www.activecountermeasures.com Open in urlscan Pro
172.67.70.5 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Submission: On June 14 via api (June 14th 2024, 11:36:13 am UTC) from US — Scanned from DE

Summary HTTP 83 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 8 domains to perform 83 HTTP transactions. The main IP is 172.67.70.5, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.activecountermeasures.com.
TLS certificate: Issued by GTS CA 1P5 on May 8th 2024. Valid for: 3 months.

This is the only time www.activecountermeasures.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 63	172.67.70.5 172.67.70.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
10	172.67.39.148 172.67.39.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
83	9

63 172.67.70.5 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.activecountermeasures.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.67.39.148 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	activecountermeasures.com 2 redirects www.activecountermeasures.com	941 KB
10	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4534	34 KB
6	gstatic.com fonts.gstatic.com	96 KB
1	w.org s.w.org — Cisco Umbrella Rank: 3918	891 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2347
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	90 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 951	7 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 77	2 KB
83	8

	Domain	Requested by
63	www.activecountermeasures.com	2 redirects www.activecountermeasures.com static.cloudflareinsights.com
10	static.addtoany.com	www.activecountermeasures.com static.addtoany.com
6	fonts.gstatic.com	fonts.googleapis.com
1	s.w.org
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	www.activecountermeasures.com
1	static.cloudflareinsights.com	www.activecountermeasures.com
1	fonts.googleapis.com	www.activecountermeasures.com
83	8

This site contains links to these domains. Also see Links.

Domain
portal.activecountermeasures.com
github.com
attack.mitre.org
www.cyfirma.com
www.winitor.com
medium.com
isc.sans.edu
bazaar.abuse.ch
joseliyo-jstnk.medium.com
www.attackiq.com
www.wireshark.org
www.dropbox.com
zeek.org
discord.gg
www.youtube.com
www.addtoany.com
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
activecountermeasures.com GTS CA 1P5	`2024-05-08` - `2024-08-06`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
cloudflareinsights.com GTS CA 1P5	`2024-05-08` - `2024-08-06`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
static.addtoany.com E1	`2024-04-23` - `2024-07-22`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.w.org Sectigo ECC Domain Validation Secure Server CA	`2023-12-18` - `2025-01-17`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Frame ID: C7B3FACB64417DACF927E1D18DAA873E
Requests: 93 HTTP requests in this frame

Frame: https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
Frame ID: 483EF755E677AB8129D356CE7940348C
Requests: 4 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: 2BED3EFC6DF3BE80C8A90BDA9AE7B465
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malware of the Day - XenoRAT - Active Countermeasures

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/revslider/[/\w-]+/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

83
Requests

96 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

9
IPs

2
Countries

1170 kB
Transfer

2967 kB
Size

3
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://portal.activecountermeasures.com/my-account/
Title: Customer Login

Search URL Search Domain Scan URL

URL: https://github.com/moom825/xeno-rat
Title: XenoRAT

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0011/
Title: TA0011 Command and Control

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1571/
Title: T1571 Non-Standard Port

Search URL Search Domain Scan URL

URL: https://www.cyfirma.com/research/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/
Title: similar

Search URL Search Domain Scan URL

URL: https://www.winitor.com/download
Title: PEStudio

Search URL Search Domain Scan URL

URL: https://github.com/GDATASoftwareAG/TypeRefHasher
Title: TypeRefHasher

Search URL Search Domain Scan URL

URL: https://medium.com/threat-intel/lnk-files-living-off-the-land-11c1e2218dc2
Title: convenient malware vector

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/data/port/4444
Title: this report

Search URL Search Domain Scan URL

URL: https://www.winitor.com/download2
Title: downloaded

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/857a42515928a58c55da34ff697bc0b19f4dc5f64791490bfd64edcc020ea23e/
Title: reports

Search URL Search Domain Scan URL

URL: https://joseliyo-jstnk.medium.com/typeref-hasher-the-imphash-solution-for-samples-in-net-9aad14502bbf
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/GDATASoftwareAG/TypeRefHasher/releases/tag/v1.0.3
Title: TypeRefHasher

Search URL Search Domain Scan URL

URL: https://www.attackiq.com/glossary/pyramid-of-pain/
Title: Pyramid of Pain

Search URL Search Domain Scan URL

URL: https://www.wireshark.org/
Title: Wireshark

Search URL Search Domain Scan URL

URL: https://www.dropbox.com/scl/fi/2drrd33guhbsp6o0sku0q/xenorat_1hr.pcap?rlkey=ru2sqozbeeykppqd18u7pm6ni&st=6l4ouplp&dl=0
Title: xenorat_1hr.pcap

Search URL Search Domain Scan URL

URL: https://www.dropbox.com/scl/fi/rkgyyjw8rj727ej5pohn6/xenorat_24hr.pcap?rlkey=8fjg4hhjwablq59uivd6sdpn3&st=yvymip5e&dl=0
Title: xenorat_24hr.pcap

Search URL Search Domain Scan URL

URL: https://zeek.org/
Title: Zeek

Search URL Search Domain Scan URL

URL: https://www.dropbox.com/scl/fi/cmgy6gbg7jwtsgda5ueoj/xenorat_zeek_logs.zip?rlkey=ro5k7wexbp32lpyw7zpy5vx15&st=jhu4emjg&dl=0
Title: xenorat_zeek_logs.zip

Search URL Search Domain Scan URL

URL: https://discord.gg/threathunter
Title: We invite you to join our server here.

Search URL Search Domain Scan URL

URL: https://www.cyfirma.com/research/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/#:~:text=In%20summary%2C%20Xeno%20RAT%20is,free%20content%20and%20phishing%20emails.
Title: XenoRAT: A New Remote Access Trojan with Advanced Capabilities

Search URL Search Domain Scan URL

URL: https://medium.com/@andrew.petrus/xeno-rat-basic-malware-analysis-1d71dd5c613f
Title: XenoRAT: Basic Malware Analysis

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@faanross
Title: https://www.youtube.com/@faanross

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.activecountermeasures.com%2Fmalware-of-the-day-xenorat%2F&title=Malware%20of%20the%20Day%20%E2%80%93%20XenoRAT
Title: Teilen

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ActiveCmeasures
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/ActiveCmeasures
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/activecountermeasures
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/active-countermeasures/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://www.activecountermeasures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js

Request Chain 89

https://www.activecountermeasures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js

83 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
www.activecountermeasures.com/malware-of-the-day-xenorat/ 175 KB
38 KB 400ms
178ms Document
text/html 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 186405e5be1eb65fabff6db3f8cb6a8d187cb2a841a81fbdcad1c1b92b385c26

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=3600, public
cf-cache-status: DYNAMIC
cf-ray: 893a05562a95bbbf-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 14 Jun 2024 11:36:07 GMT
last-modified: Fri, 14 Jun 2024 09:38:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3mguyHLcK5sgExRZhn5mTJy5K%2FtQWyHxDadsbEQSoCityx34Cm6v1AYDiIBneLN2O%2FHYlp%2BGr0xmto9iMwQjyINi8NIFaS5QDoeT9e348DMnAm0E5GAi9gi%2Fqmqbgl8F%2BniXuHNuxZ1I17EPr%2Bwr"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: X-Forwarded-Proto,Accept-Encoding

GET
H3 200 lazyload.min.js Show response
www.activecountermeasures.com/wp-content/plugins/w3-total-cache/pub/js/ 6 KB
3 KB 203ms
201ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 2356
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 13 May 2024 17:27:55 GMT
server: cloudflare
etag: "1883-6185934b8cc59-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A0UgceYJm6EeLNY3dFYYTbBJ0t4ygaJQ1y1lnwMZ03mz%2B95lIpA5JcavD8fuw9TdxzOg5j3DLRc5alOcCEE95iVUB4I72G%2FjTRpIVrFnRR5vhACqH0vycW60c1n2pUc7aNbEq0Yi5T7XzNoMGoIN"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05574c53bbbf-FRA

GET
H3 200 bootstrap.min.css
www.activecountermeasures.com/wp-content/themes/etalon/core/assets/css/ 124 KB
18 KB 157ms
155ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/themes/etalon/core/assets/css/bootstrap.min.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8430db3fbadc3837e1dc01722a56a1de6347c4b376fb9e1715265502e447efda

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 18288
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:46:14 GMT
server: cloudflare
etag: "1f16f-573ca042cb221-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2BOAby%2FHm67Honex7RobXTTZ%2B5kaRq5D2TAXhh2xhzi5GnpvfCbd96mI2yqaDRFyKD24GbGXi70W0ym0%2Ff8Q2GEqtJKYpN2Oxc%2FSi7MXUQZgD7N1DHrhTWBRuQN%2B%2FKk0Bum9u%2FCOw6XlQDpbjHBM"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05574c54bbbf-FRA

GET
H3 200 style.css
www.activecountermeasures.com/wp-content/themes/etalon/ 97 KB
19 KB 162ms
161ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/themes/etalon/style.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f243b6d6701972ac504910bd023cd764f96e04cc0222317b111c74c124f8f1da

