blog.cyble.com Open in urlscan Pro
192.0.78.183  Public Scan

35 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34

• https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js HTTP 302
• https://s.adroll.com/j/exp/index.js

Request Chain 103

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1687745470069%26url%3Dhttps%253A%252F%252Fblog.cyble.com%252F2023%252F06%252F23%252Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&cookiesTest=true&liSync=true&e_ipv6=AQJUJSxnljslSgAAAYj1eCDDJPFFsweRt6dECf2VBXQVrWALXlKVh0c2LH94ziC6gf4rnjQiFyptHCEyA2bmwDHvtgcSCA

127 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/	343 KB 72 KB	240ms 205ms	Document text/html	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash c2764b679b8d035120e09c7da266dffd9985f5d0c686e5891eedbd2b31d36391 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=248, must-revalidate cf-edge-cache cache,platform=wordpress content-encoding br content-type text/html; charset=UTF-8 date Mon, 26 Jun 2023 02:11:07 GMT host-header WordPress.com last-modified Mon, 26 Jun 2023 02:10:15 GMT link <https://blog.cyble.com/wp-json/>; rel="https://api.w.org/" <https://blog.cyble.com/wp-json/wp/v2/posts/17797>; rel="alternate"; type="application/json" <https://wp.me/pbX1h1-4D3>; rel=shortlink server nginx strict-transport-security max-age=31536000 vary Accept-Encoding Cookie x-ac 2.hhn _atomic_ams BYPASS x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. x-nananana Batcache-Hit x-pingback https://blog.cyble.com/xmlrpc.php
GET H2	200	/ blog.cyble.com/_static/	2 MB 211 KB	256ms 255ms	Stylesheet text/css	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJylVNlyqzAM/aHrGrIQ8nCnn9JxbEHVGMR4KZO/ryCkoQ3QMn0xln10ONrcNkJTHaAOMrxCBV4qH5zi1UPwUnsvK6yxQDCycD3SPPHJE9/8a+/OjY0l1l6Wkc0TuFKeIlojT5b0WVg8OeUu0oeLhTlXqy4UgygdmmXgG4RG6fPt+/LOmshJFQNVKgTUtxvxjgaoccBRjOWAwcAOveFlD+IV2tsPsdY2Gs7FG0fPYAWWU8MKxkbDesEJC6XSl3FKZr35bmwvpfEVlGHygijwZ3DoYryXZQYyx/jAwTWRgAy70n3ei/5sSdyknN80x6QG32IDrue4bqcYYmNJmTFDh2/IB7E/JPmPPxSNo7Vqow3I/QSP6Wcn0bFELqVYolqQfdyk6drqc2fJFk3JGsSXKH4YlIpMtNCl+8zr5GzdlPbTL5QxVI/3Ittle53mabHZHtKdSLMsT/b5cUXA+fa4XwPfJds18Cx5YJ9Lw5BC6Umjstd+/2LMEWmiM4Koid8YuPfR6pYvGCRUC56qgYYPBvvvZPzU1mbdAE/yeLK4fpwfaByU0arJqf5eoA4+7Dvoc/U/zfLDJtmkef4B9pWHAw== Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash fb042fd5b6d37629abcbb8734569435d6719471a28d128b47f755930b9c0b434 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Mon, 26 Jun 2023 02:11:07 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 19:16:28 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"b7481a7caa0c8202a60368ba84d9d4bf" vary Accept-Encoding content-type text/css;charset=utf-8 cache-control max-age=31536000 host-header WordPress.com
GET H2	200	css fonts-api.wp.com/	3 KB 685 B	53ms 28ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.5 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash a1020a8c9c2ec5c451dfc31ff1564dee690d603c4cb68049328581adc77ca7c2 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:07 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin x-xss-protection 0 x-nc BYPASS hhn 2 last-modified Mon, 26 Jun 2023 02:11:07 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	css fonts-api.wp.com/	76 KB 3 KB	52ms 27ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash e9426c16de4bbad4f463bdb77bac4c694a152356d8ee5b5de9ed79e803929dcf Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:07 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin x-xss-protection 0 x-nc BYPASS hhn 2 last-modified Mon, 26 Jun 2023 00:52:18 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	jquery.min.js Show response blog.cyble.com/wp-includes/js/jquery/	88 KB 31 KB	175ms 175ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:07 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 08 Mar 2023 18:37:33 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6408d5ed-15ed7" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery-migrate.min.js Show response blog.cyble.com/wp-includes/js/jquery/	13 KB 5 KB	173ms 173ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-includes/js/jquery/jquery-migrate.min.js?m=1675717155 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:07 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 06 Feb 2023 20:59:15 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"63e16a23-3470" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	front.min.js Show response blog.cyble.com/wp-content/plugins/cookie-notice/js/	8 KB 2 KB	174ms 172ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.8 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 28 Mar 2023 18:11:40 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"64232ddc-21fc" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	175 KB 64 KB	47ms 19ms	Script application/javascript	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2cb4b9559100115d39003662563990f2dda42657c98a1fdbfed772b7e986c7bd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 65165 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 26 Jun 2023 02:11:08 GMT
GET H2	200	wp-emoji-release.min.js Show response blog.cyble.com/wp-includes/js/	18 KB 5 KB	178ms 175ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 02 Feb 2023 00:53:25 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"63db0985-4904" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	subscribe-to-CRIL.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2021/11/	16 KB 16 KB	30ms 6ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash 382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 3 date Mon, 26 Jun 2023 02:11:08 GMT x-content-type-options nosniff last-modified Sat, 10 Dec 2022 20:48:17 GMT server nginx etag "90f4a9863ca68d73" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <http://blog.cyble.com/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg>; rel="canonical" content-length 16232 expires Tue, 10 Dec 2024 08:48:17 GMT
GET H2	200	v2.js Show response js.hsforms.net/forms/	526 KB 165 KB	54ms 28ms	Script application/javascript	2606:4700::6810:b841 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b841 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f2eaa8243f3b2f1c29a99a509e2e4bcc65c19bd288edcdbcf4f7b2f14cc5e10 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers content-encoding br age 96 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3339/bundles/project-v2.js&cfRay=7dd1e89afeed3668-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"ae5063d72b58cf4bd6e3b1970722d727" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3339/bundles/project-v2.js date Mon, 26 Jun 2023 02:11:07 GMT x-amz-version-id .lJqI7SEJc.LNL1fj.0aGIvTPC5x63d4 via 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id f42ad41f-f572-4820-bb4a-0b2ffbcda657 last-modified Tue, 20 Jun 2023 10:30:05 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KbDDAaRdVet%2B8uB14y0Lx24TwGdLz1rhw%2BQPrqhOYLqFxBMuoyUTh6JJvaaCq%2FxF%2Ff5N3nE1vYVXS78quwbKvgJBMut0Z%2Fy8kTHCzT4eQafBA%2F5J5JNjccDCq945WTcBvcBQ314hyYiD9%2BEN"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-ksc82 cf-ray 7dd1eaf54918373a-FRA x-amz-cf-id CINyC-3hZ67Lt3nj0P8yjZ29_WTfgb9aXUO4QkinJGHofQpg4Vj3GQ==
GET H2	200	aib-injectable.js Show response injection.amibreached.com/	2 KB 1 KB	78ms 44ms	Script application/javascript	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/aib-injectable.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 186cb05caa2a06748336b3123d7ac53986a650cffcab18f34e5c0ee3c057f591 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:07 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 ee3cd509a8d06ead88dc7a54e51680cc.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3202 x-amz-cf-pop BOM78-P6 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag W/"662ed2e07a2c9b151332e0a8da3b9922" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YX%2FWmDB80L31CcRaFNcVOyqAMJXs54il5lqAE9CEZFsKRCqUizPLUmX2%2FdrNFdjI3MMx6m3nB5fgKuQX6fM5qDLcNDIic%2FR0pNjCDkMTDyiuuvtlZP1i7xnVqojs4Vnzs1c2O5GoxK0OWuqyVDrjbbxTQs37Ozk%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7dd1eaf5debf9104-FRA x-amz-cf-id iKZIp3rShfWf9EpP4jFjxqgsQ9ggcHLM0dNz21DV4QhHq5qRpby3UQ==
GET H2	200	bilmur.min.js Show response s0.wp.com/wp-content/js/	7 KB 3 KB	18ms 6ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/bilmur.min.js?m=202326 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 51dc1ea3b9642d966bbdf2c63346e4d2d3f668a693fa8e7f1e31bf6acbe48860 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 2 date Mon, 26 Jun 2023 02:11:08 GMT content-encoding br x-ac 2.hhn _dfw MISS last-modified Fri, 19 May 2023 03:00:48 GMT server nginx etag W/"6466e660-1a69" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Tue, 25 Jun 2024 00:00:01 GMT
GET H2	200	/ blog.cyble.com/_static/	37 KB 8 KB	179ms 178ms	Stylesheet text/css	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJyVjFsKgCAQAC+ULQaZP9FZTJewfOG6eP0I6gD9zjDTi7A5NUwNSuDDJ4ITWzH2gpgdBySwpmYmDEDdF6xi5+QCjpZo6D/qV4gPPIMtrlItk5y1VvoGzj40MA== Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash cd924076cd6bdad7693c484ab0a812a3e8eb905cf751b36b9533dc97380eb277 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 27 Dec 2022 16:34:28 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"f10c7e84a22172fd36bd0473ba2ec996" vary Accept-Encoding content-type text/css;charset=utf-8 cache-control max-age=31536000 host-header WordPress.com
GET H2	200	/ Show response blog.cyble.com/_static/	21 KB 5 KB	173ms 173ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??wp-content/themes/astra/assets/js/minified/frontend.min.js,wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?m=1684390270 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f9d498e1b9cff1af27250e8d52ebf9eaf672ff517d586e0d381e7bf348bc6ea1 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 18 May 2023 06:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"8ee86e3fe916069b68662d1100a8e664" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	21289959.js Show response js.hs-scripts.com/	2 KB 1 KB	156ms 134ms	Script application/javascript	2606:4700::6812:853b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:853b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0bdb251edc75c12a0b3f922a51e92c601ab2b7d3404ed9044ebf6b60fb923d64 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT content-encoding br cf-cache-status EXPIRED x-hubspot-correlation-id 924c66fd-d668-47fe-ae4d-4ba1498fa5a0 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 15 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id cd769b1f-5d33-4009-8d57-33e1e343bee4 last-modified Mon, 26 Jun 2023 01:29:47 GMT server cloudflare x-trace 2BF6D5C79A142528149960E3B063B4DA94AB70593E000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all cache-control public, max-age=60 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-6htpc cf-ray 7dd1eaf9cae96983-FRA expires Mon, 26 Jun 2023 02:12:08 GMT
GET H2	200	/ Show response blog.cyble.com/_static/	46 KB 11 KB	177ms 176ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJytjVEOgjAQRC9kLYVa4cNwFLO2KylC23S3ED29/BA5gF8zmUneW5OwMTAGliVNERxJIM4gwLkYjl0YbS5WtbV6Vtpq0SlTN8ro80in9UdJUxl8IDkiJ7CvPe8LBhezhMJxBmZv90dM8HkLP8OAJJ0nln4jZULLfrPGB2FeMP9fcxg2eD/flGl101X1VX8BRL1l5Q== Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ac26533e2901023194baed8e192053457bd8131eb098b5c77890c0bbaf3dc7a3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 18 May 2023 06:11:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"747bdee1e027332c48bcff1635823f42" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	e-202326.js Show response stats.wp.com/	13 KB 4 KB	36ms 6ms	Script application/javascript	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/e-202326.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ab8517f3d5171dd42a8b9c22af6a2f944b41d00e7ea54ba02b4ed71a6c59e543 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn date Mon, 26 Jun 2023 02:11:08 GMT content-encoding br last-modified Fri, 19 May 2023 02:56:22 GMT server nginx etag W/"6466e556-3508" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 expires Sun, 23 Jun 2024 21:00:08 GMT
