93.80
13.226.159.67
142.0.173.134
151.101.114.110
162.247.242.21
163.171.132.119
2.20.174.197
2001:4de0:ac19::1:b:3a
206.19.49.24
209.167.231.17
216.58.212.162
23.100.35.118
2606:4700::6810:9540
2606:4700::6813:9308
2620:12a:8000::2
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::2004
2a00:1450:4001:806::2008
2a00:1450:4001:815::2002
2a00:1450:4001:81a::2004
2a00:1450:4001:820::2003
2a00:1450:4001:824::200e
2a00:1450:400c:c0c::9a
2a02:26f0:10c:58e::25ea
2a02:26f0:1700:d::1737:6ea4
2a05:f500:11:101::b93f:9005
37.252.172.250
52.31.242.159
68.67.153.60
92.123.6.139
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
082f552d6e044d9776e0e549b955b2e2fd5346fd82481116c9a4f7eb1f925bbf
095da0c5c45a7ee44ee3fcb10c8467e89bd21dec339c6be6ca30ea55fdd3ccc7
09a3af3599c0b97138ca73e38908f5c32970ee041ab8dc6e17bcf59c2726bc60
0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e
0ba257ebacb02fb63c4143bd8500d938781ceed14dc1366cf471e8b2c99ebe39
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0ef96fd1ea5e530eb77f991b40c088ca9398b09c4345747fe49efbc4b9ddc095
11b8cb90c14ea180dae7d0c0a9c47e98b4c7a7a408ef867ef8c64c846612519c
11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae
14f1f92d97f73a7f1323367d937a9df8641153e9662af9fdfe68224718f49ae4
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313
1b63a29874562edf5bede71bb6d62278853b20b1255ebf260143ba3216bb78a6
2133bc8f2141e52b23e6fc17eea05a9b2314f136b9732e4cecd4583f903d948e
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
322bb4b255f663dbaf92ea361b9db38eb5a1b35500529f15d5c09b2dc5254147
36223284849182d5db0dbd81deea10660922da395b24cd146d6439e4bf68dd87
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3b8f7c924f365b4249ece10659736578e8d1e5a8ddc5c520c102b6b8fdc84ac6
3ed9a1f341d738aa72dd6bfed40dc7c0490c47964c94f528a7c3c83c9fc60dc1
3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5
42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2
43991406cc5a93d80ff7272bad5ca72c967331003e979d7d3c243fe61e3f98c1
4c296926f0373bc2a7adca2ac63a50ce44726c012e2d888cba37339313b9cde8
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
4e220a9dd3fd44ffbda2af63dac7613e29d5266f32adad83c309f032b90ac656
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46
52c48cad14d20cd2955f2ba301dcdc8ce0ac8e52385600ad691ae4356ed138bc
53392cde4a875777ceb0256d64031c5abaf2fdd0bb21f3aa905c87f85514b91d
5622f97d9af2f67f4a7d88715e99eb39cbea84719bedb47f30a855d85925b59e
58b410a2aaad21a9a4d3aebefc8f3a8b5020b07cb9859d3873c8e7fd8dc74c90
5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad
5b618c640090de32a81c9f3cb188a0079215219be605ac2f3049198a13a984e8
5e3029651acd5396424095ee660fd7af6a3a957b15da16171be2fc346f92a25c
60d78ce2bbe13268fd961cde861b5c858726506f855c20afe528589bb22fb181
6977fbc057927802533b66343c7d51580a8c5989aa849a9cb61571b1a267c531
6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7676c6176c65a393eef7101a38bf18ec575eed9ce47963368911fcebeef712e5
779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
7bbd6dd03dfa8a6f93a70fb3e418978e6dd7a0947fd33261c1eda16aa2d1ef8e
81c7050fb96f1d247ebe514a61d8a6c2544b986a7d06afb27dcd36f3e5a3843f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8eee56767401db8d6ea185a39f7c4e374c215173d084f70c65aa666d05a49968
97407a0e155a4f783c0848c3515025b308ac6b4e1599f5936e73ad62a236c394
99219f60d8b1d07ecd4e6b28fe4d3bfdf1407d5038175eb9e2c01c1788a0fba9
99349d6261b1df0deaa347406ebd15a8d8d9c8cedd0ab077533a15e1366b08ea
a13b8d523b5f87d18f1221e435f0e6d4fbbed9a5c9c2310f3cce82ae33b76d9f
a43eff93b5a1e60bde786637542fac49f83d0550f5b0645a43bc88a5f524edad
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
acc248ead4890c65f3e2792cfe555e4d98c961f4b564bc4a77e86270dd3051f7
b5ecd7807e3023d657d18fbe832848e8e65843843ebd748f7225e314b17d5221
b9923c974991754822d3e577d432a31a2101956828b2d6fc75b8d63edfb5a147
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
c1beaf32e702a53336a463c56bb185bbb54e8546f69dbc7ad737fbd522ea207e
c23ebf2c0ec8e37a6a0a179720c9763bf4e1f0ed993fe7d0ad41d4d9774fe957
c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0
c5ca0ad73064122932dddb8b1a95ce78abd25cb76569bbb0c7381356bee1dd0e
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56
cc1c0969844629b5443c7de89554e7400bd974daa3c08e058c6c79f349514c13
cc2f10208ba8d203c2394ea63ee4e71fd8baf8f56a03f87f2cdcffa2cf693c93
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d1ae3c158bad4fd2ee4b3b0075ab3a959cda40af45181ab7bd4965f1be4025bf
d79e03ae9ba6f2c15d8d6376af019715406adf5258944c4a27d31ab83226092e
da3785a5a50b484106bed0418e2f7afc436222f23d6478bd0924e9b11efab834
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd521f8f0cb2b38870c852086eff9c00365c88a82a7430a597bcebdd8a9c6569
de9f120af8ee8afed898d9a0fe2bab72ddb24d56574153e3a6a5653403179555
e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e7df1ea5872ea78df36575269bdf6a9dbc01297df168346deab966cc81dbfc80
ee5e51d9fa072231ae3f967006451eeb76d6f14b536f31f25519c316fb9526b0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f799a8eba0ec634f20425e1cf5e0667481588db8c4eb1f0e3bb335551062451d
f89c119fabe1871a56c78b03c4c42c88190920f97d68c5d0d19deac0fa7470ff
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
fa9e263370d6f1a0e0608f6fa0c2fd083eba7d1f3d2c4a7ef0c70b0f798b6cfe
fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f
ff0f66b941bb3bb90768d737dc9d1132bd07890f1978a3a4019dfffcad80366f

www.secureworks.com Open in urlscan Pro 23.100.35.118 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

110 Requests

100 %HTTPS

48 %IPv6

28 Domains

35 Subdomains

30 IPs

7 Countries

1585 kBTransfer

3195 kBSize

0 Cookies

19 Outgoing links

Page URL History

Redirected requests

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.secureworks.com Open in urlscan Pro
23.100.35.118 Public Scan

Screenshot
Live screenshot

Full Image

110
Requests

100 %
HTTPS

48 %
IPv6

28
Domains

35
Subdomains

30
IPs

7
Countries

1585 kB
Transfer

3195 kB
Size

0
Cookies

110 HTTP transactions
0 data transactions