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=130000
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:46:14 GMT
server: cloudflare
etag: W/"1fbd0-573ca042d0fe3-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t0uYgkZ1d%2B9k0saSpGPjZUzXzb%2FJQurMWyDEwKBo9m%2ByH4xYax07J8IREnIzf%2Bycwsb4yZqZEpOKTKWFKBnQ%2FxVu6UfHsRTIlKzeXdSrVe3CikWbuRLCpDhE9cmSHcOk2MDzBJXt2ADgSpFzrL1o"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a05574c57bbbf-FRA

GET
H3 200 style.css
www.activecountermeasures.com/wp-content/themes/etalon-child/ 0
552 B 436ms
435ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/themes/etalon-child/style.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=462
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Tue, 25 Sep 2018 21:18:26 GMT
server: cloudflare
etag: "1ce-576b8a589225f-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uNIfccct0f81WFMu3s7P4Z%2FzP19B0ADnPnHmawbzJuH2L08tupBl4Jno%2FyPSPhVcFjTpUcGwRxsUFSZ07KTX0247wOIog%2FLDHZDtAnxEwLGi8Gbo4ATnCmqjJO6sAmGlIjBHQ9baepWvfeUSeBGu"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05574c59bbbf-FRA

GET
H3 200 style.min.css
www.activecountermeasures.com/wp-includes/css/dist/block-library/ 111 KB
15 KB 461ms
460ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 14991
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:49:53 GMT
server: cloudflare
etag: "1bae5-615d26e01f46c-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=loMAEq%2BCG4YP%2Ba4Q0Ay6pEnTB6whYpLm2oCEVqzfrvyRvOiY%2FoC75aTKT0F%2BFuOs%2FS60Q3nRQYfGfhIu6f3xO3kaM6Lqe8pa2Ipl2zl4Qo5Z9m7O2yDyNSwCMLGEG1WbDpoZ14I4%2B723hRLN%2FiL9"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05574c5bbbbf-FRA

GET
H3 200 style.css
www.activecountermeasures.com/wp-content/plugins/before-and-after/blocks/goal/ 0
555 B 203ms
202ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/before-and-after/blocks/goal/style.css?ver=1629901949
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=170
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Wed, 25 Aug 2021 14:32:29 GMT
server: cloudflare
etag: "aa-5ca631eb75837-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UukODuefbY%2FM26nZ%2ByjrVXE59Yf0isxoJferh9tu7K6PLSAf9yL8vZTnBJSBM6ZmmwlQlReCUv6t5Ntbtpk6Yd0LXbX2Mn%2FivvDAHKa1p%2Fwp0uaW98paaI6IEWBrmTXBiSTVXA6L%2BLKydBVoY8yM"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05574c5ebbbf-FRA

GET
H3 200 style.css
www.activecountermeasures.com/wp-content/plugins/before-and-after/blocks/complete-goal/ 0
555 B 507ms
505ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/before-and-after/blocks/complete-goal/style.css?ver=1629901949
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=170
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Wed, 25 Aug 2021 14:32:29 GMT
server: cloudflare
etag: "aa-5ca631eb75837-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aEvzoDqrlWF07eiwc9iHyHF3EB7%2FhF3N60tlNT%2FpOpDYOv7Qgr2MUa7vBmSdqTWJynMivwge86CRUduMry9NwaNrEY7fvse5qxD%2Bvc6eAlL%2BbCLCvD31k2Iu%2BFstJ4YlXG1hZB0oUQLvxKGBnYgk"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05574c5fbbbf-FRA

GET
H3 200 gp_custom_forms.css
www.activecountermeasures.com/wp-content/plugins/before-and-after/include/lib/GP_Custom_Forms/assets/css/ 579 B
796 B 418ms
417ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/before-and-after/include/lib/GP_Custom_Forms/assets/css/gp_custom_forms.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 584ce991c19927142e6ba992e35efb311f4e871da083c6dbab4bafffeed265b0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=714
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Wed, 25 Aug 2021 14:32:29 GMT
server: cloudflare
etag: W/"2ca-5ca631eb77778-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QmNyR4PTU9%2B9hAcd00wjzaYdFCHfxjFCTJoL83iYEMzyZRiRYCS9xyYUoZH6GcfKWB5J73LAv1yoiCkoVxTCL5%2BIIXQ8FtlW4pcz0MFs4cI4mLlvjujzJcWRjfPbIiOSfEJwnFqmFsDsnADH5FtC"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a05574c61bbbf-FRA

GET
H3 200 rateit.css
www.activecountermeasures.com/wp-content/plugins/before-and-after/include/lib/GP_Custom_Forms/assets/rateit/ 2 KB
1 KB 445ms
444ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/before-and-after/include/lib/GP_Custom_Forms/assets/rateit/rateit.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f0e687b1fdb8e4fe338b3300308c0dd0d4885df981c4eac19f82716e0110cb7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=3819
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Wed, 25 Aug 2021 14:32:29 GMT
server: cloudflare
etag: W/"eeb-5ca631eb77778-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hs8LdI%2BNFhGYliHaEyZnbvU9XFI57Vn02lPhkBSRn2b%2Buv6uaPQYp7ymcDiJEcX%2Fet%2BAwItBBfRb3Oui7GMSF0EKjSKOZTNT%2FBWUl55gFJL9D9XE%2Fd%2FWkZg9bjPbo7c3UG6rDMga8VlynrlqAZcU"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a05574c63bbbf-FRA

GET
H3 200 kd_vc_front.css
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/css/ 89 KB
16 KB 422ms
421ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/css/kd_vc_front.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 726ff40d075e5ec7b330200773da043166cde555a215547d51829b213cf4e2bd

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=125233
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: W/"1e931-573ca08610369-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7WEwlfjSfuzphmCYsTD403MhGa%2FSqJ4gBcOWFwGVmF1jWsn%2Fb%2F6dtPBEK4D%2B9z2KTP2lPh4G0DRxpBJVYX%2BL1kTX60b54dkZL4X8PFm7cCCZj6Pio%2Ffq3pvsr0356mIKU416aoqkOrY8tlltz3Cm"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a05574c66bbbf-FRA

GET
H3 200 settings.css
www.activecountermeasures.com/wp-content/plugins/revslider/public/assets/css/ 30 KB
8 KB 431ms
430ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e446e4aa86d06c0bb23eff5ae8d624b67ac59f5871b9dd827892336046b71e4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=39750
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:47:25 GMT
server: cloudflare
etag: W/"9b46-573ca086587c1-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mT8qeSZnNxI7Ag890RfvDqtNliAZyc2wObjONSUA4BuH0m9SlhMJUlu6FJuTO%2B7HMc2Dl1dGgooYDSlG5S0rtsbTPTgBaUyf%2FvrzfLKcdqg3tUXRpw4v2n2FCV%2FhfpoyfcBwW1uuDYRBSpKVejtQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a05574c69bbbf-FRA

GET
H3 200 ivory-search.min.css
www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/css/ 6 KB
2 KB 429ms
429ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/css/ivory-search.min.css?ver=5.5.6
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24d4d543bbeadbd760863ea450a255864acb17df7e254d5893c8c4b2845f6718

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1696
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:51:01 GMT
server: cloudflare
etag: "19f0-615d272120dc4-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NCsSaXal02fKCmtEQ8HtbERqgXkbhFbVg2hWc%2BVtSkFiqQTVWz9LrxQS9l16RE84rYUDEf%2FDU3%2BMVC2wYfMzpBBGzlvumSMrNPxGNrIiOXYF1SJavnCkvrGtOwfpkxv%2B3wQHx6ERxzg5C36hrBgT"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05574c6bbbbf-FRA

GET
H3 200 wpfront-notification-bar.min.css
www.activecountermeasures.com/wp-content/plugins/wpfront-notification-bar/css/ 3 KB
1 KB 203ms
202ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/wpfront-notification-bar/css/wpfront-notification-bar.min.css?ver=3.4.2.04051
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7367f56df6f632ec0a79534fbdffbb84ad5e38a03ea3101462a93f338c3d59fa

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 827
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:51:48 GMT
server: cloudflare
etag: "c50-615d274db8dd3-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cf4FML1U03HwUoQUVJvlp0MwXEVupe7WG%2BjusETF7hVfVPsyUEIHhB2gwSs2kNgQhp8RpZpp9VlaWSgJEaAxJiUbFUJ%2BBWpGKybcAlR5FAg6KHMRRUFCdlbdafOEsswEJRiTBop7rLZrnHy7z3m1"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05574c6ebbbf-FRA

GET
H3 200 font-awesome.min.css
www.activecountermeasures.com/wp-content/themes/etalon/core/assets/css/ 30 KB
7 KB 197ms
196ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/themes/etalon/core/assets/css/font-awesome.min.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69c0162d9102848858454ae467402cd402138ac95789c79947745cde0cf7b937

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7047
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:46:14 GMT
server: cloudflare
etag: "78d6-573ca042cb221-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvhZjTf7Y9CSmz2eu8iAEd5a9kMzxAjXgdIOkhlR4XJKUQpLaQx5j%2B4nPgY4b4gHf2eG01%2BF1X%2FnLreaI9YJ%2F1VpqUAeTX0ZBAQeOvS4yVQ48m0v72vIcWzxdW0z61Xr5jS4KWBkiCLxSnYP0RPQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05578ca4bbbf-FRA