GET H2	200	/ Show response blog.cyble.com/_static/	277 KB 71 KB	193ms 193ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFiAltvEz7FJQ2pk1x4yxOYOzr57aEIaF1oy9N4+NzfM0pqJp8Ap90wNw4z7oFYyGqPVGSAxB6QSlq52vdsd7H0d+uOn463bMzJtebBDdEwwyJde+8En42gMqboxI0r8T4sBC6SncfGeK5YCoCuy+4WHfTbbk2C4EOTvR4N/3NaHWQgqkPejf0p8oOra5NpMyABVPFMCNDITnfk2dpeknGOk5Dy1vAAPGGLKEwW+ABlEIaYCQZml1cMqOTEsbvYg3HlChAORfp3O5IIE48o3IlqxCpCAj5BNXYdLGuYvYSai6XuxR+FBayywNRPdmMwL/MbRzuUfyELFAgPO8dovhATP/gRGhAXM3QgL8TbbJcK4jNZUUnEdmeIdo1+GOpPhCulVc0BLPweWG992/rl+3rZrteb56/AaHku90= Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 2c8d8489d8fd8a050c57648cef913573c447f112000d4b3c7bbf468ad0fef500 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Fri, 23 Jun 2023 00:45:42 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"74036a3219672376f67f0a2af9bc0660" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	index.min.js Show response blog.cyble.com/wp-content/plugins/gutenberg/build/i18n/	9 KB 4 KB	173ms 170ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=5baa98e4345eccc97e24 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6489ad36-227d" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	frontend.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	24 KB 7 KB	177ms 174ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.14.0 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash a323774304195e5b85ee7e0006282e22cbb7980ab6509d27d8add0928e55d8ab Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 13:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"649053ee-5f3c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.cyble.com/_static/	33 KB 10 KB	180ms 177ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js,wp-includes/js/jquery/ui/core.min.js?m=1687167852 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f7f54c64cbe8e1c50bf7e5d79509a8e98213738228ada4fb4dca88bebae7d788 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 09:44:12 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"3766434b9bc8548d00099956a269f6f8" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	frontend.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/js/	40 KB 13 KB	178ms 175ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.14.0 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 7a3a19faa84ab238ac542e09efa9a6e3575b46805b9a43343b3cb445e08b1ecc Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 09:44:12 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6490236c-9f54" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	elements-handlers.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	29 KB 7 KB	176ms 173ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.14.0 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 264b5704353c6b1b2eff2e9599db601876730ffff07a5949b3b3f8be0b9c7b84 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 13:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"649053ee-74fb" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery.sticky.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/	4 KB 2 KB	174ms 171ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?m=1687180270 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 13:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"649053ee-e89" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	roundtrip.js Show response s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/	87 KB 26 KB	69ms 8ms	Script text/javascript	2600:9000:225e:a000:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash add5990fd8f0c489398ae393e3a1fc1b4a2791139f56835f72628b1b15a20ee3 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Amz-Version-Id WNXs5pOSyVo4CQxOo8y0QSF9.6VRSpVz Content-Encoding gzip Via 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront) Date Mon, 26 Jun 2023 01:26:07 GMT Age 3167 X-Amz-Cf-Pop FRA60-P4 X-Amz-Server-Side-Encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Last-Modified Sat, 24 Jun 2023 12:20:01 GMT Server AmazonS3 Etag W/"3aad986131726bb5b4c320c62bb52f4f" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=3600, must-revalidate Access-Control-Allow-Credentials false Access-Control-Max-Age 600 Access-Control-Allow-Headers * X-Amz-Cf-Id ioVd-1pVIjMURXhz_LGH6rELIJuR7JKF0fVjA6yNbESviWxhxjGOvw==
GET DATA	200 OK	truncated /	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	api.min.js Show response a.omappapi.com/app/js/	50 KB 19 KB	128ms 6ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/api.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 95ab28dd9cbacf9d30b20a000b9ff8ba46329d26b4ccb8731dcddb61f5fc1975 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT content-encoding br cdn-edgestorageid 722 perma-cache HIT cdn-storageserver DE-575 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:10 GMT server BunnyCDN-DE1-1053 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938082-c67d" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid f73837dd2c2cbc1f40513eb01af56bf3 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2 fonts.wp.com/s/lora/v32/	19 KB 19 KB	40ms 9ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7ff7d3790060dcf14289ea0e50e7df1f00893e53e882ff3101e078b2f948589f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Mon, 26 Jun 2023 02:11:08 GMT x-content-type-options nosniff last-modified Tue, 21 Feb 2023 21:45:57 GMT server nginx age 58305 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 19300 x-xss-protection 0
GET H2	200	S6uyw4BMUTPHjx4wXg.woff2 fonts.wp.com/s/lato/v24/	23 KB 23 KB	45ms 14ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Mon, 26 Jun 2023 02:11:08 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:17:22 GMT server nginx age 4801 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 23580 x-xss-protection 0
GET H2	200	fa-solid-900.woff2 blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/	76 KB 77 KB	304ms 302ms	Font application/font-woff2	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJylVNlyqzAM/aHrGrIQ8nCnn9JxbEHVGMR4KZO/ryCkoQ3QMn0xln10ONrcNkJTHaAOMrxCBV4qH5zi1UPwUnsvK6yxQDCycD3SPPHJE9/8a+/OjY0l1l6Wkc0TuFKeIlojT5b0WVg8OeUu0oeLhTlXqy4UgygdmmXgG4RG6fPt+/LOmshJFQNVKgTUtxvxjgaoccBRjOWAwcAOveFlD+IV2tsPsdY2Gs7FG0fPYAWWU8MKxkbDesEJC6XSl3FKZr35bmwvpfEVlGHygijwZ3DoYryXZQYyx/jAwTWRgAy70n3ei/5sSdyknN80x6QG32IDrue4bqcYYmNJmTFDh2/IB7E/JPmPPxSNo7Vqow3I/QSP6Wcn0bFELqVYolqQfdyk6drqc2fJFk3JGsSXKH4YlIpMtNCl+8zr5GzdlPbTL5QxVI/3Ittle53mabHZHtKdSLMsT/b5cUXA+fa4XwPfJds18Cx5YJ9Lw5BC6Umjstd+/2LMEWmiM4Koid8YuPfR6pYvGCRUC56qgYYPBvvvZPzU1mbdAE/yeLK4fpwfaByU0arJqf5eoA4+7Dvoc/U/zfLDJtmkef4B9pWHAw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://blog.cyble.com/_static/??-eJylVNlyqzAM/aHrGrIQ8nCnn9JxbEHVGMR4KZO/ryCkoQ3QMn0xln10ONrcNkJTHaAOMrxCBV4qH5zi1UPwUnsvK6yxQDCycD3SPPHJE9/8a+/OjY0l1l6Wkc0TuFKeIlojT5b0WVg8OeUu0oeLhTlXqy4UgygdmmXgG4RG6fPt+/LOmshJFQNVKgTUtxvxjgaoccBRjOWAwcAOveFlD+IV2tsPsdY2Gs7FG0fPYAWWU8MKxkbDesEJC6XSl3FKZr35bmwvpfEVlGHygijwZ3DoYryXZQYyx/jAwTWRgAy70n3ei/5sSdyknN80x6QG32IDrue4bqcYYmNJmTFDh2/IB7E/JPmPPxSNo7Vqow3I/QSP6Wcn0bFELqVYolqQfdyk6drqc2fJFk3JGsSXKH4YlIpMtNCl+8zr5GzdlPbTL5QxVI/3Ittle53mabHZHtKdSLMsT/b5cUXA+fa4XwPfJds18Cx5YJ9Lw5BC6Umjstd+/2LMEWmiM4Koid8YuPfR6pYvGCRUC56qgYYPBvvvZPzU1mbdAE/yeLK4fpwfaByU0arJqf5eoA4+7Dvoc/U/zfLDJtmkef4B9pWHAw== Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Mon, 19 Jun 2023 09:44:12 GMT server nginx etag "6490236c-13174" access-control-allow-methods GET, HEAD content-type application/font-woff2 access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 78196 expires Mon, 03 Jul 2023 02:11:08 GMT
GET H2	200	fa-brands-400.woff2 blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/	75 KB 75 KB	241ms 238ms	Font application/font-woff2	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJylVNlyqzAM/aHrGrIQ8nCnn9JxbEHVGMR4KZO/ryCkoQ3QMn0xln10ONrcNkJTHaAOMrxCBV4qH5zi1UPwUnsvK6yxQDCycD3SPPHJE9/8a+/OjY0l1l6Wkc0TuFKeIlojT5b0WVg8OeUu0oeLhTlXqy4UgygdmmXgG4RG6fPt+/LOmshJFQNVKgTUtxvxjgaoccBRjOWAwcAOveFlD+IV2tsPsdY2Gs7FG0fPYAWWU8MKxkbDesEJC6XSl3FKZr35bmwvpfEVlGHygijwZ3DoYryXZQYyx/jAwTWRgAy70n3ei/5sSdyknN80x6QG32IDrue4bqcYYmNJmTFDh2/IB7E/JPmPPxSNo7Vqow3I/QSP6Wcn0bFELqVYolqQfdyk6drqc2fJFk3JGsSXKH4YlIpMtNCl+8zr5GzdlPbTL5QxVI/3Ittle53mabHZHtKdSLMsT/b5cUXA+fa4XwPfJds18Cx5YJ9Lw5BC6Umjstd+/2LMEWmiM4Koid8YuPfR6pYvGCRUC56qgYYPBvvvZPzU1mbdAE/yeLK4fpwfaByU0arJqf5eoA4+7Dvoc/U/zfLDJtmkef4B9pWHAw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://blog.cyble.com/_static/??-eJylVNlyqzAM/aHrGrIQ8nCnn9JxbEHVGMR4KZO/ryCkoQ3QMn0xln10ONrcNkJTHaAOMrxCBV4qH5zi1UPwUnsvK6yxQDCycD3SPPHJE9/8a+/OjY0l1l6Wkc0TuFKeIlojT5b0WVg8OeUu0oeLhTlXqy4UgygdmmXgG4RG6fPt+/LOmshJFQNVKgTUtxvxjgaoccBRjOWAwcAOveFlD+IV2tsPsdY2Gs7FG0fPYAWWU8MKxkbDesEJC6XSl3FKZr35bmwvpfEVlGHygijwZ3DoYryXZQYyx/jAwTWRgAy70n3ei/5sSdyknN80x6QG32IDrue4bqcYYmNJmTFDh2/IB7E/JPmPPxSNo7Vqow3I/QSP6Wcn0bFELqVYolqQfdyk6drqc2fJFk3JGsSXKH4YlIpMtNCl+8zr5GzdlPbTL5QxVI/3Ittle53mabHZHtKdSLMsT/b5cUXA+fa4XwPfJds18Cx5YJ9Lw5BC6Umjstd+/2LMEWmiM4Koid8YuPfR6pYvGCRUC56qgYYPBvvvZPzU1mbdAE/yeLK4fpwfaByU0arJqf5eoA4+7Dvoc/U/zfLDJtmkef4B9pWHAw== Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Mon, 19 Jun 2023 09:44:12 GMT server nginx etag "6490236c-12bdc" access-control-allow-methods GET, HEAD content-type application/font-woff2 access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 76764 expires Mon, 03 Jul 2023 02:11:08 GMT
GET H2	200	S6u9w4BMUTPHh6UVSwiPGQ.woff2 fonts.wp.com/s/lato/v24/	23 KB 23 KB	46ms 16ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Mon, 26 Jun 2023 02:11:08 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:07:25 GMT server nginx age 676 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 23040 x-xss-protection 0
GET H2	200	Cyble-CIRIL-pyyv4ww1nowvginyhq7nrmlg0x8pxv1qcifo3udnvq.png blog.cyble.com/wp-content/uploads/elementor/thumbs/	4 KB 5 KB	331ms 328ms	Image image/png	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://blog.cyble.com/wp-content/uploads/elementor/thumbs/Cyble-CIRIL-pyyv4ww1nowvginyhq7nrmlg0x8pxv1qcifo3udnvq.png Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ef896b86a77ae191af41c2714906decbab4bbb7fd32321c14f4f398eb7f264ba Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Sat, 10 Dec 2022 19:16:39 GMT server nginx etag "6394db17-11bc" access-control-allow-methods GET, HEAD content-type image/png access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 4540 expires Mon, 03 Jul 2023 02:11:08 GMT
GET H/1.1	200 OK	json Show response forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/	37 KB 7 KB	167ms 137ms	XHR application/json	2606:4700::6811:d2f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.3339&X-HubSpot-Static-App-Info=forms-embed-1.3339 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5863ea13914ddee7d877e4c9a200cffcd30c71f8861de759053aa0d8b567d836 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Origin-Hublet na1 Date Mon, 26 Jun 2023 02:11:08 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Encoding br CF-Cache-Status DYNAMIC X-HubSpot-Correlation-Id 48daf3dc-5a14-4261-a461-2be5082b5804 x-evy-trace-route-service-name envoyset-translator Transfer-Encoding chunked x-envoy-upstream-service-time 16 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 5646b899-72f5-400e-aa9d-4c050644ebd0 Server cloudflare X-Trace 2BAF87935960AF219AE67BA6BEF16F13F59E5CC6B8000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://blog.cyble.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 7dd1eafaffaabbc7-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-w9hvc
GET H/1.1	200 OK	index.js Show response s.adroll.com/j/exp/ Redirect Chain https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js https://s.adroll.com/j/exp/index.js	28 B 784 B	9ms 8ms	Script application/javascript	2600:9000:225e:a000:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/exp/index.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol HTTP/1.1 Server 2600:9000:225e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Amz-Version-Id KLTaAvzmAP.1_rS.URSLlTS3u46mZQHP Date Sun, 25 Jun 2023 23:49:15 GMT Via 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront) Age 8535 X-Amz-Cf-Pop FRA60-P4 X-Amz-Server-Side-Encryption AES256 X-Cache Hit from cloudfront Connection keep-alive Content-Length 28 Last-Modified Tue, 21 Mar 2023 16:39:30 GMT Server AmazonS3 Etag "5816cced8568d223aa09d889f300692b" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Max-Age 600 Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers * X-Amz-Cf-Id AR2cx9pFQSKa9ilZlGbXNglFK1NVmZjZqz2U_qIIXd70vCDOp-O11w== Redirect headers Date Sun, 25 Jun 2023 07:07:20 GMT Via 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront) Age 68628 X-Amz-Cf-Pop FRA60-P4 X-Cache Hit from cloudfront Connection keep-alive Content-Length 0 Server AmazonS3 Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type application/xml Location https://s.adroll.com/j/exp/index.js Access-Control-Allow-Origin * Access-Control-Allow-Credentials false Access-Control-Allow-Headers * X-Amz-Cf-Id VKkehnPLHEjwhgRjYTFHqRZ_Jgu5dMLC43Nr268v9LsJFkphrCgHOw==
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.wp.com/s/opensans/v35/	47 KB 47 KB	8ms 6ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Mon, 26 Jun 2023 02:11:08 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:08:53 GMT server nginx age 635 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 48412 x-xss-protection 0
GET H/1.1	200 OK	json Show response forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/	37 KB 7 KB	153ms 137ms	XHR application/json	2606:4700::6811:d2f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.3339&X-HubSpot-Static-App-Info=forms-embed-1.3339 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash afcfb5b65e6aa0990fa68c56cc98f0deba06e9c8c305c427b9b50301522c8a17 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Origin-Hublet na1 Date Mon, 26 Jun 2023 02:11:08 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Encoding br CF-Cache-Status DYNAMIC X-HubSpot-Correlation-Id b9269b9a-06f8-433d-8fd4-55ebb950fe7a x-evy-trace-route-service-name envoyset-translator Transfer-Encoding chunked x-envoy-upstream-service-time 18 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8e1af1f3-5746-4f3b-a118-20787caed896 Server cloudflare X-Trace 2B72920E82209856C3D587320B03280A3B4DA5648E000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://blog.cyble.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 7dd1eafb8a4b9b1c-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-qr8ft