GET
H3 200 iconsmind.min.css
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/css/ 90 KB
16 KB 174ms
172ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/css/iconsmind.min.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7d6838f61d388fb632db71bb55e1d548ced9aa235639facb6a56041af6e6662

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 15898
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: "1696b-573ca0860f3c9-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gKvBEgWZMNowzERKtYGMHm0kITAX4wBCMtQq2K3uDyC9BLV0Be%2B6YOfb57Sykw18Jt1uP5mb5MB7CfbgNXMhFpwpfMsfWXZfK%2Bbem4MXegAie0n23vQwM2SaA1fxNHovjlgvUffsa6THRayavhIo"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05578ca8bbbf-FRA

GET
H3 200 js_composer.min.css
www.activecountermeasures.com/wp-content/plugins/js_composer/assets/css/ 454 KB
44 KB 180ms
179ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=7.5
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 505685c2ae74d1a8669a151310ea9b81d51789fa0e98e08e08cd7a6e4c00d984

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 44684
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 19 Mar 2024 13:55:43 GMT
server: cloudflare
etag: "717ba-61403d482ccc6-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m%2FyTyksbDKkq77nvD2G1lPGvzh7BX7QjTDIqOE4j8qDLnh%2F7u15cZ01OW4rFdysiu11GpAObl9MvlmL7HRFjpTiu8jVZdfN3JtrhE%2Bp6Wz%2F6%2FFnBQattdD4Ug6zMy17M%2Fn8sKoMIw3qXjBxocm4I"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05578caabbbf-FRA

GET
H3 200 photoswipe.css
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/css/ 2 KB
1 KB 174ms
173ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/css/photoswipe.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd32bf3baf4d2fc408e19fdb22950101832f9aa393df679c845f62eaf9ff052b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=4093
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: W/"ffd-573ca0860f3c9-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UpXOu5%2B3w04%2FOEu3f6w6NqXScPWMTsbFRCwOZwiiyMdlY26tY%2Bu%2BKemUeA1qlz1Sm90Lm%2FhcECd1bAwB6n6HjcoR1l8KZPC5%2B2jq%2F2yD%2BoZ6vvKo11Guyzl47UShgGspjrAIe3tTCP0U%2BHh4xIK6"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a05578caebbbf-FRA

GET
H3 200 photoswipe-default-skin.css
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/css/ 8 KB
2 KB 175ms
174ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/css/photoswipe-default-skin.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22333072914ab0a88d90af09fe24164ebda01d6806be167616008216f6ec6cd0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=11664
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: W/"2d90-573ca0860f3c9-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BYFOXktFZAQCvOLjVUr1eLdubcnbMHzn9bhVDVqP9IXdW4UO1jD%2F0n%2FGP7krhLhvh%2FYotLq6lH7iIXtnBfHS0RUZ%2BibN%2BSKyXLvgBM%2FuL2cO6B0DvirhU7GO3QVJth4L7I5ecc9eeMdHG%2FflGZ8x"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a05578cb0bbbf-FRA

GET
H3 200 addtoany.min.css
www.activecountermeasures.com/wp-content/plugins/add-to-any/ 2 KB
1 KB 178ms
178ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 534
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 22 Apr 2024 17:29:39 GMT
server: cloudflare
etag: "644-616b2c839ca8f-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m%2F1PzJ%2BrOqZVCWF931zM%2B2PAQi%2FZuAdbdZUacsyx3foSXL1CeT1g3iEhcU6ALxpt6Y4rSpLFuj6HYscx0dN8hNqZn7881%2FbmjPp1MqP4t4bN0FHcnduydcuOvR5V8gI%2BdN6W27NZ8nYXOGMNSLhB"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05578cb3bbbf-FRA

GET
H2 200 css
fonts.googleapis.com/ 26 KB
2 KB 135ms
49ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%2C900%2C100italic%2C300italic%2C400italic%2C500italic%2C700italic%2C900italic&subset=latin&ver=1692371489

Requested by

Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b2b513d915ee0689890c4c17b634c139f58067a1b0ec3513e21886945b215c66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 14 Jun 2024 11:36:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 14 Jun 2024 11:36:07 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a3be482b638902ee50f1fd6fa381129cb2d865d79f9c88c77944dceb3ff61e1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b366ba6e5af0888822d8a5527cb62fc5bc2207170a0cb7af43e6b8d7cc660f6

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a93011dac9b4fa2940166596913eefa3556784840266c56ea23c428c6507072

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55d6e6cb4b9cd5c54dd785a425eaf9cea2a4b6974cb7d8f911afba870a92c3df

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: baa6ac17c75ea2117a2b302b7b7c74571f094c89cc5844e58aecea615e919008

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5e33ab119ed232274f59351604aed1e15733dfb690b65d60341acd6b22a1e0b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 181ed1cf1034d965fdbfb7d647bc9e8cbdf9cc9098ecb5fb2d6947458953312d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9bf6372257ad5bb1666620210796f1b35da6ae0f0f292ffa961c7c8fb6f2fd4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec7604868bf424559ba7ca56ad5876bd5f45c804f86badbf5c86cd7f22edbf05

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7d4e0022745a7ee6ff15dc70ee7c99d7bf5cfa6293d844e5eae1c1349726452

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a6c6365cb47e4fdad4b920bd86144b85dce83eec7c63d524945160a1456ec5a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1ed19f0a3269453da38aca1d44445e4670df3d503c7ef18ad61c589576337e1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6c56660b1b72d9c12f7c0156cce0f14f40ae2e904f8baac60359dd48acfa229

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 email-decode.min.js Show response
www.activecountermeasures.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 43ms
43ms Script
application/javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.activecountermeasures.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Jun 2024 17:32:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66688a1d-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G6sVpnG6QXe%2FjIEvlPN6yEBbB4kenJ%2FhTG8pZluedKk%2Fsdf%2BNnzPciWwHSaeAfaW8rtsfLwBqMfDP8K7sreEe%2BJVe0rS2e2EQVmdRUotSDjhVpvLUMP9xwJyUFdr4u%2B1OzaeBoJYqQCFhmuH%2F6I%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 893a05578cbcbbbf-FRA
expires: Sun, 16 Jun 2024 11:36:07 GMT

GET
H3 200 ivory-ajax-search.min.css
www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/css/ 8 KB
3 KB 438ms
438ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/css/ivory-ajax-search.min.css?ver=5.5.6
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 316868f97d2f29e79b0fa3501b5e72f84f3f4076a47a024936553dcc49e1aeb1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 2147
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:51:01 GMT
server: cloudflare
etag: "1fcf-615d272120dc4-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TywrtLygv1sYnCguR9Ni9ujP5stX73xTvZpUelP4qEXqu13vik4NturcflXnjSFeuAYJppW0oNanysQcjBy2BjLe%2FkP0Iq1C66KsgUxc9pzXk628Kn8%2Fa0Y4SSGWQXZbzslLP4kyx%2FVfxMefi%2FE4"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a0557bd02bbbf-FRA

GET
H3 200 tooltip.min.css
www.activecountermeasures.com/wp-content/plugins/enhanced-tooltipglossary/assets/css/ 13 KB
5 KB 175ms
174ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/enhanced-tooltipglossary/assets/css/tooltip.min.css?ver=4.3.7
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65c748d689c0545d4daac37cd3ca006df12762c288c9d22ec083909e958f56d6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 4312
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 17:50:43 GMT
server: cloudflare
etag: "330d-61aa0e79cbd22-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wXlK8eUVz%2FtBN%2Bgez5AUaADypyGMtyXYDXrxIjCgr0xOuQJ4ykLuXYjWgC5H2wjieGqOQbEqiVtvJsu%2BSsdTiyvKuxaj%2FzmVE19AsGYEe5DsvRjgIgsaUeosY9CXmWMzHNjx%2BZbxXRTdwv1qiGrB"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a0557bd06bbbf-FRA

GET
H3 200 dashicons.min.css
www.activecountermeasures.com/wp-includes/css/ 58 KB
35 KB 175ms
175ms Stylesheet
text/css 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-includes/css/dashicons.min.css?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 35730
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 15 Apr 2021 11:22:29 GMT
server: cloudflare
etag: "e688-5c0011426bd77-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wLyS9VNjXBme76MB0tOxTYuIjxEd02sBlYGjzIYT2Q2%2FutmCr5G4Z0yQ4PdqIvQKHwvjaRkfBonUhUdXagq0%2Ft2pCO6nqp5WIuANZaeT5uUD%2BK6WGNJXedg9o2sjLJ%2BcFAvcQEAd2%2FBGcglo%2B%2BIE"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a0557bd09bbbf-FRA

GET
H3 200 rocket-loader.min.js Show response
www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 45ms
44ms Script
application/javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Jun 2024 17:32:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66688a1d-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MFHrW4vx8k7%2BHNGlKrAwlKWENyPWSPJZu8buOSq6ch63i07CV40goDnU6OiHv8wNRwNOBGUALHS%2BNvIJbtUlu8DgqC2GFTGpCPvP%2FfxdubQUfA4it0Y2eRf14Y7shbxkOkcgiYxpxFgvG4RlJ0l4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 893a0557bd0dbbbf-FRA
expires: Sun, 16 Jun 2024 11:36:07 GMT

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 199ms
114ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:07 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
server: cloudflare
etag: W/"2024.6.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 893a05584ebf3730-FRA

GET
H3 200 acm_breadcrumb_nologo.png
www.activecountermeasures.com/wp-content/uploads/2019/06/ 23 KB
24 KB 414ms
413ms Image
image/png 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.activecountermeasures.com/wp-content/uploads/2019/06/acm_breadcrumb_nologo.png
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b922cd2320e1fd135be8bfd8b837751e33b74796016b9bf947693a86daad819

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=57072, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 23531
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: imgq:100,h2pri
last-modified: Wed, 05 Jun 2019 18:21:51 GMT
server: cloudflare
etag: "def0-58a97abd41138"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kc6QIQH%2Fj9P23OLpbhOW%2Bmv%2FJlIDiJ9mAiNehEsXuJI61B4ZdMYQScyrVrRaaYnEaYIDp5hZruwMVcEiJVK%2BGZARbWdzWOl4XVFedX5KQbXUXdW0ZfmgapP%2FqoYF9mS3HlDoSZYcuBzHTUNeCsIj"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055a892fbbbf-FRA

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 147ms
52ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%2C900%2C100italic%2C300italic%2C400italic%2C500italic%2C700italic%2C900italic&subset=latin&ver=1692371489

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 20:32:44 GMT
x-content-type-options: nosniff
age: 54204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 20:32:44 GMT

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 213ms
117ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 18:03:05 GMT
x-content-type-options: nosniff
age: 63183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15752
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 18:03:05 GMT

GET
H3 200 fontawesome-webfont.woff
www.activecountermeasures.com/wp-content/themes/etalon/core/assets/fonts/ 96 KB
96 KB 184ms
176ms Font
application/font-woff 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/themes/etalon/core/assets/fonts/fontawesome-webfont.woff?v=4.7.0
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/wp-content/themes/etalon/core/assets/css/font-awesome.min.css?ver=6.5.4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/wp-content/themes/etalon/core/assets/css/font-awesome.min.css?ver=6.5.4
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:46:14 GMT
server: cloudflare
etag: "17ee8-573ca042cb221-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5pWNZC%2BbtJSoEGhM08BKjUaPGuVccJM%2Fvk4l83qyzlAEkmuBRhJ3DkvM4Px6NJ22mCSaB6IKv4dp8uUOBEScj3vYqk18pmUJRlH9lPb4eo2vwV2MG4L%2BCT6DTmWuFcQcvZ08D7GWd4mO5VxFu2iK"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a055ac97abbbf-FRA

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 136ms
41ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 05:20:49 GMT
x-content-type-options: nosniff
age: 108919
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 05:20:49 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 219ms
124ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 22:13:12 GMT
x-content-type-options: nosniff
age: 48176
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 22:13:12 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 187ms
99ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 05:11:33 GMT
x-content-type-options: nosniff
age: 109475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17032
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 05:11:33 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 172ms
84ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 00:47:46 GMT
x-content-type-options: nosniff
age: 125302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 00:47:46 GMT

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b573a17501b5f13af5c2dc2a1c690d10f366b814f9acca4cb21098b033c9a05b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 acm_footer_back.png
www.activecountermeasures.com/wp-content/uploads/2019/02/ 57 KB
58 KB 422ms
422ms Image
image/png 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.activecountermeasures.com/wp-content/uploads/2019/02/acm_footer_back.png
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 181c6a4571ebc6111a09eda1ace0f9f3aa4085445fd9642e71997433f8643cd7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=157281, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 58343
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: imgq:100,h2pri
last-modified: Thu, 07 Feb 2019 22:12:30 GMT
server: cloudflare
etag: "26661-581552374b8ed"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XOkn0kqXQLWGUM5DA9vZSZyZWrZB3Yi9S6E%2BzjFXLk2AEnkA%2FRT4wQvGFi9D4ItkYgg%2FSu42Lj4QBuJSciZmq3D%2B5tAbwrQAaphbYh%2FmiFzNk77XV5MwTn9q5DY1M03WGShM8lLcTDP6Otzs65Qe"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9cbbbbf-FRA

GET
H3 200 tooltip.min.js Show response
www.activecountermeasures.com/wp-content/plugins/enhanced-tooltipglossary/assets/js/ 191 KB
72 KB 171ms
170ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/enhanced-tooltipglossary/assets/js/tooltip.min.js?ver=4.3.7
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61e7ea9b0914cc8f177a4a64c4e1cfd9b8944bf15f521b74c3e76f211ac2fc39

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 17:50:43 GMT
server: cloudflare
etag: "2fc31-61aa0e79cdc62-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwDLt2umPneqJn9NH0MExAGS7XwaWY3x6ba0ktnsOi99kphITrnTs5GglzgrCbkFvEnLT28Qb3X6Mo78h9oHC7Zg0fb%2F7F%2BBrbyo7sjMncY%2FuBwxOUGaqq8%2FRukesm3D%2FYN2B0jWsKrr6CxlbsVr"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a055af9cfbbbf-FRA

GET
H3 200 modernizr.min.js Show response
www.activecountermeasures.com/wp-content/plugins/enhanced-tooltipglossary/assets/js/ 2 KB
2 KB 400ms
399ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/enhanced-tooltipglossary/assets/js/modernizr.min.js?ver=4.3.7
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2430eea46482d09798ced4106070b559f066b7784c179f0b5d9b27f2783d10e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1209
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 17:50:43 GMT
server: cloudflare
etag: "933-61aa0e79cbd22-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xj3TCxs2WBR0sS4uYUJhkUfpEqVXiS%2Ba74ISyPG7ERDj3gdP4NMdSqbkh9T6HSBfPrut2qVueIsQIO9%2FEhlouD%2BixMSM9jluyH3Jc%2BAwO5aJRdoRWpl0ixoWH1DG5ZmWkQSsx%2FV%2FLVrTB1ug%2BBtX"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9d3bbbf-FRA

GET
H3 200 is-highlight.min.js Show response
www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/js/ 4 KB
3 KB 488ms
486ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/js/is-highlight.min.js?ver=5.5.6
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41a8cfe032bccf31f3cb7831fae064b8eae3e360e9e05c1050df960fa66e7e76

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 2623
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:51:01 GMT
server: cloudflare
etag: "e81-615d272120dc4-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0CCp27euo0N4o1tvihyEGf0rPI0UPimwiywNSWIWO2MUksXbKr96Cylk6DPFqtcyA6ubg2Ucvv0qaLUsOAG%2BPAr5nFaAiwjHOQQQX%2FKTVWXK9JREyJ1X6tVP2mfECkicDTfbgz04YbbnNxsRTBJq"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9d9bbbf-FRA

GET
H3 200 ivory-ajax-search.min.js Show response
www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/js/ 66 KB
21 KB 415ms
412ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.6
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 20676
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:51:01 GMT
server: cloudflare
etag: "10814-615d272121d64-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6zmtQG18E4Y%2Be7zL64BpAs4%2FVy79xnpJd3nFGMsPKSIM3dQgLU%2BEAKva6YzJB%2BAxVJEaRJJKeLRgG9EIWDaw5SL8%2BdJJxvIz1ZkybSn112rxAIpanRa78QqTrsvpIwcZY77ZhXs3QmSGDIicTfdS"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9dbbbbf-FRA

GET
H3 200 ivory-search.min.js Show response
www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/js/ 4 KB
2 KB 187ms
183ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.6
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66d0c8cbacc09ad8746e64ad28d887186d1f060f04c388c2f1102ee346120a8c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1220
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:51:01 GMT
server: cloudflare
etag: "11e4-615d272121d64-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D48INudCv66QgyK6NK%2FPL9yYe1qR1Ts7L4ZnNmIQNT4lzLibUcY5vRwt1RtqPXIzrJuuBG%2FD29DF9k5uTcVaJe4cTUSLTU%2FH8LiCSfrigZNgmgXiWV3DnGAIYGOCc5%2FtxLl6PUdtdrdwhlB60u10"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9dfbbbf-FRA

GET
H3 200 scripts.js Show response
www.activecountermeasures.com/wp-content/themes/etalon/core/assets/js/ 9 KB
4 KB 188ms
184ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/themes/etalon/core/assets/js/scripts.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cac6891a23705b03aa3b895386e49b8e32c7a5ebe430736eefe1ab0fcbb0b9d

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=17382
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:46:14 GMT
server: cloudflare
etag: W/"43e6-573ca042cb221-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AA79wFjsofIk2aloibswTL06464akAZyYEENYoa3jloBwtvNcRvY97wVqpnlwmQDmO5nLEl44jjF%2FeMAxeDGD1pgEvWpIOLajgoNeJPd3xTcoRuprms7PI0LZ%2Bdh6SbT0CIJmgYLWX337%2BYwqqab"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a055af9e1bbbf-FRA