GET H2	200	api.min.css a.omappapi.com/app/js/	9 KB 3 KB	447ms 446ms	Stylesheet text/css	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/api.min.css Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash b9ca6b16cf168fe60d400a27a3650bcab24f38c88eee70d710e52e81abbbd455 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 863 perma-cache HIT cdn-storageserver DE-574 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:09 GMT server BunnyCDN-DE1-1053 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938081-22a1" vary Accept-Encoding, Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 819344abc7a95adbfd3616ce5a1fc067 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	poopcsalbacovn7gzkxg Show response api.omappapi.com/v2/embed/239265/	3 KB 2 KB	146ms 97ms	XHR application/json	18.66.112.19 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.omappapi.com/v2/embed/239265/poopcsalbacovn7gzkxg Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.19 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-19.fra56.r.cloudfront.net Software Pagely Gateway/1.5.1 / Resource Hash 40ca23f50bb22c719c27794b5ae6dbca57f4b9848884b8c148fedcdbf71cdd22 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT content-encoding gzip via 1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront) x-cache-config 0 0 x-amz-cf-pop FRA56-P5 x-cache-status HIT x-cache Miss from cloudfront x-optinmonster-campaign poopcsalbacovn7gzkxg x-user-agent standard-- last-modified Tue, 13 Jun 2023 05:36:50 GMT server Pagely Gateway/1.5.1 etag W/"81d4578a000851a55a6118875c255bed" vary Accept-Encoding, User-Agent content-type application/json access-control-allow-origin * access-control-expose-headers X-OptinMonster-Campaign, X-User-Agent cache-control public, max-age=30, stale-while-revalidate=1800 access-control-allow-headers X-CSRF-Token x-amz-cf-id 3p6XZw9_NmigSDtqGkdJlufKLW4pdmHqKr8gq1oHcXuCeAVsAJYfdw== expires Mon, 26 Jun 2023 01:53:56 GMT
GET H2	200	ELNAF2EZDFHJRAP3ODLCUU Show response d.adroll.com/consent/check/	453 B 546 B	115ms 32ms	Script application/javascript	2a05:d018:cc3:fe04:56ee:795c:c352:7692 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=21523819807.53462&arrfrr=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&_s=7e65dc0c27e261272b2d3d8e14062e3d&_b=2 Requested by Host: s.adroll.com URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a05:d018:cc3:fe04:56ee:795c:c352:7692 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx/1.22.1 / Resource Hash f04e47c7ca5959486a2117466ea32c44bbba6b6534caa27b7232134190a2af31 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT server nginx/1.22.1 content-length 453 content-type application/javascript
GET H2	200	js Show response www.googletagmanager.com/gtag/	255 KB 87 KB	21ms 21ms	Script application/javascript	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 515d691d2183a5cefc727fec15a9d644ab33e5c67dba97ae82b92b7c03306ee7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 89102 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 26 Jun 2023 02:11:08 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	30ms 7ms	Script text/javascript	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Mon, 26 Jun 2023 00:35:22 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 5746 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Mon, 26 Jun 2023 02:35:22 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	193 KB 72 KB	26ms 25ms	Script application/javascript	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e83ec65646f28712c0a85fa5c3a246a6cb894ff6ab72b5628831531db5087e05 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 73300 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 26 Jun 2023 02:11:08 GMT
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 3 KB	39ms 16ms	Script application/javascript	2606:4700::6810:77be CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:77be , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1874f11501aa7118cdfa7af21a9ef1c87301e917881dc941831b122d82b34a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT x-amz-version-id tZNqk9JR4hpL4HhK3M1JevHxbsFiShRO via 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop IAD12-P3 age 52 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.382/bundles/pixels-release.js&cfRay=7dd1e9b3afb41cbd-FRA x-cache Hit from cloudfront cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id be5cc3c7-2969-415f-8c9b-f760d8213454 last-modified Tue, 20 Jun 2023 11:26:10 UTC server cloudflare etag W/"15e730192a32cd4563797f160ff1fd6f" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-cxzff cf-ray 7dd1eafcbf3d91ea-FRA x-amz-cf-id UJ-u_rEiKK8E3Zynd08CMIK4WtEvI1celpQuiPw61VFsOZxZtQby0A== x-hs-target-asset adsscriptloaderstatic/static-1.382/bundles/pixels-release.js
GET H2	200	banner.js Show response js.hs-banner.com/v2/21289959/	210 KB 65 KB	422ms 399ms	Script text/javascript	2606:4700::6812:19c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/21289959/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1b198e6b8c03a2fcbd389a74e71642eb5fe5339510f8d7df65bb2e6fa29f4398 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id veK9ew0VhxQ6wuOQ1VsINz09jjqLfJPF content-encoding br cf-cache-status REVALIDATED x-amz-request-id MS6D7F69G7MYCV0J x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 26 x-amz-id-2 rPqNMs7J6IQmeeScH3klcrsJg2niKJCgOt3ZMxQ/wddSxwHLm6c/Jg8OddwUVt80I6Z+6nqBJCk= x-evy-trace-listener listener_https x-request-id 01abec54-57fc-4939-a9b6-34cb4387a878 x-evy-trace-route-configuration listener_https/all last-modified Thu, 22 Jun 2023 18:59:58 GMT server cloudflare etag W/"b19e4f1a69c9783d5760e5a9f9494280" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-9vnjb vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 7dd1eafcbaf2927a-FRA expires Mon, 26 Jun 2023 02:16:09 GMT
GET H2	200	leadflows.js Show response js.hsleadflows.net/	545 KB 87 KB	189ms 166ms	Script application/javascript	2606:4700::6811:806e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:806e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ae5bfbf6629277d9993e143b04fd081fdc22ac1790dbc4edf51165c3d9b52f0f Request headers Referer https://blog.cyble.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id v5..R77GwEs1PfJguIOtzHIVDGDmfqTH via 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront) cf-cache-status EXPIRED content-encoding br x-amz-cf-pop IAD12-P3 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1216/bundle/main/lead-flows-release.js&cfRay=7dd1eafcba7739d0-FRA x-cache Hit from cloudfront cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 7 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 69daf177-4259-445d-8170-fdbe5f3b7fa0 last-modified Mon, 19 Jun 2023 09:39:47 UTC server cloudflare etag W/"8f29c013ec69bca0f98e5c18d5d45d87" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all x-hs-cache-status MISS vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method cache-control s-maxage=86400, max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-x5fmx cf-ray 7dd1eafcba7739d0-FRA x-amz-cf-id Xgm_PJ8dXmvZBD_vE1UuhfikcBr8bH9BLScWQGGyzvEED9zje6qdNA== x-hs-target-asset lead-flows-js/static-1.1216/bundle/main/lead-flows-release.js
GET H2	200	21289959.js Show response js.hs-analytics.net/analytics/1687745400000/	66 KB 21 KB	163ms 140ms	Script text/javascript	2606:4700::6810:8ace CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1687745400000/21289959.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9a57804b3c404eae08417b0a50f161fea515dd8ec7ba75042bda0d7373f2453b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id null content-encoding br cf-cache-status MISS x-amz-request-id T8190KH6PYWV3CMS x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 17 x-amz-id-2 zCQ3QWWy+fzpZ74+K+E/AMohNvLA6HwaDSE7zrc3RrgPjpuS59r07US/cLlGDtY9qi2a6Knjl14= x-evy-trace-listener listener_https x-request-id f0fa90b0-5385-4f5f-8465-47f2f98afbd0 x-evy-trace-route-configuration listener_https/all last-modified Thu, 15 Jun 2023 15:21:50 GMT server cloudflare etag W/"b35e8871e3ab6956b7ac0cc79c05c479" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q cache-control max-age=300,public access-control-allow-credentials false cf-ray 7dd1eafcca0fbbcb-FRA expires Mon, 26 Jun 2023 02:16:08 GMT
GET H2	200	conversations-embed.js Show response js.usemessages.com/	75 KB 22 KB	41ms 19ms	Script application/javascript	2606:4700::6811:62ac CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:62ac , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 77177392c65784a0f09522cea8103cdb6d533b0cf0dd392af1a8480a171cbce7 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT x-amz-version-id SBQJMh8dP8eesg6MtWo7mRv._cMd8p8u via 1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop IAD12-P3 age 95 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13482/bundles/project.js&cfRay=7dd1e8a54c131c36-FRA x-cache Hit from cloudfront cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8e3891b6-9ef6-40d1-8b2c-9d50bd1171ea last-modified Wed, 21 Jun 2023 05:37:58 UTC server cloudflare etag W/"299aa98bce12ef75464e7932d9ca16e1" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-8rxrz cf-ray 7dd1eafcbc6b1c05-FRA x-amz-cf-id spJ3MospCr777U2EpY2ebOvm1O1na4CotLg7EJ7-RpCIp03GsV4ASw== x-hs-target-asset conversations-embed/static-1.13482/bundles/project.js
GET H2	200	5.0731530a.min.js Show response a.omappapi.com/app/js/	14 KB 6 KB	7ms 7ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/5.0731530a.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 5da2efab999313e6a7c003876130edaa14f37fa6704788c707ba0687a829f054 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:08 GMT content-encoding br cdn-edgestorageid 1077 perma-cache HIT cdn-storageserver DE-578 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:14 GMT server BunnyCDN-DE1-1053 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938086-38e3" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid c4ebc2deb4094469ae2d7721229ced33 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	g.gif pixel.wp.com/	50 B 116 B	20ms 6ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=ext&blog=176605947&post=17797&tz=-4&srv=blog.cyble.com&hp=atomic&ac=2&amp=0&j=1%3A12.3-a.7&host=blog.cyble.com&ref=&fcp=1295&rand=0.16148788628035837 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers access-control-allow-origin * date Mon, 26 Jun 2023 02:11:09 GMT cache-control no-cache server nginx content-length 50 content-type image/gif
GET H2	200	v2.js Show response js.hsforms.net/forms/ Frame C860	526 KB 164 KB	22ms 21ms	Script application/javascript	2606:4700::6810:b841 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b841 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f2eaa8243f3b2f1c29a99a509e2e4bcc65c19bd288edcdbcf4f7b2f14cc5e10 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers content-encoding br age 98 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3339/bundles/project-v2.js&cfRay=7dd1e89afeed3668-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"ae5063d72b58cf4bd6e3b1970722d727" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3339/bundles/project-v2.js date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id .lJqI7SEJc.LNL1fj.0aGIvTPC5x63d4 via 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id f42ad41f-f572-4820-bb4a-0b2ffbcda657 last-modified Tue, 20 Jun 2023 10:30:05 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ljKHvgfc35AeNSYO0AQPxn7Iz8mKsT5uMh5cZlJ8JkFWv%2FccbuEVmaeL%2BS3pnSBKStf5Woi8h%2FYQd5cvax2iIW7rv7iBFt%2Fiv%2BJQyoA%2FViF%2BE18c5m6A5IK0Mqi8hYfO3VfN22PYHOCzJRLI"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-ksc82 cf-ray 7dd1eafd6e9a373a-FRA x-amz-cf-id CINyC-3hZ67Lt3nj0P8yjZ29_WTfgb9aXUO4QkinJGHofQpg4Vj3GQ==
GET H2	200	v2.js Show response js.hsforms.net/forms/ Frame C7D3	526 KB 164 KB	19ms 18ms	Script application/javascript	2606:4700::6810:b841 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b841 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f2eaa8243f3b2f1c29a99a509e2e4bcc65c19bd288edcdbcf4f7b2f14cc5e10 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers content-encoding br age 98 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3339/bundles/project-v2.js&cfRay=7dd1e89afeed3668-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"ae5063d72b58cf4bd6e3b1970722d727" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3339/bundles/project-v2.js date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id .lJqI7SEJc.LNL1fj.0aGIvTPC5x63d4 via 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id f42ad41f-f572-4820-bb4a-0b2ffbcda657 last-modified Tue, 20 Jun 2023 10:30:05 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t67fmTDhteIPZG13pld9%2BCSUMj%2BQRCMILnXAi5UcBdeIcZlnN0yXqx8C4fagrmPiQYhfcDFmeGANWbwXWKOlhiFDKQ%2F7XF3NEtye7vKzMGmfOizinqRC4QqfrDp3Iul73tvOcI3lehq542Ot"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-ksc82 cf-ray 7dd1eafd8eab373a-FRA x-amz-cf-id CINyC-3hZ67Lt3nj0P8yjZ29_WTfgb9aXUO4QkinJGHofQpg4Vj3GQ==