GET
H3 200 SmoothScroll.js Show response
www.activecountermeasures.com/wp-content/themes/etalon/core/assets/js/ 11 KB
4 KB 188ms
185ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/themes/etalon/core/assets/js/SmoothScroll.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33b8600b69751910c3d3c796dd6cd8458908f5cc78e0f7599b8a86063282ef3c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=20536
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:46:14 GMT
server: cloudflare
etag: W/"5038-573ca042cb221-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G4HLuWZ3mRuTyw%2FDecNzJf66fW8J%2FJW2ZIQtggzU2Fu3yuvytZgDEpAcEODM2nRnRmPxn8n%2BASnVlARk3LjnUSkf%2Fo9txfTSfTr9OYg8QUH3rIOy6pMQCLU24yO%2F%2FZaqmnHqVF9mDf1peyR7m4KJ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a055af9e3bbbf-FRA

GET
H3 200 bootstrap.min.js Show response
www.activecountermeasures.com/wp-content/themes/etalon/core/assets/js/ 35 KB
10 KB 189ms
186ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/themes/etalon/core/assets/js/bootstrap.min.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9539
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:46:14 GMT
server: cloudflare
etag: "8c6f-573ca042cb221-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xbnf%2BOqn1J7A%2BU5QWoEL7OJvoYM9AcXa2zJNp%2FjwLHJwJMUh%2FEMRl9kV3Yo7bY0CAK80QozkZxQYBP%2F306%2BOSaywsFybU6CRBJLjxUoUMghdJRinPhwcNbIVn6R2zb7qGmm7fJUqofwZoW%2FjJy%2BT"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9e6bbbf-FRA

GET
H3 200 before_and_after_fe.js Show response
www.activecountermeasures.com/wp-content/plugins/before-and-after/assets/js/ 377 B
797 B 492ms
488ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/before-and-after/assets/js/before_and_after_fe.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6543ced22e1b44f1491f45be88aabd85a3ac0c3a417f8bdd864e89d3dc2ddc6b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=553
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Wed, 25 Aug 2021 14:32:29 GMT
server: cloudflare
etag: W/"229-5ca631eb796b8-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4yDtDdneQy%2FEUUcNf%2BFUbhoRH01E6FwJQUHccnqx2LwY6MALDbnM6ypkIVvkBg1jNJN4t3zAwVdfdQ6%2B%2FXqUfukN1nCLgw2Ze5slLBxtyBvu3k5fyYkavgDj9GPd1v7pGEXlDe7Z9VUdtbigYZT3"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a055af9e9bbbf-FRA

GET
H3 200 gp_custom_forms.js Show response
www.activecountermeasures.com/wp-content/plugins/before-and-after/include/lib/GP_Custom_Forms/assets/js/ 11 KB
4 KB 190ms
187ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/before-and-after/include/lib/GP_Custom_Forms/assets/js/gp_custom_forms.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 825431019786a96e1b074d558df3877af33f0d9992e1c876b9a626b193f82364

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=12903
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Wed, 25 Aug 2021 14:32:29 GMT
server: cloudflare
etag: W/"3267-5ca631eb77778-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e34chNdpE2YicuLhLIzSvOesUeUfP31%2BCHmjXwUuOTR7Y8VtxWcLn1ue%2FVG2rI8OhGQAUyKSRxKYaRGXSt5wX5tTh1gZYQ6aKyEzIH5%2BPD%2BF9WSBbAAagfiWUn0lPbGP5cbTcEnh2aCLCBsm%2F%2Bu6"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a055af9eabbbf-FRA

GET
H3 200 photoswipe-ui-default.min.js Show response
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/ 10 KB
4 KB 409ms
406ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/photoswipe-ui-default.min.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d61ce954cdcf7aa4c73c4e1c112173e7f321f834e2eee36450d1bf52a67a459

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 3758
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: "2694-573ca08610369-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JeLd8NttXbWrrOtjRQ3MQzxXggvvLsBsZAr7y06vy6fEQFyJ%2FuB2MCyBk7LanZ%2BXcQ6h%2BXH6jwszr2d96P8ekX5NCXQXw%2F5A20Mr6XhIyR4J9hDDTSrqN%2Fhfo87L7myiKmlEf34TKvM8IpZcVCdL"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9edbbbf-FRA

GET
H3 200 photoswipe.min.js Show response
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/ 31 KB
12 KB 1450ms
1447ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/photoswipe.min.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5299510acf6fe0a5d526f558fa9f914a8e50e2294051787b9298f220fe687727

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 12193
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: "7bee-573ca08610369-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rOahwL11Wow2AkV8WMs1ppl7HbBXZrBz%2F8EEaweZMDcKwDlnS8mZxPWord9uYaVG367jbxAKy93L%2BoQ0dEL%2F6%2F%2BXziWoWo7LNKRY43YUq498wYGHsapD36kPeQKxy4U81t47vISBvJjG792EW5fc"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9efbbbf-FRA

GET
H3 200 wpfront-notification-bar.min.js Show response
www.activecountermeasures.com/wp-content/plugins/wpfront-notification-bar/js/ 5 KB
2 KB 191ms
188ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar.min.js?ver=3.4.2.04051
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7848b8bc373842695440f0a638469cbf0aba43654429331e8abc8ad765dac59

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1613
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:51:48 GMT
server: cloudflare
etag: "12da-615d274dbeb93-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KSNvU9x8e%2F7SSFj%2BTlKkVNCcSK6wEFW8xjC2r4DTQUA0TFeheYjlEUSpb32d3Oy1QjxP9fpxKJn%2FkrTGH557LGmsgbUfews9SuGeH5MkW6XKFPkMsww9WQAKeQGZN6vWVuJip8JjhrSvwQZ8XMHQ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9f3bbbf-FRA

GET
H3 200 jquery.themepunch.revolution.min.js Show response
www.activecountermeasures.com/wp-content/plugins/revslider/public/assets/js/ 63 KB
18 KB 192ms
189ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 18090
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:47:25 GMT
server: cloudflare
etag: "fdb5-573ca086587c1-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LiW4Zo1Z7hZMyg%2FVoc3vSzZNVbn%2Bqv7BjVHUdAR0ia7v1xJirJOcyATvuSGhJUh0mAsJqFKlsir%2FykQdR2YAvETSkSGWyEWfBloYPSTnqiS6KJXPXDIJvrWf4kpQsK78TcB2AbEF9kPkGtSu3vc9"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9f8bbbf-FRA

GET
H3 200 jquery.themepunch.tools.min.js Show response
www.activecountermeasures.com/wp-content/plugins/revslider/public/assets/js/ 108 KB
38 KB 194ms
191ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 38337
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:47:25 GMT
server: cloudflare
etag: "1afe4-573ca086587c1-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5sky08RTuS3MwW1%2BWKVZXkHvK9ZGhP6y5F6jSf5PJh6YMSLjFxV9Hlsk50bHgBNChQeLxfgAwHthByvg7Z8rwJFgtbtAIFYT1RVi5NS%2BnLFdT5M4PNmv4%2B226%2BKAnTWQKzOWuxYgSlcSBGmSJvI"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055af9febbbf-FRA

GET
H3 200 kd_addon_script.js Show response
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/ 5 KB
2 KB 439ms
437ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/kd_addon_script.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b26566a05b99c2d785d9a7866e04838aa9b361c74c79c4bc966d56aaf32b6d4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=7975
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: W/"1f27-573ca08610369-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1554QeZHX81ZssCeTSAgTBy1UEhmemLRU1hvQ0ieu4%2BE1%2FWnVwcjSBwmnsViCG%2B%2Bd1HM%2FrxhZKsBClaWs9HIbotSMmWMpwhcbLK%2Byot2zrihY2HUyPa%2B68p556YYmKN%2Bo2RbNgl14D7RAQcyORj"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a055af9ffbbbf-FRA

GET
H3 200 jquery.appear.js Show response
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/ 2 KB
1 KB 216ms
213ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/jquery.appear.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8b4506d5f080ea0ce0155a4f6ac1582c24043c95d7ab968b829007523f95f84

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=3155
alt-svc: h3=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: W/"c53-573ca08610369-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qFL0Dhz3gSUOafAz%2FkLEuG1ps3n2jsePOxIuC6bDVZS4TCeXGs14NkEGSH3dnQn%2Bk5NvnMdoY5M7nSVIJCLb%2FltPKTCUgripPVlcV%2FlcbKo8jgPdKIVNojRmtCL1ljWag%2B2U6SFY0s%2BPqH5n3BYi"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 893a055afa01bbbf-FRA

GET
H3 200 jquery.easytabs.min.js Show response
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/ 9 KB
3 KB 195ms
192ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/jquery.easytabs.min.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96f3602631ee2fd4875ed116bdc278cda0284663d288dd210947679fc35ba244

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 3023
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: "24b0-573ca08610369-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XB%2B3U0unSsx7GVdRkbVtOsStzMxIhrkV%2FICGrqNVRx2F%2BFMTanRm0D0h1cKNhyhz3qi6%2BIQDoQQGeT%2F9tRD%2BzeP7WQusF4ixlbLyjj2sxdbfsNCX4%2Bueo27L1idkTOEe7HD1C8GuMIWx31itg5eu"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055afa04bbbf-FRA