OPTIONS H2	200	public api.hubspot.com/livechat-public/v1/message/ Frame	0 0	207ms 187ms	Preflight text/plain	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.13482&mobile=false&messagesUtk=60d0782946104178b73b323162a9393e&traceId=60d0782946104178b73b323162a9393e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept */* Access-Control-Request-Headers x-hubspot-messages-uri Access-Control-Request-Method GET Origin https://blog.cyble.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://blog.cyble.com allow HEAD,GET,OPTIONS alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7dd1eafdbc9d9137-FRA content-length 18 content-type text/plain; charset=utf-8 date Mon, 26 Jun 2023 02:11:09 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qypilf68TcC1amgJNwFLlDweR%2F9Eh5MJNLA6VRKn92vCTxwQ0ebYhgYejePEisqvURLUaP1CoSLVGRdiRUq3WFoNxhj%2BdQXZ%2Bz%2BMGmRMynjBTQ9wAhBeUom0RO55NaCuufpHkNsR7bemq4sOYA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding x-envoy-upstream-service-time 2 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-fj87l x-evy-trace-virtual-host all x-hubspot-correlation-id 8e6f205e-771a-4aec-8680-f7cebb30ba68 x-request-id e080dc9c-4111-43a6-95c2-6e45c916c6e2 x-trace 2B5B6DE759F38B515F86099A8B0447C334F4FC3FFB000000000000000000
GET H2	200	public Show response api.hubspot.com/livechat-public/v1/message/	3 KB 2 KB	210ms 209ms	XHR application/json	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.13482&mobile=false&messagesUtk=60d0782946104178b73b323162a9393e&traceId=60d0782946104178b73b323162a9393e Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 974fa2f2f23067e37051689758c17fb68a308fe449227b5c9440e369711b4812 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 X-HubSpot-Messages-Uri https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 4a08e185-ddaf-4c31-898d-eff260c91dcd x-envoy-upstream-service-time 71 alt-svc h3=":443"; ma=86400 content-length 1382 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 09c82f3d-c149-4fb6-87bb-4acc4c695a69 server cloudflare x-trace 2B1B2E3D7B870D76CB1A9F4FAF8C03B1B2407457BD000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-wnhdc cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2Bh7jOHc59ev45JfXWn0xYPoxjyRfRpazSzh03pVUm82IQRW6mRX0pgmAzPsHaHWq%2FjmbqWZAe6c7HIb39l5OXfIAwN%2BIe95SGxlgmftX6qYb87fgQX6VsR%2F83%2BN%2FI7zan3iOT5stFYnaVUzZg%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7dd1eafeed5c9137-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET H/1.1	200 OK	consent_tcfv2.js Show response s.adroll.com/j/	418 KB 57 KB	8ms 7ms	Script text/javascript	2600:9000:225e:a000:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/consent_tcfv2.js Requested by Host: s.adroll.com URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 30914e620ba424e4691b6f57c37f29e90c723e2360f0c6aec0757e456a923eb1 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Amz-Version-Id 9mxGGJNi8ryLrVUTXj0j28oaWNsGk.Ww Content-Encoding gzip Via 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront) Date Mon, 26 Jun 2023 02:09:38 GMT Age 109 X-Amz-Cf-Pop FRA60-P4 X-Amz-Server-Side-Encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Last-Modified Mon, 19 Jun 2023 14:34:51 GMT Server AmazonS3 Etag W/"8888d355e5a597edba8cd7932dc2044b" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/javascript Access-Control-Allow-Origin * Cache-Control max-age=300, must-revalidate Access-Control-Allow-Credentials false Access-Control-Max-Age 600 Access-Control-Allow-Headers * X-Amz-Cf-Id EB41JWIRAYm-siuFtUCcziQIl2nKJk3cw_-ZNy_7QGLkXRXsKicSSQ==
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 206 B	16ms 15ms	XHR text/plain	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1444173578&t=pageview&_s=1&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&ul=en-us&de=UTF-8&dt=Cyble%20%E2%80%94%20Trojanized%20Super%20Mario%20Game%20Installer%20Spreads%20SupremeBot%20Malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACUABBAAAACAAI~&jid=1319674038&gjid=1523615108&cid=274189301.1687745469&tid=UA-201575643-1&_gid=1127811648.1687745469&_r=1&gtm=457e36l0&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=561678410 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 26 Jun 2023 02:11:09 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	UmbralStealer-Super-Mario-Bros-Blog.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	271 KB 272 KB	8ms 7ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/UmbralStealer-Super-Mario-Bros-Blog.jpg?w=1200&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash 55894c686411d97d939e11179054c54ae7464038ef9a1af9971c0cd0c071950d Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 4 date Mon, 26 Jun 2023 02:11:09 GMT x-content-type-options nosniff last-modified Fri, 23 Jun 2023 11:01:18 GMT server nginx etag "2d2b55c756bff58b" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/UmbralStealer-Super-Mario-Bros-Blog.jpg>; rel="canonical" content-length 277618 expires Sun, 22 Jun 2025 23:01:18 GMT
GET H2	200	share-buttons.0bdd88c45462dfb2b073.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	1 KB 678 B	170ms 170ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.0bdd88c45462dfb2b073.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFiAltvEz7FJQ2pk1x4yxOYOzr57aEIaF1oy9N4+NzfM0pqJp8Ap90wNw4z7oFYyGqPVGSAxB6QSlq52vdsd7H0d+uOn463bMzJtebBDdEwwyJde+8En42gMqboxI0r8T4sBC6SncfGeK5YCoCuy+4WHfTbbk2C4EOTvR4N/3NaHWQgqkPejf0p8oOra5NpMyABVPFMCNDITnfk2dpeknGOk5Dy1vAAPGGLKEwW+ABlEIaYCQZml1cMqOTEsbvYg3HlChAORfp3O5IIE48o3IlqxCpCAj5BNXYdLGuYvYSai6XuxR+FBayywNRPdmMwL/MbRzuUfyELFAgPO8dovhATP/gRGhAXM3QgL8TbbJcK4jNZUUnEdmeIdo1+GOpPhCulVc0BLPweWG992/rl+3rZrteb56/AaHku90= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 9c8b8880afd7d6d3530ce5bc9fd79e177a9e9cf8f943d9466b9ea4b77da4999c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 13:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"649053ee-4bd" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Mon, 03 Jul 2023 02:11:09 GMT
GET H2	200	load-more.b18fee69ce12204b4582.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	5 KB 2 KB	172ms 171ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/load-more.b18fee69ce12204b4582.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFiAltvEz7FJQ2pk1x4yxOYOzr57aEIaF1oy9N4+NzfM0pqJp8Ap90wNw4z7oFYyGqPVGSAxB6QSlq52vdsd7H0d+uOn463bMzJtebBDdEwwyJde+8En42gMqboxI0r8T4sBC6SncfGeK5YCoCuy+4WHfTbbk2C4EOTvR4N/3NaHWQgqkPejf0p8oOra5NpMyABVPFMCNDITnfk2dpeknGOk5Dy1vAAPGGLKEwW+ABlEIaYCQZml1cMqOTEsbvYg3HlChAORfp3O5IIE48o3IlqxCpCAj5BNXYdLGuYvYSai6XuxR+FBayywNRPdmMwL/MbRzuUfyELFAgPO8dovhATP/gRGhAXM3QgL8TbbJcK4jNZUUnEdmeIdo1+GOpPhCulVc0BLPweWG992/rl+3rZrteb56/AaHku90= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 638a50177eaf1ef79fb307a539d9b8637f7ecb2d07179ff4eed7dc585176e27c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 13:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"649053ee-15eb" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Mon, 03 Jul 2023 02:11:09 GMT
GET H2	200	posts.e33113a212454e383747.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	3 KB 1 KB	170ms 170ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/posts.e33113a212454e383747.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFiAltvEz7FJQ2pk1x4yxOYOzr57aEIaF1oy9N4+NzfM0pqJp8Ap90wNw4z7oFYyGqPVGSAxB6QSlq52vdsd7H0d+uOn463bMzJtebBDdEwwyJde+8En42gMqboxI0r8T4sBC6SncfGeK5YCoCuy+4WHfTbbk2C4EOTvR4N/3NaHWQgqkPejf0p8oOra5NpMyABVPFMCNDITnfk2dpeknGOk5Dy1vAAPGGLKEwW+ABlEIaYCQZml1cMqOTEsbvYg3HlChAORfp3O5IIE48o3IlqxCpCAj5BNXYdLGuYvYSai6XuxR+FBayywNRPdmMwL/MbRzuUfyELFAgPO8dovhATP/gRGhAXM3QgL8TbbJcK4jNZUUnEdmeIdo1+GOpPhCulVc0BLPweWG992/rl+3rZrteb56/AaHku90= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 148da439eaba8dfe837cff98be204135245cac5f9a4b10d8315a7f234ec6bba4 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 13:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"649053ee-cfd" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Mon, 03 Jul 2023 02:11:09 GMT
GET H2	200	text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/js/	1 KB 705 B	170ms 169ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFiAltvEz7FJQ2pk1x4yxOYOzr57aEIaF1oy9N4+NzfM0pqJp8Ap90wNw4z7oFYyGqPVGSAxB6QSlq52vdsd7H0d+uOn463bMzJtebBDdEwwyJde+8En42gMqboxI0r8T4sBC6SncfGeK5YCoCuy+4WHfTbbk2C4EOTvR4N/3NaHWQgqkPejf0p8oOra5NpMyABVPFMCNDITnfk2dpeknGOk5Dy1vAAPGGLKEwW+ABlEIaYCQZml1cMqOTEsbvYg3HlChAORfp3O5IIE48o3IlqxCpCAj5BNXYdLGuYvYSai6XuxR+FBayywNRPdmMwL/MbRzuUfyELFAgPO8dovhATP/gRGhAXM3QgL8TbbJcK4jNZUUnEdmeIdo1+GOpPhCulVc0BLPweWG992/rl+3rZrteb56/AaHku90= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 192811b11cab8b2d4254be60c82edeb3054b8c0a5aa7092b5a934adbd9e3320f Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 09:44:12 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6490236c-550" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Mon, 03 Jul 2023 02:11:09 GMT
GET H2	200	webfont.js Show response a.omappapi.com/app/js/webfont/1.5.18/	16 KB 7 KB	10ms 9ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 756 perma-cache HIT cdn-storageserver DE-576 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Fri, 19 May 2023 23:24:20 GMT server BunnyCDN-DE1-1053 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64680524-40cb" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 1789704fe15c6f039961b615aa6a1c61 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	4.77d69382.min.js Show response a.omappapi.com/app/js/	41 KB 13 KB	11ms 11ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/4.77d69382.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash e8adc21c3d8f34e90565c2842e94dae3d22f0ffa500def488b22a9de31017439 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 865 perma-cache HIT cdn-storageserver DE-575 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:13 GMT server BunnyCDN-DE1-1053 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938085-a3d8" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid ef56931515cb1f16524bddc370b52a5b cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
POST H2	204	collect region1.google-analytics.com/g/	0 253 B	46ms 14ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je36l0&_p=1444173578&gdid=dZTNiMT&cid=274189301.1687745469&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1687745469&sct=1&seg=0&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&dt=Cyble%20%E2%80%94%20Trojanized%20Super%20Mario%20Game%20Installer%20Spreads%20SupremeBot%20Malware&en=page_view&_fv=1&_ss=1&_ee=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers pragma no-cache date Mon, 26 Jun 2023 02:11:09 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 54 B	31ms 15ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45je36l0&_p=1444173578&cid=274189301.1687745469&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1687745469&sct=1&seg=0&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&dt=Cyble%20%E2%80%94%20Trojanized%20Super%20Mario%20Game%20Installer%20Spreads%20SupremeBot%20Malware&en=page_view&_fv=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers pragma no-cache date Mon, 26 Jun 2023 02:11:09 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 622 B	149ms 138ms	Image image/gif	2606:4700::6811:d2f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hubspot-correlation-id de629171-122b-42ed-85b1-e1f27e68e21b x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d4a177ef-4143-4d90-996b-cb75a2c10824 server cloudflare x-trace 2BF5DE7236351C7E068B4D2731B02025B62504D231000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-f4t27 access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 7dd1eaff694a2c43-FRA
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 345 B	74ms 23ms	XHR text/plain	2a00:1450:400c:c07::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-201575643-1&cid=274189301.1687745469&jid=1319674038&gjid=1523615108&_gid=1127811648.1687745469&_u=YGBACUAABAAAACAAI~&z=1875332855 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Mon, 26 Jun 2023 02:11:09 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	nextroll-32x32.png s.adroll.com/i/favicon/	2 KB 2 KB	15ms 15ms	Image image/png	2600:9000:225e:a000:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.adroll.com/i/favicon/nextroll-32x32.png Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Amz-Version-Id eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0 Date Sun, 25 Jun 2023 22:29:11 GMT Via 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront) Age 13324 X-Amz-Cf-Pop FRA60-P4 X-Amz-Server-Side-Encryption AES256 X-Cache Hit from cloudfront Connection keep-alive Content-Length 1615 Last-Modified Mon, 28 Jun 2021 18:19:21 GMT Server AmazonS3 Etag "403a0a7dcf2d617e7ea852bfb9d11945" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type image/png Access-Control-Allow-Origin * Access-Control-Max-Age 600 Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers * X-Amz-Cf-Id CL_f9YCl1BDSzSOXkugxJZzC1X6oOOXR4W8zijMYZVd8eRhYPITgoA==
GET H/1.1	200 OK	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 983 B	196ms 121ms	Image image/gif	2606:4700::6811:d2f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Mon, 26 Jun 2023 02:11:09 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload CF-Cache-Status DYNAMIC X-HubSpot-Correlation-Id dbef2835-2b22-4082-b34c-726a8eefa44f x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 3 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 770f04cf-df05-4432-a87b-554d2f961966 Server cloudflare X-Trace 2B54E73F52863D82091996BABAA385F101AC7D1DDA000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-cxrpn Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 7dd1eb011d22bb73-FRA