GET
H3 200 owl.carousel.min.js Show response
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/ 36 KB
8 KB 429ms
427ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/owl.carousel.min.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28f87f54084a40287dc3c92c712e69740ae1d40bd71b4681a1966666fd006882

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7836
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: "91c6-573ca08610369-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qo4BuTd%2BLZrUluky5yYXsdAwbjMIxmve4pz3ZETFgxlT93yF2jEj2NqG6M%2F8CN6EtkZ5hxmE5qUpulUk%2BSKCDDoV4W7S0tpncH0VeIRSPET%2FhiWuNQQOpxegQedkEO3%2Fv6xl8eUFjm88W3FujsdD"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055afa05bbbf-FRA

GET
H3 200 jquery.easing.min.js Show response
www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/ 5 KB
2 KB 440ms
438ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/keydesign-addon/assets/js/jquery.easing.min.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2bb83771b8fb190d17ca13302493e2c66d42a9fcba8002a7ab93510fac8134c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1868
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 19 Aug 2018 13:47:24 GMT
server: cloudflare
etag: "15df-573ca08610369-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AyDV0y44Hz%2FuaSKdWuFx1EJ%2BSQJZtjfI6oq%2B6yv3xGWSrVgW%2F56ItlHD6auoEAOR3EqG%2BInkuODvmO31XEDGW%2FqpFayDR1Aj95TLBp3hBBZkR8CsPjx2OmA7LhKEZU6jpV5A0QVKWMGECLz6KJ1c"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055afa08bbbf-FRA

GET
H3 200 addtoany.min.js Show response
www.activecountermeasures.com/wp-content/plugins/add-to-any/ 129 B
678 B 195ms
193ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 126
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 22 Apr 2024 17:29:39 GMT
server: cloudflare
etag: "81-616b2c839ca8f-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NpFh34cryLvrLQPjFrS3paXll3GFlwSSUg%2F63JgenCEvpsffleeDkalZkO%2FKbQMYp8F%2BOJbBaTrS9rz4HL6twzFu62Bqzj5st8Mybf6kHd%2FBRXjpjwbVNPpZP9X8sLJw9EWwbxnwaPNT1V7%2B1xso"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055afa0abbbf-FRA

GET
H3 200 jquery-migrate.min.js Show response
www.activecountermeasures.com/wp-includes/js/jquery/ 13 KB
5 KB 196ms
194ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 4872
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Aug 2023 14:26:19 GMT
server: cloudflare
etag: "3509-602a67f0df644-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCn7kyj2rfw7XsZGha9yqjxZnQBA0UrcPW%2FvBxzLNtVlpwMAYMH8Xbt3OjD%2FBjnb6dn7bWIsEQupCVkbejN2%2Fb%2FpogOIInJnXYKsUzrgDT3cpelT0%2BjkU5oE4DpFO4Houp8y9aqTE4Ek%2BVd%2FIERh"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055afa0dbbbf-FRA

GET
H3 200 jquery.min.js Show response
www.activecountermeasures.com/wp-includes/js/jquery/ 86 KB
30 KB 196ms
194ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 30368
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 16 Nov 2023 18:48:53 GMT
server: cloudflare
etag: "15601-60a4978a29f13-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fe7gkx%2FU%2Boa5ugeMjE7jyl7wSsr91GjExjuT%2BDZZi8XVPONdHCiy9dcIqjmfo5PTy%2BGYyK0m%2Bg2b7rmx%2BQ46Prc%2BNgc4AhmGyt2mesRc3IVsFWpdCeWkXaUdnz4ZFW8f%2FZOtMChvfF906jg%2BwWgM"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055afa0fbbbf-FRA

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 118ms
60ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15567
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"e346c2841e4abbb66ee259e9540abb61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PgVcuyexPCXFpRW5kF9OnydB12y1CM29EC3VMes935eceYTKl%2FlgYJBwewm9YiDDUJgSk37LhckWW%2BflNXx8FVShCTMmLXh4y1M4BxvSgZebdWL9D279Jcc1NIv6TSu0beeS90fG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 893a055b5fd03a78-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 254 KB
90 KB 162ms
73ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DXWPFNJDJT

Requested by

Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b87b2986e027a44612be6cf277221ad2d93b96f3ec1e58174d9c7652529d995f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91844
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Jun 2024 11:36:08 GMT

GET
H3

200

main.js Show response
www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/ Frame 483E
Redirect Chain

https://www.activecountermeasures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js

8 KB
4 KB

55ms
55ms

Script
application/javascript

172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js

Requested by

Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/

Protocol

Server

172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f2fa4ad380b11c9612f97710522d0066e12fb5931baa31d41d9802d13561439

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxIX8Fchny7fy9Da2KZ4VYJhXLG8u7BYb6uRZe99n2yk4Pm0b9gbqXR9Z83aGhIMTzHRDchSb57xEZtKpVYPcL7mhClluDlbECZTo75TVKUE0p4RfSLWsB8dAKagHqu2Np%2Fm8Si4XRAhnhokZ%2FYW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 893a055b5a9ebbbf-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Fri, 14 Jun 2024 11:36:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ymvw20u3%2FhjbFd%2BM7MWONTHh4Oqj2qanrVjQjs4wQJTp3EnFtcBlstoByW6XnsXRAzhbZZFR1yRdNkPvzBvDLlvAYIf1jXq8Dfj4%2BrlgWRiL5MBj52AuRc6KKFYUFj21qOCedn9CR3l6xGvvx8bu"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
cache-control: max-age=300, public
cf-ray: 893a055afa13bbbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 200 893a05562a95bbbf Show response
www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 483E 0
707 B 84ms
80ms XHR
text/plain 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/jsd/r/893a05562a95bbbf
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=96QEMv9ZciRdu9PfKCSfaHtt%2FsB7xzhGu%2Bc1P0DXBx%2FRyMDUQZ8582ynEl4GqekLwKrMcEtYs73C%2BZwHSlbJwHhYoWOTJhZjzEN1wDKE3hRYkjV9D6IKRFdvpeq0oZQ3Fk7tru90zmc2LRYG1LY9"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 893a055c1babbbbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
BLOB 200
OK d22eb766-0022-44b6-afd5-e58a6ce8dfc2
https://www.activecountermeasures.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.activecountermeasures.com/d22eb766-0022-44b6-afd5-e58a6ce8dfc2
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H3 200 sm.25.html
static.addtoany.com/menu/ Frame 2BED 0
0 106ms
64ms Document
text/html 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
age: 3350
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 893a055def5c6ae0-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 14 Jun 2024 11:36:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wyqmb8g5Lmb9vZXzlOoJo3MLj5J47JxlLxX2FJrEICsTUF61wEh8nRfkUrq9eYqpUI1XXlPVQFPZQjXa7KOSJT6kY4HjgA%2F4hD4GvZeEJBGqC2RK1Bu33V5HKHQHZGPgMYYO04aY"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.BRQnzO8v.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 131ms
88ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"25da5432b1057724b8210f17e9b9db05"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MNar56l699kazNXPxoLBONYKLkUVEs3Jqna96x9zoV08IWZdnevlJx5dyFkhSi%2FJmQ1dEuOMDQgpQifdNrmy9dEKbKyJgyzzUW0DFDG8SmyaaQEs3OUF%2BXZQuyq73N5JDCIUiD%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 893a055dec5a2c77-FRA

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 135ms
47ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DXWPFNJDJT&gtm=45je46c0v9132336030za200&_p=1718364968547&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1476317158.1718364969&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.55%7CGoogle%2520Chrome%3B126.0.6478.55&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1718364968&sct=1&seg=0&dl=https%3A%2F%2Fwww.activecountermeasures.com%2Fmalware-of-the-day-xenorat%2F&dt=Malware%20of%20the%20Day%20-%20XenoRAT%20-%20Active%20Countermeasures&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1437&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DXWPFNJDJT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 14 Jun 2024 11:36:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.activecountermeasures.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 favicon-150x150.png
www.activecountermeasures.com/wp-content/uploads/2018/08/ 7 KB
7 KB 460ms
459ms Other
image/png 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-content/uploads/2018/08/favicon-150x150.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9719b799bb11807831814b4dc3c69da90eda8d439fd3d96dbab3b0c2e5cffdf

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 6855
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: imgq:100,h2pri
last-modified: Wed, 29 Sep 2021 20:39:45 GMT
server: cloudflare
etag: "1ac7-5cd28549821fd"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=koWigPgfYXvWav%2BxtNXAVw8iBQ4GZ0AxX2ywUmyhfB7xsWBv8Kh%2BPYoAms0iSwXtLRQzNFCq6Hx%2FrMVQETS0sOstXb%2FRiezi0QMULLzblUWOqOzm2B3nikRzkHjZXNkWNTt6JNqH6HC8LJlR0wPd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a055dbe32bbbf-FRA