GET H2	200	60d0782946104178b73b323162a9393e Show response app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame EF9D	53 KB 19 KB	231ms 170ms	Document text/html	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2034f2579b59ec7735c3affb3a4c969baea7beb28bfca3b3113876825d91577e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://blog.cyble.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials false age 1535 alt-svc h3=":443"; ma=86400 cache-control max-age=600 cache-tag staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod cf-cache-status DYNAMIC cf-ray 7dd1eb01184503ac-FRA content-encoding br content-security-policy-report-only script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.15930/html/index.html&cfRay=7dd1eb01184503ac&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2F60d0782946104178b73b323162a9393e%3Fuuid%3D8150e12dd9814894b757be23d8685b60%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3Dnull%26domain%3Dblog.cyble.com%26inApp53%3Dfalse%26messagesUtk%3D60d0782946104178b73b323162a9393e%26url%3Dhttps%253A%252F%252Fblog.cyble.com%252F2023%252F06%252F23%252Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3Dnull%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fblog.cyble.com%2F&cfenv=prod&pdt=2023-06-26&csp=ro content-type text/html; charset=utf-8 date Mon, 26 Jun 2023 02:11:09 GMT etag W/"37590aaf7e31621f771813bd079dfa69" last-modified Wed, 21 Jun 2023 05:37:58 UTC report-to {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]} reporting-endpoints default="https://send.hsbrowserreports.com/csp/reports?cfRay=7dd1eb01184503ac&resource=conversations-visitor-ui/static-1.15930/html/index.html" server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding via 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront) x-amz-cf-id uxpX4uqVRJULKCezIFWNC1xGu_1Yq41Tugy7xSdyXEChKJDZBlYMVQ== x-amz-cf-pop IAD12-P3 x-amz-replication-status COMPLETED x-amz-server-side-encryption AES256 x-amz-version-id SWzcNb7KXqxjYrlvP7RCA8tJF7vhqfJY x-cache Hit from cloudfront x-envoy-upstream-service-time 6 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-mm66x x-evy-trace-virtual-host all x-hs-cache-status MISS x-hs-target-asset conversations-visitor-ui/static-1.15930/html/index.html x-hs-worker-debug-mode false x-request-id a70ef62e-1779-4e83-9ba6-5b8a636fcb9f
GET H2	200	share-link.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/lib/share-link/	3 KB 1 KB	184ms 177ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.14.0 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.14.0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 19 Jun 2023 09:44:12 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6490236c-a3c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	114 B 1 KB	187ms 123ms	XHR application/json	2606:4700::6811:cacc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=21289959 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 90b705145ef82e9d8493aae55c9bfb3200ec0620c8946b20b0b28366557d6a4a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id fbba947c-8d5a-4acf-8dbc-3feb3381e6d6 x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 6c2f6b2e-7cb8-4a32-961f-57c6723bb173 server cloudflare x-trace 2BC21297886F00174AE4CC3980A30DCB0184EEEF21000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-55fmk access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zfZFTfWb2iYeBQPaLQ1SYeeN1PbIcgWtZelsd7hZ3IcCNBt%2F86cPtKGAgaLIGoOn3WwpIzRQQAVPJCCkaABjEv9mMzm0s3HRXcBUBGZzlj%2F2MHLGcWDYYNzaq%2BgHi8j6tokCZht7671DdMwV"}],"group":"cf-nel","max_age":604800} cf-ray 7dd1eb017d4e37fc-FRA access-control-allow-headers *
GET H2	200	17.fd6135fc.min.js Show response a.omappapi.com/app/js/	458 B 1 KB	20ms 17ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/17.fd6135fc.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 09cc0c8661bd4873fb75a6e96539b6bfad7a9fcb0d6a79b6a974b11195d6e25d Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 860 perma-cache HIT cdn-storageserver DE-576 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:11 GMT server BunnyCDN-DE1-1053 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938083-1ca" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 61f526fc867478309341951b33791b46 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	20.bb2e5025.min.js Show response a.omappapi.com/app/js/	4 KB 2 KB	20ms 17ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/20.bb2e5025.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 2168dee40954466214d7f5e39e460be903013674f81070d5fb0ad01213a8486a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 1075 perma-cache HIT cdn-storageserver DE-167 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:12 GMT server BunnyCDN-DE1-1053 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938084-ec3" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 65df2b6a8de189cec4203271a6381bf6 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	28.f50e9b45.min.js Show response a.omappapi.com/app/js/	6 KB 3 KB	22ms 19ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/28.f50e9b45.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash af710d1f0d2c94a8370cc573a9255f6794500fa0da9839ce8c069f4eaa7f96b0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 1049 perma-cache HIT cdn-storageserver DE-165 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:11 GMT server BunnyCDN-DE1-1053 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938083-1726" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid bcc80cafc90d67f7bbf7d20035a4444b cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	33.65dc6102.min.js Show response a.omappapi.com/app/js/	10 KB 4 KB	21ms 18ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/33.65dc6102.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 539ac047374f668cd186c3ed1e1f3ad667c5ffddd4874446980d1cafaf77b655 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-573 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:11 GMT server BunnyCDN-DE1-1053 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938083-291f" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 7b9b5be50ac7c18496f1031360ad83b3 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	10.c57fdab0.min.js Show response a.omappapi.com/app/js/	28 KB 9 KB	22ms 20ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/10.c57fdab0.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 35628b00dd095172f48c7fe4b3f6f48b9751a1a95f9f80552fc1770c93a28627 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 1047 perma-cache HIT cdn-storageserver DE-570 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:11 GMT server BunnyCDN-DE1-1053 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938083-6fec" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid d4a863110505a349d6303473b428009e cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	0.3415d765.min.js Show response a.omappapi.com/app/js/	7 KB 3 KB	24ms 22ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/0.3415d765.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash cfdaa671aea1f1a3d6c4a195159a1b8e39f9bb5cc478bfdbf173507f15abfb7f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 864 perma-cache HIT cdn-storageserver DE-573 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:12 GMT server BunnyCDN-DE1-1053 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938084-1a8f" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 6aca988138988ebfc7aeb1394095d298 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	9.00860694.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	23ms 21ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/9.00860694.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 906bb156f70a4fd952c4c8f7072d070bf8c2db3417da8f73b25c1f37de5f6427 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 863 perma-cache HIT cdn-storageserver DE-577 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:12 GMT server BunnyCDN-DE1-1053 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938084-650" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 34cec38952753d5d7cf5dfcd9256a9bc cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	11.1050c28d.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	24ms 22ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/11.1050c28d.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 37012edb80dd5ca2ea633b3300c6b0f19ae755096da9b37921ee8bebeca25954 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 860 perma-cache HIT cdn-storageserver DE-576 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:12 GMT server BunnyCDN-DE1-1053 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938084-790" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid e480f1caa780a288bd256bde2a6a6fdc cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	29.ff30d6db.min.js Show response a.omappapi.com/app/js/	3 KB 2 KB	25ms 23ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/29.ff30d6db.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 098699c15c3576e659f00afae845cd0fe1345dcc39a2022c4efb2a49274bb53f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 864 perma-cache HIT cdn-storageserver DE-168 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:09 GMT server BunnyCDN-DE1-1053 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938081-ab6" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid b3248587da09e4b8565090ee80b68c06 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	27.7803672e.min.js Show response a.omappapi.com/app/js/	1 KB 1 KB	25ms 23ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/27.7803672e.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 7debfd89879c9e370f42e60a66b1309b795503568cbafb364ce2287ebd019055 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 1047 perma-cache HIT cdn-storageserver DE-165 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:12 GMT server BunnyCDN-DE1-1053 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938084-4e1" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 50ff0242a7ca1bf55bf7e205562e8ccd cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	16.3353bb65.min.js Show response a.omappapi.com/app/js/	830 B 1 KB	30ms 28ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/16.3353bb65.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 838fc802c5679d425ab384a1064e73e2214ab6d56a694709ea20565423c46745 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 864 perma-cache HIT cdn-storageserver DE-165 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:10 GMT server BunnyCDN-DE1-1053 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938082-33e" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 237ddd53fd7805e79e7bdf9b6b3492f5 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	1.89db9f62.min.js Show response a.omappapi.com/app/js/	9 KB 3 KB	26ms 24ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/1.89db9f62.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 484098c79514881a954847db923f12bf7def109e0217a3138ae8c8d91382f23b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 1047 perma-cache HIT cdn-storageserver DE-570 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:12 GMT server BunnyCDN-DE1-1053 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938084-2308" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid ab89c48b7e8765058948e7384a914c2c cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	22.cf6ca517.min.js Show response a.omappapi.com/app/js/	2 KB 1 KB	28ms 26ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/22.cf6ca517.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 1c374983633d349ae8e4986739a5c434ea79bf2db929aa0967df26e1380ed1ba Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 860 perma-cache HIT cdn-storageserver DE-575 cdn-cachedat 06/23/2023 06:21:08 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:12 GMT server BunnyCDN-DE1-1053 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938084-602" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 94710cfc8b895f00c0e95f62567c3d29 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	2.28387e62.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	30ms 29ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/2.28387e62.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash f844015a45cc070e5d5b3fca2abfa8ae208738bc5d9bdf49988ea9032e94a373 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 865 perma-cache HIT cdn-storageserver DE-167 cdn-cachedat 06/23/2023 06:21:28 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:18 GMT server BunnyCDN-DE1-1053 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"6493808a-87c" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 1f02ad03e9eaa4eec7e6509b8a32e328 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	19.d21f1c8e.min.js Show response a.omappapi.com/app/js/	1 KB 1 KB	32ms 31ms	Script application/javascript	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/19.d21f1c8e.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 887e3ec760dc258b4964410db699386d4930f35d4acf8cd765b6d906f04cba53 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 1048 perma-cache HIT cdn-storageserver DE-572 cdn-cachedat 06/23/2023 06:21:38 cdn-pullzone 293267 last-modified Wed, 21 Jun 2023 22:58:11 GMT server BunnyCDN-DE1-1053 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64938083-5c1" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid a373ea5f655ce5bc3f19bdebaa3e43fc cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	UmbralStealer-Super-Mario-Bros-Blog.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	29 KB 29 KB	21ms 10ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/UmbralStealer-Super-Mario-Bros-Blog.jpg?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFiAltvEz7FJQ2pk1x4yxOYOzr57aEIaF1oy9N4+NzfM0pqJp8Ap90wNw4z7oFYyGqPVGSAxB6QSlq52vdsd7H0d+uOn463bMzJtebBDdEwwyJde+8En42gMqboxI0r8T4sBC6SncfGeK5YCoCuy+4WHfTbbk2C4EOTvR4N/3NaHWQgqkPejf0p8oOra5NpMyABVPFMCNDITnfk2dpeknGOk5Dy1vAAPGGLKEwW+ABlEIaYCQZml1cMqOTEsbvYg3HlChAORfp3O5IIE48o3IlqxCpCAj5BNXYdLGuYvYSai6XuxR+FBayywNRPdmMwL/MbRzuUfyELFAgPO8dovhATP/gRGhAXM3QgL8TbbJcK4jNZUUnEdmeIdo1+GOpPhCulVc0BLPweWG992/rl+3rZrteb56/AaHku90= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash ca1a20243591c8c18ef88cd36d77ac2fab4e30b213368be1c7b6dca1021e2a9d Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 4 date Mon, 26 Jun 2023 02:11:09 GMT x-content-type-options nosniff last-modified Fri, 23 Jun 2023 10:57:55 GMT server nginx etag "e1d776c4c5f514ee" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/UmbralStealer-Super-Mario-Bros-Blog.jpg>; rel="canonical" content-length 29964 expires Sun, 22 Jun 2025 22:57:55 GMT