GET
H3 200 de.js Show response
static.addtoany.com/menu/locale/ 750 B
1018 B 56ms
56ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/locale/de.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 27524
cf-polished: origSize=902
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"86610d84a116a5704d658324728b063f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2VCqZkLFLaAtDar4MG4Y2ucoUxuoBjhfPEe2%2BABo7WsaCHG83LEH5Ri0PWeW7nnMh9HK2zwHwe26VXLb5uk2LBQ6blDdjJ7WmmzLwr4vfER0aw%2FivTiL3XRXKKyL6JkL%2FvR5rzXGWr5wpqwXMuBEeBHd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 893a05642e2f3a78-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 645 B
905 B 105ms
105ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"af2b829f9b79fabec7c0148a8b7e444b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WnswcjeCkrAfqx1RAcmUYzTDf16X4vk6Rj4W%2BNvx7Pz0RrMI8aBthxQ3aN3cD96TVg08dzZDPMCsU8XRdDGrTiLs%2F6vv8gWaL4EdullvcYcIpaJH1fL8EcJ%2FcpCsJjpKaHhWXPmD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 893a05642c5d2c77-FRA

GET
H3 200 linkedin.js Show response
static.addtoany.com/menu/svg/icons/ 435 B
830 B 73ms
72ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/linkedin.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"00b1b78053ab07c79bfea2e5a1db9d70"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8VsgmRlp22gGRP8ZDmUli3MndghkTBAKmaXEVrN%2FqNm59gSm%2FPPyDgKX%2FTQ2JNLVyuNohJfp5EQJ%2FmGgKaztp6tN0yAD%2BPDi%2BjH6ZRE8F0XdmI%2FVp1xM52YQXg1mDvPSvR05N0Hw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 893a05642c5e2c77-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 429 B
815 B 107ms
107ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"68925fa8e347041c6006837e73c518bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OjSitbWMkwfULBDhDtFuobkvGT%2BceH7ESknge%2FdiYZoSnLJ1emZZPVpQrGO%2BBTwIq0O%2FUdXrWuBkvjxwGKZf8wANUxSEptHDYKGpNcXpmUoB7k2aapgn3u0HOHlJobB5W%2FRpgAsM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 893a05642c5f2c77-FRA

GET
H3 200 email.js Show response
static.addtoany.com/menu/svg/icons/ 415 B
803 B 108ms
108ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/email.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"eb2119ad4221a9d01abc336e06962867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=36gNveoPSCOqFaKQH90nk8jop8lvMzOAWcPi3CHu26zbgN0hThfNVNNqMTx8R9e%2Fv1pW2diMm60OekHLDO6KAInA%2FpNy4JfXoQBxLeSTZZjb0JVuOXWwEPUpKPkt3Vu%2FRe1Ql%2F4K"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 893a05642c622c77-FRA

GET
H3 200 link.js Show response
static.addtoany.com/menu/svg/icons/ 1 KB
1 KB 95ms
94ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/link.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b1e450814698cfd54d68f041c25c741d2adbde4e8e31a256db1be23d413d96c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"dd9ed66e949db0815ba57f9db1b47951"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9sLhHZlQ3TgY5toT5tuSfUCNmWHfYRL4%2FA6%2BUk%2BB42ISpCYYblLydycThtKxsrdIDAVouweeJ4n9YYGp51jt%2Bqx9wp9GA4GzDqSMxwBezaOoJlWCeUERjojqXpiobuhX4NeguDi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 893a05642c662c77-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
677 B 99ms
98ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.activecountermeasures.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"0aca4ea1e5f8f250126a8e0c597dd969"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W5lpJji4L10cDMTTiWINfIaQaHLrRU7FnMwW6JT0kUfrDBDlU84Cm4ab%2BxusHi7eVqIECZRknNM4CP5G%2F2CDzFzQnrv6LpM%2FSVDAaaPNvdGbomXJsjwhtdrVQyR6mi1hyRwIeLiq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 893a05642c682c77-FRA

GET
H3

200

main.js Show response
www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/ Frame 483E
Redirect Chain

https://www.activecountermeasures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js

8 KB
0

0ms
0ms

Script
application/javascript

172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js

Protocol

Server

172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f2fa4ad380b11c9612f97710522d0066e12fb5931baa31d41d9802d13561439

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 14 Jun 2024 11:36:08 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxIX8Fchny7fy9Da2KZ4VYJhXLG8u7BYb6uRZe99n2yk4Pm0b9gbqXR9Z83aGhIMTzHRDchSb57xEZtKpVYPcL7mhClluDlbECZTo75TVKUE0p4RfSLWsB8dAKagHqu2Np%2Fm8Si4XRAhnhokZ%2FYW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 893a055b5a9ebbbf-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Fri, 14 Jun 2024 11:36:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ymvw20u3%2FhjbFd%2BM7MWONTHh4Oqj2qanrVjQjs4wQJTp3EnFtcBlstoByW6XnsXRAzhbZZFR1yRdNkPvzBvDLlvAYIf1jXq8Dfj4%2BrlgWRiL5MBj52AuRc6KKFYUFj21qOCedn9CR3l6xGvvx8bu"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
cache-control: max-age=300, public
cf-ray: 893a055afa13bbbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 wp-emoji-release.min.js Show response
www.activecountermeasures.com/wp-includes/js/ 18 KB
5 KB 437ms
437ms Script
application/x-javascript 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.4
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:10 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 5062
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Apr 2024 13:49:53 GMT
server: cloudflare
etag: "4926-615d26e04f20c-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Li%2BEhQzJl1DCqLjp1xFwnlp1uUyD2thqOGVyf43nFm2fv8Z76sRom8xIzt4wim0OxRtWIi4udiNham9adWl4RmKE%2FChtP2FfCnLt%2F8TIE4YxbQk1p0r8%2B8gaUgdBd15siMw8bnkNl45nKam6zoVL"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05643812bbbf-FRA

POST
H3 204 rum Show response
www.activecountermeasures.com/cdn-cgi/ 0
150 B 55ms
55ms XHR
text/plain 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.activecountermeasures.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.activecountermeasures.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 893a05645836bbbf-FRA

GET
H3 200 active_countermeasures_logo_360.png
www.activecountermeasures.com/wp-content/uploads/2021/11/ 5 KB
6 KB 160ms
160ms Image
image/png 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.activecountermeasures.com/wp-content/uploads/2021/11/active_countermeasures_logo_360.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c5c74d3129385289cd8f856ea1958ea01d9615a9b9c8e1abf6ab7846102dcb1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=7567, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 5306
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: imgq:100,h2pri
last-modified: Thu, 04 Nov 2021 13:58:11 GMT
server: cloudflare
etag: "1d8f-5cff6eaca06c2"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ss3uH2nB5eAiwwjraN%2Bjol5cfNiJyKQjIl%2FGD%2Fgm0XVyIlLaXUYYpJBNaTh%2B%2Ffzs5pd1e12ZZTka20lVQVvF6JtNK4rF%2BW0W%2Bt%2FvGWApJKojDrze4vfJjbC%2FHvpq%2BNXWGu51yWh65UaRP0BtiWBd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05646845bbbf-FRA

GET
H3 200 blog_feature_malware_of_the_day.jpg
www.activecountermeasures.com/wp-content/uploads/2020/06/ 243 KB
243 KB 151ms
151ms Image
image/jpeg 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.activecountermeasures.com/wp-content/uploads/2020/06/blog_feature_malware_of_the_day.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8ac0812ffc19057719e5081bec7e3a41a8215feb448952d88cf8d2e6b4c3d5a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=271407, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 248616
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: imgq:100,h2pri
last-modified: Mon, 22 Jun 2020 15:29:19 GMT
server: cloudflare
etag: "4242f-5a8ade80a75f9"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUya7VU2iuOUOd1D3r8X5VT9gnAa%2FL7qwbraSbx4rtgpJ9eBaYSpZSBET98lE2yuEFFkLQYycLtK%2F9fKsEjX8pXsFADH0t439jCYiBdNm92UUijcgFi%2FonmuPHl1KpORVKKTnXCnuRTtC2fq2bIQ"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a05646849bbbf-FRA

GET
H3 200 ac_icon_white_trans_small.png
www.activecountermeasures.com/wp-content/uploads/2021/11/ 856 B
1 KB 157ms
157ms Image
image/png 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.activecountermeasures.com/wp-content/uploads/2021/11/ac_icon_white_trans_small.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09ce9b743f1d376a3229305975ca1b926249fb9fa4b08423a5ab555e6faf611a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=971, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 856
pragma: public
referrer-policy: no-referrer-when-downgrade
cf-bgj: imgq:100,h2pri
last-modified: Thu, 04 Nov 2021 14:44:12 GMT
server: cloudflare
etag: "3cb-5cff78f603cdf"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mKWz88kmQH4cP1ub2acDEytlWxu4nDLcZQ62JIsPsw05HyrXgxk3T9%2FE57%2BbAvOe9N3jcypWeyM6SNFspdZgTo0io7jiYm7yWizY821u9koEwxMXS95nmq4BKXphXC9UM79wyINfb7Z1sjE3wxuD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 893a0564684cbbbf-FRA