GET H2	200	Mallox-Ransomware-Blog.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	40 KB 41 KB	22ms 11ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/Mallox-Ransomware-Blog.png?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFiAltvEz7FJQ2pk1x4yxOYOzr57aEIaF1oy9N4+NzfM0pqJp8Ap90wNw4z7oFYyGqPVGSAxB6QSlq52vdsd7H0d+uOn463bMzJtebBDdEwwyJde+8En42gMqboxI0r8T4sBC6SncfGeK5YCoCuy+4WHfTbbk2C4EOTvR4N/3NaHWQgqkPejf0p8oOra5NpMyABVPFMCNDITnfk2dpeknGOk5Dy1vAAPGGLKEwW+ABlEIaYCQZml1cMqOTEsbvYg3HlChAORfp3O5IIE48o3IlqxCpCAj5BNXYdLGuYvYSai6XuxR+FBayywNRPdmMwL/MbRzuUfyELFAgPO8dovhATP/gRGhAXM3QgL8TbbJcK4jNZUUnEdmeIdo1+GOpPhCulVc0BLPweWG992/rl+3rZrteb56/AaHku90= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash 4e793eac7a4a757ace95a8f403c37da763bd80eed0ba73ef0a8c3a352d70d98a Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 3 date Mon, 26 Jun 2023 02:11:09 GMT x-content-type-options nosniff last-modified Thu, 22 Jun 2023 10:53:22 GMT server nginx etag "82c671f7ed842aec" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/Mallox-Ransomware-Blog.png>; rel="canonical" content-length 41276 expires Sat, 21 Jun 2025 22:53:22 GMT
GET H2	200	Vulnerability-Blog.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	51 KB 52 KB	24ms 13ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/Vulnerability-Blog.png?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFiAltvEz7FJQ2pk1x4yxOYOzr57aEIaF1oy9N4+NzfM0pqJp8Ap90wNw4z7oFYyGqPVGSAxB6QSlq52vdsd7H0d+uOn463bMzJtebBDdEwwyJde+8En42gMqboxI0r8T4sBC6SncfGeK5YCoCuy+4WHfTbbk2C4EOTvR4N/3NaHWQgqkPejf0p8oOra5NpMyABVPFMCNDITnfk2dpeknGOk5Dy1vAAPGGLKEwW+ABlEIaYCQZml1cMqOTEsbvYg3HlChAORfp3O5IIE48o3IlqxCpCAj5BNXYdLGuYvYSai6XuxR+FBayywNRPdmMwL/MbRzuUfyELFAgPO8dovhATP/gRGhAXM3QgL8TbbJcK4jNZUUnEdmeIdo1+GOpPhCulVc0BLPweWG992/rl+3rZrteb56/AaHku90= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash 435f00991111c79b8bc036b8ed00742762f60e8a3f93728ba8a5f75beafec266 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 3 date Mon, 26 Jun 2023 02:11:09 GMT x-content-type-options nosniff last-modified Tue, 20 Jun 2023 13:03:45 GMT server nginx etag "9f692b710f067478" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/Vulnerability-Blog.png>; rel="canonical" content-length 52520 expires Fri, 20 Jun 2025 01:03:45 GMT
GET H2	200	css fonts.googleapis.com/	3 KB 1 KB	84ms 27ms	Stylesheet text/css	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400 Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash d265615b79f98fdfff370ea32da7b4b02317fc6017b898cfb9c657a65618ac07 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 26 Jun 2023 02:11:09 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Mon, 26 Jun 2023 01:38:55 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 26 Jun 2023 02:11:09 GMT
GET H2	200	590d3d292d6178957f6f2d56cd112c07-optin.json Show response a.omappapi.com/app/campaign-views/b584497dcf5c/poopcsalbacovn7gzkxg/	32 KB 6 KB	30ms 9ms	XHR application/json	2400:52e0:1e00::1053:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/campaign-views/b584497dcf5c/poopcsalbacovn7gzkxg/590d3d292d6178957f6f2d56cd112c07-optin.json Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1053:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1053 / Resource Hash 801cc197035c539bb4a679fc5e7196cf27c47fbd83626e83164eec8209bd13ef Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding br cdn-edgestorageid 752 perma-cache HIT cdn-storageserver DE-577 cdn-cachedat 06/23/2023 06:48:09 cdn-pullzone 293267 last-modified Tue, 13 Jun 2023 05:38:24 GMT server BunnyCDN-DE1-1053 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"648800d0-7f5b" vary Accept-Encoding content-type application/json access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 47087ec8e5aff16bab8ba0e0ae5f42a6 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	stats.json Show response injection.amibreached.com/ Frame CAD4	124 B 973 B	76ms 53ms	Fetch application/json	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/stats.json Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bbdb1d21246d1c1a65aca8b41818f593b2d4704a459983866c0d331151b91887 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront) cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 80734 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:52 GMT server cloudflare etag W/"b660d52d56d1db01c2e37397c007a1e4" vary Accept-Encoding access-control-allow-methods GET content-type application/json access-control-allow-origin https://blog.cyble.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ACQScoqkdMG%2BlXZvTh7oYiJUri1KaPRV%2Fl3JNQBSSfLeUl31kFAVPorZWxiDNBUpyzVNDEa3PqHfPL7PEkO3cGVVebeltYprTu4WagXVK6JtO8th7e6fTyRCTLRHWEsSZsefap7qCuOrzVLKFsvsP7QkGEUtm0w%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, x-origin access-control-max-age 3000 access-control-allow-credentials true cf-ray 7dd1eb01fd940493-FRA x-amz-cf-id LvYaL242z_qW1G1w7InHfd2WtTWFiveW5l0xoWK9dNbiqPFqfpiBxg==
GET H2	200	bundle.production.js Show response static.hsappstatic.net/head-dlb/static-1.338/ Frame EF9D	44 KB 17 KB	66ms 17ms	Script application/javascript	2606:4700::6812:8e65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/head-dlb/static-1.338/bundle.production.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8e65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef39ee441c4e7792c5cda9a8bd86ddce96d9b17bda0cc9f7187f1a70ce9b3ed5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id uq4ahwTgbmdDVq3iqHPHE8OZSufTo1wc via 1.1 3cfbed06658a9baeb1fb855c8ec682f2.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop MXP63-P2 age 2185727 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Fri, 28 Apr 2023 15:18:57 GMT server cloudflare etag W/"d4a36ffcc533bcbae2a557884d3059e8" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PsjAbyNVw6AAXbWhdzjkwDTF2oIl%2FuzAhOHvR0RXIuCHPGEf7OLnnrQJ4%2BjHUoMzOjgWiWAToBQP7SnTUcWizbM729bN%2FBQASM9biPT5MjaDS5u%2F82r%2Bqugekw8pe0y62iCqCo1J51XS0igQ9RvBZb8mh1g%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 cf-ray 7dd1eb02dbf99b9a-FRA x-amz-cf-id 9yv5_zJVq-TQVwA1tmCT6CUK10MQir9NjJFOiezrTUMRHyOE8a-dbQ== expires Tue, 25 Jun 2024 02:11:09 GMT
GET H2	200	visitor.css static.hsappstatic.net/conversations-visitor-ui/static-1.14945/sass/ Frame EF9D	20 KB 4 KB	73ms 24ms	Stylesheet text/css	2606:4700::6812:8e65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.14945/sass/visitor.css Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8e65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 36d655313c51c3540e79a4ed3bff5be86110779b4e25043a6e78150a58cdbc66 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://app.hubspot.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id eTttM9S_vWGkXsa3G13R54bOHuRyRlPL via 1.1 1f900b337ea9504d5ab682a36992a20c.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop MCT50-P1 age 2098760 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Mon, 06 Mar 2023 22:24:16 GMT server cloudflare etag W/"8b2053a9d9199e217c1f3e61d80f5d90" vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2BN%2BymZY4vaeKUkAg1zNIOW9gwyetr9vt5SZT9hD%2BQvvmHgWO%2BBeGsanEMzlJxcUB%2B%2F9AJpHrDml2qKVh1Thmhly50LuUlqSARYHlIXzX885ByDhTU2RO5ddZbMR1oWTcMQWWkkh%2B%2FnUDssbGy9IqoqOThM%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31536000 cf-ray 7dd1eb02d8b89a39-FRA x-amz-cf-id 7Dg_CYJYJuWWk5_sm6U4nmYNfwVgr4G2VGth1dvo77Dttp3e6oKILw== expires Tue, 25 Jun 2024 02:11:09 GMT
GET H2	200	bundle.production.js Show response static.hsappstatic.net/hubspot-dlb/static-1.392/ Frame EF9D	294 KB 94 KB	68ms 19ms	Script application/javascript	2606:4700::6812:8e65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/hubspot-dlb/static-1.392/bundle.production.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8e65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a827ba0a43cbeb52e1f7c01fac1d8526f1a927ef58d5a0bc4ea4047a8b47f075 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id GyJQrIoHDRIfCuwwSVVsJwX13g1Qp9_O via 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 age 1546178 x-amz-server-side-encryption AES256 content-encoding br x-cache RefreshHit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Thu, 06 Apr 2023 11:56:47 GMT server cloudflare etag W/"90cd3e4c19469ce68f12da7dbe18af11" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2mz0%2B%2BcF0fepJ1HQA49UlSn4Bp6yd7wbbtRnMh0%2Fg5gEsr8bs9M6SmhZ09rIG0dra4BTSae8RlgHJ%2FleSW3T3MWyX45sx%2BVwqOLbTCwANBNfYxHmIlbtBy%2BBC7ai8i7AUG026ST%2F%2F%2BzCmrtckWZ4lfYgFo%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 cf-ray 7dd1eb02dbfa9b9a-FRA x-amz-cf-id zuBVbdQQYg3LBzmKyy3EJoTh60ToWxDtYwBUBF0PsxsXfIZTgjGhJQ== expires Tue, 25 Jun 2024 02:11:09 GMT
GET H2	200	visitor.js Show response static.hsappstatic.net/conversations-visitor-ui/static-1.15930/bundles/ Frame EF9D	610 KB 179 KB	67ms 19ms	Script application/javascript	2606:4700::6812:8e65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.15930/bundles/visitor.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8e65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf81ac8c30e3309074d0ed5b617c69c93033794ba854d533c349bc5f5e1b11da Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT x-amz-version-id R.g5gmjU3lBlqpxP3WcL7nHoSkS84poq via 1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 age 376383 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Wed, 21 Jun 2023 13:08:58 GMT server cloudflare etag W/"2b32fa0c551d7f8e6e69e02fcfd9dd3f" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWp%2FzB1O%2FkmczynvnsYJOCRMFRaO6lswmg7L0RDfXI3C%2FijmFfBuNxwN0fW6mOgGTnPaxXTa2AOe9xFlEG3cPO59B6LQiO4TGI9d8qXOAUZ9FQ0dvSXGu3C5wHPo7So%2B9GS%2BnpyX7wzrfDgG7%2BLx4gTUzYY%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 cf-ray 7dd1eb02dbfc9b9a-FRA x-amz-cf-id JJ2VkRcsbrF8TOARmenojq45HSKZyP1xXh9PuMQ-v-M4_z5p9Cq8Pw== expires Tue, 25 Jun 2024 02:11:09 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	1 KB 774 B	56ms 10ms	Script application/x-javascript	2a02:26f0:3100::1735:28a8 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 77cf16e1867991ea4ed7fb6d470e613528693de636fb0f1352936cc480e180ae Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 22 Jun 2023 17:56:59 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=22925 accept-ranges bytes content-length 562
GET H2	200	memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 fonts.gstatic.com/s/opensans/v35/	18 KB 19 KB	42ms 7ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v35/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:400 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Sat, 24 Jun 2023 02:30:05 GMT x-content-type-options nosniff age 171664 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18664 x-xss-protection 0 last-modified Tue, 02 May 2023 15:19:23 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 23 Jun 2024 02:30:05 GMT
GET H2	200	inject.8d8a39d8fa64efbb0671.bundle.js Show response injection.amibreached.com/ Frame CAD4	130 KB 44 KB	40ms 36ms	Script application/javascript	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9af44543fbf7b09c3d68e46dcb21d2cb9ec5f18bbd537cea92360a85c5db793e Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3202 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"046f84a87526210ff005ab33291675c9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wayEy7qyCas8UEfwyj9Su2Ma76Qd0uRdBqMnDBTBMROWE6tTZMhyq%2FSbKCBTLpPsVUsYd7PZHY8YDqcB5qoMCLZmebChaEN5HcJntCd%2FyfHTprk0nqJPKQRDs4WhFcNbkP8%2B%2BDT6HDpS7JOdvR0lUPc4fvM8mQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7dd1eb030cb69104-FRA x-amz-cf-id Z4oKF4moOftQlkXtKnkc4HNTCtPfe4DMq6XKESxq6w72vxLYhDZ-Mg==
GET H2	200	main.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame CAD4	703 B 738 B	41ms 37ms	Stylesheet text/css	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/main.8d8a39d8fa64efbb0671.css Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c7d0240fd43289ab1411c5fa1277574ee436d3a3bbb82d34c4d82f32d04517b8 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:09 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 d21c7dc6bfb9c2f00dc62b8a7281a898.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3202 x-amz-cf-pop MXP63-P1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"ff4f518052149a21c5b6397b3f717f6a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sYQMwdNuBQbhCilXMU9H%2BV3IgK5xCXEimjxvgF81bNiiOJBwGrSd9r0s7tLDBjg8%2FlLNkmmu59JnLcwSvqL8%2BAqu4aAkx2CctO8AOD9Bzr9apVU6dyq150JO%2FQsXP0Z0H951Y6AuK7lE9U3dqAW9hpX3HYxQw%2Bs%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7dd1eb030cb59104-FRA x-amz-cf-id S-f16snPnUA0CTFxKXC4X9I39Dj3xFUEZwiRWIYF2T2XtMJcKuUIJg==