POST
H3 200 893a05562a95bbbf Show response
www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 483E 0
703 B 75ms
73ms XHR
text/plain 172.67.70.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.activecountermeasures.com/cdn-cgi/challenge-platform/h/g/jsd/r/893a05562a95bbbf
Requested by: Host: www.activecountermeasures.com
URL: https://www.activecountermeasures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.70.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 14 Jun 2024 11:36:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pkFnUx6R2ZizdMEYaEJnp55knww%2BNlJpNLSqYekJuX0T620lVmBDWilLR1lIDEiUA1mtOFslMPrxoVoybqUM9ZcKJZENkx3kdPohxCxbfuijPjOajS4w6uqVDX1P%2B9d3TGTiDp7c%2F1afcEkDuSTH"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 893a0564c8dbbbbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 1f60a.svg
s.w.org/images/core/emoji/15.0.3/svg/ 1 KB
891 B 123ms
38ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/15.0.3/svg/1f60a.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

bda4e6d76f6b82b87f43755d551b36dd7cfb0d0117fb798435270e7c1127a87e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 14 Jun 2024 11:36:10 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Jan 2024 01:18:34 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.activecountermeasures.com/	1970-01-21 06:55:24	Name: _ga_DXWPFNJDJT Value: GS1.1.1718364968.1.0.1718364968.0.0.0
.activecountermeasures.com/	1970-01-21 06:55:24	Name: _ga Value: GA1.1.1476317158.1718364969
.activecountermeasures.com/	1970-01-21 06:05:00	Name: cf_clearance Value: PpmDyvGsR3Oz9tCwyePnRC95fsPVAVccs3Zpg2x0AJ4-1718364969-1.0.1.1-tGp.CCmvVwnzygzj2Yt_aBuvlyxyyrZ.5u10GgilxBbk4sqWZ0Q2_sXrs5Kg_3R2818ljpIRIRsEWwwVPbwA9Q

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.activecountermeasures.com/malware-of-the-day-xenorat/(Line 1706) Message: Unrecognized feature: 'web-share'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
s.w.org
static.addtoany.com
static.cloudflareinsights.com
www.activecountermeasures.com
www.googletagmanager.com
172.67.39.148
172.67.70.5
192.0.77.48
2001:4860:4802:34::36
2606:4700::6810:5049
2a00:1450:4001:80f::2008
2a00:1450:4001:810::200a
2a00:1450:4001:829::2003
09ce9b743f1d376a3229305975ca1b926249fb9fa4b08423a5ab555e6faf611a
0cac6891a23705b03aa3b895386e49b8e32c7a5ebe430736eefe1ab0fcbb0b9d
108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d
181c6a4571ebc6111a09eda1ace0f9f3aa4085445fd9642e71997433f8643cd7
181ed1cf1034d965fdbfb7d647bc9e8cbdf9cc9098ecb5fb2d6947458953312d
186405e5be1eb65fabff6db3f8cb6a8d187cb2a841a81fbdcad1c1b92b385c26
1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367
1b1e450814698cfd54d68f041c25c741d2adbde4e8e31a256db1be23d413d96c
22333072914ab0a88d90af09fe24164ebda01d6806be167616008216f6ec6cd0
24d4d543bbeadbd760863ea450a255864acb17df7e254d5893c8c4b2845f6718
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710
28f87f54084a40287dc3c92c712e69740ae1d40bd71b4681a1966666fd006882
3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636
316868f97d2f29e79b0fa3501b5e72f84f3f4076a47a024936553dcc49e1aeb1
33b8600b69751910c3d3c796dd6cd8458908f5cc78e0f7599b8a86063282ef3c
3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791
3d61ce954cdcf7aa4c73c4e1c112173e7f321f834e2eee36450d1bf52a67a459
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
41a8cfe032bccf31f3cb7831fae064b8eae3e360e9e05c1050df960fa66e7e76
4a93011dac9b4fa2940166596913eefa3556784840266c56ea23c428c6507072
4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49
4b922cd2320e1fd135be8bfd8b837751e33b74796016b9bf947693a86daad819
4e446e4aa86d06c0bb23eff5ae8d624b67ac59f5871b9dd827892336046b71e4
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
505685c2ae74d1a8669a151310ea9b81d51789fa0e98e08e08cd7a6e4c00d984
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5299510acf6fe0a5d526f558fa9f914a8e50e2294051787b9298f220fe687727
55d6e6cb4b9cd5c54dd785a425eaf9cea2a4b6974cb7d8f911afba870a92c3df
584ce991c19927142e6ba992e35efb311f4e871da083c6dbab4bafffeed265b0
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
61e7ea9b0914cc8f177a4a64c4e1cfd9b8944bf15f521b74c3e76f211ac2fc39
6543ced22e1b44f1491f45be88aabd85a3ac0c3a417f8bdd864e89d3dc2ddc6b
65c748d689c0545d4daac37cd3ca006df12762c288c9d22ec083909e958f56d6
66d0c8cbacc09ad8746e64ad28d887186d1f060f04c388c2f1102ee346120a8c
69c0162d9102848858454ae467402cd402138ac95789c79947745cde0cf7b937
6a3be482b638902ee50f1fd6fa381129cb2d865d79f9c88c77944dceb3ff61e1
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3
6f0e687b1fdb8e4fe338b3300308c0dd0d4885df981c4eac19f82716e0110cb7
726ff40d075e5ec7b330200773da043166cde555a215547d51829b213cf4e2bd
7367f56df6f632ec0a79534fbdffbb84ad5e38a03ea3101462a93f338c3d59fa
7a6c6365cb47e4fdad4b920bd86144b85dce83eec7c63d524945160a1456ec5a
7b366ba6e5af0888822d8a5527cb62fc5bc2207170a0cb7af43e6b8d7cc660f6
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
825431019786a96e1b074d558df3877af33f0d9992e1c876b9a626b193f82364
8430db3fbadc3837e1dc01722a56a1de6347c4b376fb9e1715265502e447efda
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8f2fa4ad380b11c9612f97710522d0066e12fb5931baa31d41d9802d13561439
91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805
96f3602631ee2fd4875ed116bdc278cda0284663d288dd210947679fc35ba244
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
9b26566a05b99c2d785d9a7866e04838aa9b361c74c79c4bc966d56aaf32b6d4
9c5c74d3129385289cd8f856ea1958ea01d9615a9b9c8e1abf6ab7846102dcb1
a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8
a9719b799bb11807831814b4dc3c69da90eda8d439fd3d96dbab3b0c2e5cffdf
a9bf6372257ad5bb1666620210796f1b35da6ae0f0f292ffa961c7c8fb6f2fd4
b2b513d915ee0689890c4c17b634c139f58067a1b0ec3513e21886945b215c66
b573a17501b5f13af5c2dc2a1c690d10f366b814f9acca4cb21098b033c9a05b
b87b2986e027a44612be6cf277221ad2d93b96f3ec1e58174d9c7652529d995f
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
baa6ac17c75ea2117a2b302b7b7c74571f094c89cc5844e58aecea615e919008
bda4e6d76f6b82b87f43755d551b36dd7cfb0d0117fb798435270e7c1127a87e
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2430eea46482d09798ced4106070b559f066b7784c179f0b5d9b27f2783d10e
c6c56660b1b72d9c12f7c0156cce0f14f40ae2e904f8baac60359dd48acfa229
c7d4e0022745a7ee6ff15dc70ee7c99d7bf5cfa6293d844e5eae1c1349726452
c8ac0812ffc19057719e5081bec7e3a41a8215feb448952d88cf8d2e6b4c3d5a
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727
d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453
d5e33ab119ed232274f59351604aed1e15733dfb690b65d60341acd6b22a1e0b
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d7d6838f61d388fb632db71bb55e1d548ced9aa235639facb6a56041af6e6662
d8b4506d5f080ea0ce0155a4f6ac1582c24043c95d7ab968b829007523f95f84
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
dd32bf3baf4d2fc408e19fdb22950101832f9aa393df679c845f62eaf9ff052b
e1ed19f0a3269453da38aca1d44445e4670df3d503c7ef18ad61c589576337e1
e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c
e2bb83771b8fb190d17ca13302493e2c66d42a9fcba8002a7ab93510fac8134c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7848b8bc373842695440f0a638469cbf0aba43654429331e8abc8ad765dac59
ec7604868bf424559ba7ca56ad5876bd5f45c804f86badbf5c86cd7f22edbf05
f243b6d6701972ac504910bd023cd764f96e04cc0222317b111c74c124f8f1da
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

www.activecountermeasures.com Open in urlscan Pro 172.67.70.5 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

83 Requests

96 %HTTPS

63 %IPv6

8 Domains

8 Subdomains

9 IPs

2 Countries

1170 kBTransfer

2967 kBSize

3 Cookies

29 Outgoing links

Redirected requests

83 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.activecountermeasures.com Open in urlscan Pro
172.67.70.5 Public Scan

Screenshot
Live screenshot

Full Image

83
Requests

96 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

9
IPs

2
Countries

1170 kB
Transfer

2967 kB
Size

3
Cookies

83 HTTP transactions
15 data transactions