GET H2	200	insight.old.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	8ms 7ms	Script application/x-javascript	2a02:26f0:3100::1735:28a8 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.old.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-edgeconnect-origin-mex-latency 656 date Mon, 26 Jun 2023 02:11:09 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 21 Jun 2023 22:21:38 GMT x-cdn AKAM x-edgeconnect-midmile-rtt 0 x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=45466 accept-ranges bytes content-length 4777
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/4053396/domain/blog.cyble.com/	36 B 375 B	65ms 11ms	XHR application/json	2600:9000:20eb:9c00:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/4053396/domain/blog.cyble.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:9c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 01:26:14 GMT content-encoding gzip via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 age 2696 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=3600 x-amz-cf-id lUmEYEmHV8HfTiA8cg9NIs6N9kF85HjHFqSHgeruY2yGPPUluSB4iw==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1687745470069%26url%3Dhttps%253A%252F%252Fblog.cyble.com%252F202... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2...	0 265 B	196ms 156ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&cookiesTest=true&liSync=true&e_ipv6=AQJUJSxnljslSgAAAYj1eCDDJPFFsweRt6dECf2VBXQVrWALXlKVh0c2LH94ziC6gf4rnjQiFyptHCEyA2bmwDHvtgcSCA Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 7552B0605C0D416F912EEA354EE895E6 Ref B: DUS30EDGE0814 Ref C: 2023-06-26T02:11:10Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAX+/t1Cxpi8tR/1qj84Tg== Redirect headers date Mon, 26 Jun 2023 02:11:10 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: C6CD6C67C0534971B0F22B553291CCFB Ref B: FRAEDGE1308 Ref C: 2023-06-26T02:11:10Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1687745470069&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&cookiesTest=true&liSync=true&e_ipv6=AQJUJSxnljslSgAAAYj1eCDDJPFFsweRt6dECf2VBXQVrWALXlKVh0c2LH94ziC6gf4rnjQiFyptHCEyA2bmwDHvtgcSCA x-li-proto http/2 content-length 0 x-li-uuid AAX+/t0/3pjbBRhNgNhKaw==
GET H2	200	272.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame CAD4	348 KB 52 KB	40ms 27ms	Stylesheet text/css	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c77d2ba289d0e2827ad7f79b00972a63c7f4426d89b8ce6b5da90a368760cfe4 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 259df3f3acee8ca070d87aedc7b2aa96.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3203 x-amz-cf-pop MXP63-P1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"a858af055119af47585aeffbfd69ceac" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VOyot1%2FIt8%2FmCi8sYjH7o92Pxs9YhY7eJMZ6%2BjQwJlgS108ToCnE5%2FJpap9gA8n%2BaTOCT0C5I7ZQnNjJNQZxucnzA%2B3Lw0sc4J52yspGf7%2B8fGedH11PrbCmMxnY9n%2BI0riVzDq5OJbttDsoCh%2FFmW94YZUrWGk%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7dd1eb042d5b9104-FRA x-amz-cf-id GkjV4GLPRePdv75Jzt-nnQiefrZh7xGlU_r86YFJqVKSh2wW7Jm70A==
GET H2	200	272.8d8a39d8fa64efbb0671.chunk.js Show response injection.amibreached.com/chunks/ Frame CAD4	381 KB 100 KB	44ms 32ms	Script application/javascript	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/chunks/272.8d8a39d8fa64efbb0671.chunk.js Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 29d409fee0f34ebc05fa36076c101b77e28dccbcfdbfbf4cf248371820ca9ddb Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 e7bb40fae65694ea199c059324c79b1c.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3203 x-amz-cf-pop MXP64-C3 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag W/"a161e1a55882deeacea4aadc5ab6a660" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbPiHi7Ij8XxURxl03mwtEuBpOLcLDj%2BzwcM2MfhgZCN%2FjF40Sl5%2FrwNOTTBxQLl62TeOucfbkSX6V833H3lIq853WJKbbjZnIrkBu58FfqBo273CA0JWZHAmBLRlPNwbgYXmMn%2FBvkFcKOpJv8%2Bm3Gkk4QOf3I%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7dd1eb043d669104-FRA x-amz-cf-id -umx4jMAUnmc4Jis-Lc4cnGPVhAb0OvXwPSfIpv86nAor3D797ZQAw==
GET H2	200	349.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame CAD4	3 KB 2 KB	46ms 35ms	Stylesheet text/css	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/349.8d8a39d8fa64efbb0671.css Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9d904f71a4d973dac278821490969eb0a63dd97635584930bbbbec0a3e608d75 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 90dd5141cd2d05c51d479a582cded280.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3203 x-amz-cf-pop DUS51-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"d5e9ad0edf5f90c0d209a111611b1fba" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D7JQjPMFNoFp6w3QENclhGGDXQ7EMnGV4N9LDRR3vusohIjtAbem%2F69DJtCp54Y%2BxUYeovYoE31TJZQlR12UA8yduOzuNAnL70zVrSNG99BQHm4SUJ9dn540iPY1vob46meSsJ6f3U9xEhZEiR2%2B7LQwgf88c0U%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7dd1eb043d659104-FRA x-amz-cf-id 0Z8ZZSAGSbwMjpKi5gUjI7y6Q4iEaAivzhxXh4AJWTE_y3VtJWVzXg==
GET H2	200	349.8d8a39d8fa64efbb0671.chunk.js Show response injection.amibreached.com/chunks/ Frame CAD4	16 KB 5 KB	49ms 38ms	Script application/javascript	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/chunks/349.8d8a39d8fa64efbb0671.chunk.js Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a2c197367cb631f88fca96c13ec0c06d0a99bc5398d0349716bc06ce7a91e8ce Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3203 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"0e05edf25a54d46e1a8ef01ec442978b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FViBADqEZYpXrQ3dn7ks8E04RsEexklHDPrNRWwkQ26mWuPiZvPdd9bU5LhUIze6qPsRf4o8zrlQPEyP%2FGF2HbtBXjkQridZcMqJPFxTepvDm9g7YBeUynLSUZW1SwStRN5IdO0qEUEuc%2B0GWiLL3OEKwGPoGU%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7dd1eb043d679104-FRA x-amz-cf-id 3rkU3aJ4QY2csw_zdZq7asGoiceTdOVnEZfkC31sZmgPfXiffA8TNQ==
GET H2	200	i18n-data-data-locales-en-us.js Show response static.hsappstatic.net/conversations-visitor-ui/static-1.15894/ Frame EF9D	776 B 907 B	15ms 14ms	Script application/javascript	2606:4700::6812:8e65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.15894/i18n-data-data-locales-en-us.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8e65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 50e16cd4e9ca2e3fa07a17999a03ea7d64aaf98e589d8f31bf8d058b392006c2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT x-amz-version-id W6sRVm4a0TZhhY1dFjRGW6vrlAEpwoIL via 1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 age 376384 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Thu, 15 Jun 2023 18:05:54 GMT server cloudflare etag W/"9632a4ca2c63ac21a220b847bcc31c1c" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ibi13aZLTuuPc2LENOLijSfjFmbbDND4Lmvia9Kq03Er27IZhbaz4X6IYeuxorbrqvtfWpKEKylnRmXawqGGhG%2B4248rIlwd8xK8spETOGrOtqnP2dZd3LssBsj2tbL64Cd%2FfZj3o%2FAB59tpHqXyQwZaLng%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 cf-ray 7dd1eb04bd319b9a-FRA x-amz-cf-id ux2qUza5mMbsJWtB8BC2mOO-Fs6pbwYU3FVPPGL05Rg36bxz-yhQ8A== expires Tue, 25 Jun 2024 02:11:10 GMT
GET H2	200	nr-spa-1216.min.js Show response js-agent.newrelic.com/ Frame EF9D	49 KB 18 KB	58ms 9ms	Script application/javascript	151.101.194.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-spa-1216.min.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.194.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://app.hubspot.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-amz-version-id UU.F5jvoumAjQChriwTQHbisCFw_OInU content-encoding gzip via 1.1 varnish date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=300 x-amz-request-id REH8T4KBA37AVBJA x-cache HIT cross-origin-resource-policy cross-origin content-length 18216 x-amz-id-2 lpXxWpalT6LoQmVqBFSIBeVhKAPBnXFaf4q/AlcmbWjdWWYefitLc2xW45W+quIhO15/u43msoU= x-served-by cache-fra-eddf8230070-FRA last-modified Thu, 14 Apr 2022 16:45:57 GMT server AmazonS3 x-timer S1687745470.319634,VS0,VE0 etag "63e2df852d15ab21d7ff8fc4363222e8" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=7200, stale-if-error=604800 accept-ranges bytes x-cache-hits 4
GET H2	200	hawk.png labs.cyble.com/hs-fs/hubfs/ Frame EF9D	4 KB 5 KB	104ms 30ms	Image image/webp	2606:2c40::c73c:671e CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.cyble.com/hs-fs/hubfs/hawk.png?width=108&height=108 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738 Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app.hubspot.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=31536000 via 1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests cache-tag F-83412232556,P-21289959,FLS-ALL x-hs-https-only worker alt-svc h3=":443"; ma=86400 content-length 4194 cf-resized internal=ok/h q=0 n=13+0 c=54+48 v=2023.4.2 l=4194 last-modified Tue, 30 Aug 2022 08:53:18 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cfLv25S9_RZ9mVF-YFCFUfZcZkUn9Bg2vL7Sxl6y2PDQ:ac94ce2bd2684e2d18ebb6c3988701dd" vary Accept, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uazjk0NkhcggMY4u%2BnnrTvpzAxkj0au5aG6Txx%2FqpayRNSp7fYkiq7fOJJX4y5GpCvxBuo82ye7pSTZL22sp60caxIC1f0VMlPIMMGyvLCpuiCJlVRtUYEt2RWoQRXs5qINeWVvlmA5P6%2FDr"}],"group":"cf-nel","max_age":604800} content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7dd1eb061f34bbaf-FRA
POST H2	204	rhumb app.hubspot.com/api/cartographer/v1/ Frame EF9D	0 1 KB	130ms 129ms	Ping text/plain	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.15930 Requested by Host: static.hsappstatic.net URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.15930/bundles/visitor.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d5de12db-48cb-43c0-b2d8-17fa5cc4eab7 x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 66d82de8-a9fd-4b92-8034-62983848e577 server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vgm9xr6woEzhvC5DadLFUDpcUu87MrgxOSa0WUY7P5A2VX%2BzHPmpVkIcpKBbjLmn1%2B2y1V9gNUTpHorZQAHiz%2Fe8ASbPV%2BKOh5t%2FFHoJfX%2FTT1NEQhfMdxmY0z1KfUE4K0Y6yFWGvC%2BYj5VSIA%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin https://app.hubspot.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-fmst8 access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet, X-HubSpot-Auth-Failure access-control-max-age 604800 access-control-allow-credentials true x-evy-trace-virtual-host all cf-ray 7dd1eb05ab0103ac-FRA access-control-allow-headers Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer timing-allow-origin *
GET H2	200	welcomeMessages Show response app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/ Frame EF9D	982 B 1 KB	149ms 148ms	XHR application/json	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/welcomeMessages?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.15930&conversations-visitor-ui=static-1.15930&traceId=60d0782946104178b73b323162a9393e&sessionId=AMOaWbKEbRvHuLZlcJAuRFYFohm-1qunZvmK7RNHQH5S3QnRUATBk_L5a_IIobsRntYjtWRc84lesL4ySJM-THw-y4kz193CEnjiHmFBZ8ozCwjyC1baLBZqz61lFDxMBa9wYESScYVdWvpTwUhG5xfh9rOai9vpZFSxXmrJWxiS5ir4xMmJD1w Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 44e7b3c30f80bbe559a44c138015477f8bcf50722a8553ef318587739bd6d991 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 1170b0aa-5a52-4b9e-a345-f4668274fe03 x-envoy-upstream-service-time 24 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8143fa3c-0c80-48b4-ab7e-718bfe241bca server cloudflare x-trace 2B659B5727107AB1929921602E44FB84F7BAC5871F000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-6wnvv x-evy-trace-virtual-host all access-control-allow-credentials false report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=chLAQUs07YBOdrRZfrRNdbFulQQuN8rILT1wzq14GTV79SZMOqHAdKoNX2nAFMv6y9LRm6b2p7O0OPqZCzv29dWM6n2k%2BbkEas%2F4EFZHjSiK78782MwxAodMCzNrPuaSVrp%2FN2clUIMTwLS%2FuA%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7dd1eb05bb0d03ac-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET		primeicons.ttf injection.amibreached.com/assets/fonts/ Frame CAD4	0 0
GET H/1.1	200 OK	f9d051f404 Show response bam-cell.nr-data.net/1/ Frame EF9D	56 B 497 B	431ms 406ms	Script text/javascript	162.247.243.30 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam-cell.nr-data.net/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=867&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e&be=438&fe=720&dc=670&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1687745469548,%22n%22:0,%22f%22:2,%22dn%22:4,%22dne%22:29,%22c%22:29,%22s%22:42,%22ce%22:60,%22rq%22:64,%22rp%22:233,%22rpe%22:237,%22dl%22:293,%22di%22:670,%22ds%22:670,%22de%22:670,%22dc%22:719,%22l%22:719,%22le%22:720%7D,%22navigation%22:%7B%7D%7D&fp=844&ja=%7B%22nrSnippetVersion%22:%221216%22,%22environment%22:%22prod%22,%22deployed%22:true,%22hublet%22:%22na1%22,%22hsOlderBrowserVersion%22:false,%22conditionalPolyfillsInstalled%22:false,%22portalId%22:21289959,%22package%22:%22conversations-visitor-ui%22,%22packageVersion%22:%221.15930%22,%22template%22:%22visitor-index.html.tsx%22,%22user-online%22:true,%22visibility%22:%22visible%22,%22currentVisibility%22:%22visible%22,%22isEmbeddedInProduct%22:%22false%22,%22isInlineEmbeddedWidget%22:false,%22reactRhumbVersion%22:%221.9355%22,%22reaganVersion%22:%22react-rhumb%22,%22route%22:%22/%22,%22numReaganChecksStarted%22:1,%22numPreviousReaganChecksAborted%22:0,%22avgDurationBeforePreviousReaganAborts%22:0,%22numPreviousReaganChecksFailed%22:0,%22numPreviousReaganChecksSuccessful%22:0%7D&jsonp=NREUM.setToken Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.30 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d Request headers accept-language de-DE,de;q=0.9 Referer https://app.hubspot.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type text/javascript access-control-allow-origin * access-control-allow-credentials true cross-origin-resource-policy cross-origin Connection keep-alive Content-Length 56 x-served-by cache-fra-eddf8230115-FRA
GET H2	200	primeicons.woff injection.amibreached.com/assets/fonts/ Frame CAD4	56 KB 57 KB	32ms 32ms	Font binary/octet-stream	2606:4700:20::681a:c31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/assets/fonts/primeicons.woff Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c31 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3929b55159e62d9da3efa3466a30de684b88f085559c9a4d18868fc667601692 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:10 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 706 x-amz-cf-pop FRA6-C1 x-cache Hit from cloudfront content-length 57460 last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag "3b6e3706f42d8876fe364ab4d75683fd" vary Accept-Encoding access-control-allow-methods GET content-type binary/octet-stream access-control-allow-origin https://blog.cyble.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WgTjDQq3Y%2FP5%2B482DQ6nzlKtkRi9hsrzxaAfHLkn7ERE0iQ5wksF4nxb0JcaKXNqI7LUYqUV%2B8YKJJZL4VJdzsqELFWbH7RASSSQcporGzSK%2Bi5d9%2BFHjiMeSnZv56HW6VM3dEdg60pOWxI7%2FYIWOI8D%2FNLsZ7w%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, x-origin cache-control max-age=120 access-control-allow-credentials true access-control-max-age 3000 accept-ranges bytes cf-ray 7dd1eb06182b0493-FRA x-amz-cf-id ObcxNlFq98fKb0D6r5Cx9j5agqrSIe6vCVN5qc5AmqdX0gHG2BMgIA==
POST H/1.1	204 No Content	f9d051f404 Show response bam-cell.nr-data.net/ins/1/ Frame EF9D	0 283 B	109ms 105ms	XHR text/plain	162.247.243.30 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam-cell.nr-data.net/ins/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1305&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.30 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://app.hubspot.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 content-type text/plain Response headers access-control-allow-origin https://app.hubspot.com date Mon, 26 Jun 2023 02:11:10 GMT access-control-allow-credentials true Connection keep-alive access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS x-served-by cache-fra-eddf8230115-FRA
POST H/1.1	200 OK	f9d051f404 Show response bam-cell.nr-data.net/events/1/ Frame EF9D	24 B 344 B	132ms 117ms	XHR image/gif	162.247.243.30 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam-cell.nr-data.net/events/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1310&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/60d0782946104178b73b323162a9393e?uuid=8150e12dd9814894b757be23d8685b60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=60d0782946104178b73b323162a9393e&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.30 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300 Request headers Referer https://app.hubspot.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 content-type text/plain Response headers date Mon, 26 Jun 2023 02:11:10 GMT access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type image/gif access-control-allow-origin https://app.hubspot.com access-control-allow-credentials true Connection keep-alive Content-Length 24 x-served-by cache-fra-eddf8230104-FRA
GET H2	200	__ptq.gif track.hubspot.com/	45 B 698 B	122ms 120ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&t=Cyble+%E2%80%94+Trojanized+Super+Mario+Game+Installer+Spreads+SupremeBot+Malware&cts=1687745470950&vi=5bb161a0b2def079ed13515faf00f740&nc=true&u=27441379.5bb161a0b2def079ed13515faf00f740.1687745470936.1687745470936.1687745470936.1&b=27441379.1.1687745470943&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 0327b505-95c2-4cc2-b425-a58514fd84d7 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3258092c-1a60-400b-a432-88f565927bf6 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JRkjiP5y%2BWMirNPP12AuwWY4I8jhjoVHe%2FuvEWKq92C59HfafxJDc%2FjGt4PvL1hJav4ikyl3h9w1XIsoNI1Iqz1kJn8UhR7T1HNblybGbKZGmfekVYAdiJ41r%2FFhLfFEbbnBcrZpDcWeB15ST6BJ"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-86grs x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7dd1eb098d9303ac-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 468 B	186ms 127ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=bac8e119-f853-4ac4-8a39-0aabbfdc8846&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&t=Cyble+%E2%80%94+Trojanized+Super+Mario+Game+Installer+Spreads+SupremeBot+Malware&cts=1687745470958&vi=5bb161a0b2def079ed13515faf00f740&nc=true&u=27441379.5bb161a0b2def079ed13515faf00f740.1687745470936.1687745470936.1687745470936.1&b=27441379.1.1687745470943&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 960f809c-0afa-44dc-8fdb-e9ecd5698337 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 34e2e51b-cbdf-4953-9e0c-dfc49d4b6c1f server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x5Jm1xyLQSNvvpHLo7CPnjXd0hW4ZVcblXLRfHfryZ9fp3GfHWbaBy5GRjNYtqhg7qcDN%2F%2BxDZgWqKIjAQiGvu2ZhTqVPgrPfEE7Dyfs8%2FOlu9uDI1T4d4WPkP9LaHLZkzpzf5%2Fb%2Fe0mFzqEtnQH"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-86grs x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7dd1eb0a0dd403ac-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 421 B	191ms 132ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=bac8e119-f853-4ac4-8a39-0aabbfdc8846&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&t=Cyble+%E2%80%94+Trojanized+Super+Mario+Game+Installer+Spreads+SupremeBot+Malware&cts=1687745470959&vi=5bb161a0b2def079ed13515faf00f740&nc=true&u=27441379.5bb161a0b2def079ed13515faf00f740.1687745470936.1687745470936.1687745470936.1&b=27441379.1.1687745470943&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 631a561a-d60c-40b5-a57a-1ba2c6778dcd p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id cc8dae55-cfe5-4ad8-a8d2-01071eb4abea server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ksp82Vifj0SESroz1aZWoIif8EoY8Sa%2BZXwGp62xbZ%2BSPOBLUvnww%2BYo7du8cUxu2PEjrFmzeeoumPcgxRsqH2JiJUmvP4p8nwAsw0MObxKYz3KSdYPID75E%2FoBeQhv0mdAYSomgDduGFANEfW6Z"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-86grs x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7dd1eb0a0dd503ac-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 497 B	189ms 131ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=623b2b46-e73b-4fce-8ec9-98c99350584a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&t=Cyble+%E2%80%94+Trojanized+Super+Mario+Game+Installer+Spreads+SupremeBot+Malware&cts=1687745470961&vi=5bb161a0b2def079ed13515faf00f740&nc=true&u=27441379.5bb161a0b2def079ed13515faf00f740.1687745470936.1687745470936.1687745470936.1&b=27441379.1.1687745470943&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 4175e10a-f2bd-400a-9f04-f8573a022c69 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c118f1cb-a886-46f3-bdc0-41810578e721 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2F3Bh0esw42Gaq6wRb2%2B5A1pulBY7kMve5GEODrgYvhtz%2Fj0oe0wt%2FFBzxx%2B53tgkXBxq4Ohi7mYSRSQkZZb0W%2F3kBs8K69FjgFE7DsspQoO0k3EMUXtROWdDp5uTI6Gz%2Few3eUZY2SHacLxZWHK"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-2c4rt x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7dd1eb0a0dd703ac-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 437 B	193ms 134ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=623b2b46-e73b-4fce-8ec9-98c99350584a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&t=Cyble+%E2%80%94+Trojanized+Super+Mario+Game+Installer+Spreads+SupremeBot+Malware&cts=1687745470962&vi=5bb161a0b2def079ed13515faf00f740&nc=true&u=27441379.5bb161a0b2def079ed13515faf00f740.1687745470936.1687745470936.1687745470936.1&b=27441379.1.1687745470943&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 62b51453-8e54-4679-9066-eb98ee5ccba3 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 0968f3a1-962f-49b1-98ef-622a18bb7a79 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VozVzPgu%2Bzu6g0YPshEkb0zIqPDYnq%2FGq9Sq%2BO3iAUef8nkWZWYPqhhJtjz3iI0pvM5yG%2F%2BYC2cjh0NNjZKAxywvHlexsJx3CIIJHu8yHqlQYAVAgUS0ZCLmeAa6PQLMULJgmInocd7cAY32liAu"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-kn6mk x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7dd1eb0a0dd803ac-FRA x-robots-tag none
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	5 KB 2 KB	165ms 130ms	XHR application/json	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=5bb161a0b2def079ed13515faf00f740&__hstc=27441379.5bb161a0b2def079ed13515faf00f740.1687745470936.1687745470936.1687745470936.1&__hssc=27441379.1.1687745470943&currentUrl=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F Requested by Host: js.hsleadflows.net URL: https://js.hsleadflows.net/leadflows.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1be6790cae39cfa1a4f433d21568356576dd34e2d85916e355c14b2c5638f097 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id b2fabc5a-c319-411b-96dc-781fa393bd32 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 20 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 4ccce51d-a7bb-4e48-b14e-ec02835d9482 server cloudflare vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=367uQO6q1hJ15DjBge27CF1jEWm4lynZIPZo0JLVa0aBpkJVu%2BGq9PT5e8lxrNnLa%2BE4mjlEaFwWwr9irintGTCL4sFKccalm5R4N3bfmpnOxYBx3IH5CAWd6z1rwkgijmGYnSLoAnKniTffkP7d"}],"group":"cf-nel","max_age":604800} x-robots-tag none access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 7dd1eb0a2d829137-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-2ls4d
GET H3	200	__ptq.gif track.hubspot.com/	45 B 911 B	142ms 141ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=16&fi=790ac0ff-0b05-4061-9a47-31d43798706a&lfi=3647704&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&t=Cyble+%E2%80%94+Trojanized+Super+Mario+Game+Installer+Spreads+SupremeBot+Malware&cts=1687745471213&vi=5bb161a0b2def079ed13515faf00f740&nc=true&u=27441379.5bb161a0b2def079ed13515faf00f740.1687745470936.1687745470936.1687745470936.1&b=27441379.1.1687745470943&cc=15 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 73be64e3-031f-4c29-a9ac-8fe7f5485783 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id f2ae0dd9-1b5b-49a3-8725-4576e226a2f2 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHl3Ky4oT4NKMmHHj9F7%2B9CFIWIpOCDht7xPJUJ4u6WMPr2xc0NmhoG2OoCkyg7KMF6d4qSeLb4OXYh5AVOpl7yZoiZfh60vRR7b18USzmVGuzHPm3kwFpq0n7BvAC47FJM89yJGbNq8eCoMLuzn"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-wnd65 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7dd1eb0b2c152bb9-FRA x-robots-tag none
GET H3	200	__ptq.gif track.hubspot.com/	45 B 875 B	385ms 384ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=16&fi=cee71856-29e8-471c-8003-80db9e58e8dc&lfi=5011554&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&t=Cyble+%E2%80%94+Trojanized+Super+Mario+Game+Installer+Spreads+SupremeBot+Malware&cts=1687745471214&vi=5bb161a0b2def079ed13515faf00f740&nc=true&u=27441379.5bb161a0b2def079ed13515faf00f740.1687745470936.1687745470936.1687745470936.1&b=27441379.1.1687745470943&cc=15 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 02:11:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 717b2885-6864-481b-b254-6e85f2c8d13d p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 91b8064a-5e87-4248-94a5-c7c74c9b0dbc server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0zokpN14hkmPWi7IzfJWpBaKqg3hUhGKchcaH3fmCyrOgPcPeD4enCHogPkI9uuf0KUUYtPW7byfxHG0f3fbwtm0aKc%2Fe%2BAvTKsoREqXR5SNsCTBZYHhrYv8Zqh1CS2H1jPXPpBIGqlQvnTeIu9N"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7dd1eb0b2c182bb9-FRA x-robots-tag none
GET H2	204	boom.gif pixel.wp.com/	0 37 B	6ms 6ms	Image text/plain	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.08&largest_contentful_paint=2065&batcache_hit=0&provider=wordpress.com&service=atomic&effective_connection_type=4g&rtt=0&downlink=10000&host_name=blog.cyble.com&url_path=%2F2023%2F06%2F23%2Ftrojanized-super-mario-game-installer-spreads-supremebot-malware%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=21&nt_connectStart=21&nt_connectEnd=35&nt_secureConnectionStart=26&nt_requestStart=36&nt_responseStart=241&nt_responseEnd=280&nt_domLoading=243&nt_domInteractive=1757&nt_domContentLoadedEventStart=1758&nt_domContentLoadedEventEnd=1804&nt_domComplete=3697&nt_loadEventStart=3697&nt_loadEventEnd=3765&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=1295&first_contentful_paint=1295&resource_size=2740002&resource_transferred=585927&js_size=629862&js_transferred=181388&resource_cache_percent=0&js_cache_percent=0&last_resource_end=4375 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers access-control-allow-origin * date Mon, 26 Jun 2023 02:11:13 GMT cache-control no-cache server nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

injection.amibreached.com

URL

https://injection.amibreached.com/assets/fonts/primeicons.ttf