www.rewterz.com Open in urlscan Pro
198.199.112.140  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79

• https://region1.analytics.google.com/g/collect?v=2&tid=G-2H1K10XHV5&gtm=45je46j0v889293908za200&_p=1719302178725&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=206847757.1719302181&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1719302181&sct=1&seg=0&dl=https%3A%2F%2Fwww.rewterz.com%2Fthreat-advisory%2Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs&dt=Oyster%20Backdoor%20Distributes%20via%20Trojanized%20Downloads%20of%20Frequently%20Used%20Software%20%E2%80%93%20Active%20IOCs%20Oyster%20Backdoor%20Distributes%20via%20Trojanized%20Downloads%20of%20Frequently%20Used%20Software%20%E2%80%93%20Active%20IOCs%20-%20Rewterz&en=page_view&_fv=2&_ss=1&_c=1&tfd=28092&_z=fetch HTTP 302
• https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=206847757.1719302181&dbk=6839877693252260365&dma=1&dma_cps=sypham&en=page_view&gtm=45je46j0v889293908za200&npa=1&tid=G-2H1K10XHV5&dl=https%3A%2F%2Fwww.rewterz.com%3F

Request Chain 100

• https://c.clarity.ms/c.gif HTTP 302
• https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F2402582063F4E69AE47077A72CD5079&RedC=c.clarity.ms&MXFR=09E2809E8C7F642D177E9437887F6A03 HTTP 302
• https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=F2402582063F4E69AE47077A72CD5079&MUID=2190C315809A69022992D7BC81116860

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Show response www.rewterz.com/threat-advisory/	240 KB 37 KB	25361ms 24715ms	Document text/html	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 88b8c90afab412db9071ac7736cfda4fa57529ef110316d9b71987bac5d845af Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 37135 Content-Type text/html; charset=UTF-8 Date Tue, 25 Jun 2024 07:55:54 GMT Keep-Alive timeout=5, max=100 Link <https://www.rewterz.com/wp-json/>; rel="https://api.w.org/" <https://www.rewterz.com/wp-json/wp/v2/posts/33441>; rel="alternate"; type="application/json" <https://www.rewterz.com/?p=33441>; rel=shortlink Server Apache Vary Accept-Encoding
GET H2	200	js Show response www.googletagmanager.com/gtag/	209 KB 75 KB	164ms 67ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-2844962-1 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash b8c2521ef4902a964ca33d516ca292325ba79d443c98b7c67a7b2719a7ece526 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 76823 x-xss-protection 0 last-modified Tue, 25 Jun 2024 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 25 Jun 2024 07:56:18 GMT
GET H/1.1	200 OK	style.min.css www.rewterz.com/wp-includes/css/dist/block-library/	111 KB 15 KB	1464ms 1461ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Wed, 03 Apr 2024 02:17:47 GMT Server Apache ETag "1bae5-61527d4217ed7-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14991
GET H/1.1	200 OK	general.min.css www.rewterz.com/wp-content/plugins/wp-job-openings/assets/css/	38 KB 7 KB	385ms 208ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/wp-job-openings/assets/css/general.min.css?ver=3.4.6 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 144ee8fd3d8997d932fe2b5497979e7cde8fda86b41b0c6e32e47faa8e1157e7 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:18 GMT Content-Encoding gzip Last-Modified Mon, 15 Apr 2024 08:18:41 GMT Server Apache ETag "96c7-6161e44ebd013-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 6453
GET H/1.1	200 OK	style.min.css www.rewterz.com/wp-content/plugins/wp-job-openings/assets/css/	18 KB 4 KB	594ms 215ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/wp-job-openings/assets/css/style.min.css?ver=3.4.6 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 36b74f0c72674951730e13d210bf20cbab196d2b93b00871195e03116dffc9d8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Mon, 15 Apr 2024 08:18:41 GMT Server Apache ETag "4985-6161e44ebd013-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4087
GET H/1.1	200 OK	be.css www.rewterz.com/wp-content/themes/betheme/css/	467 KB 78 KB	1209ms 823ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/css/be.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 87a7e0925a64f451f9c972b340b3f8949f5f7d48c321998260f0d3ed2a684b29 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "74b2d-6196eb0a205b1-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	animations.min.css www.rewterz.com/wp-content/themes/betheme/assets/animations/	58 KB 6 KB	595ms 210ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/assets/animations/animations.min.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 622a07604bb0030ba7094f0f1dcb5d1e9080164fd6ba4071a73452802378b55b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "e83d-6196eb0a12aef-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 5588
GET H/1.1	200 OK	fontawesome.css www.rewterz.com/wp-content/themes/betheme/fonts/fontawesome/	59 KB 13 KB	832ms 238ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/fonts/fontawesome/fontawesome.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 6a8f55d140604ca7fed7724ee5d45c06d445673636211543d30959c317a98a4b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "ed1d-6196eb0a43837-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 12852
GET H/1.1	200 OK	jplayer.blue.monday.min.css www.rewterz.com/wp-content/themes/betheme/assets/jplayer/css/	9 KB 2 KB	807ms 211ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monday.min.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 10f8e5f272c9ae8c8271ab51d7310aaf9c9bed694104dbe6ff10d99849d19ab8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "25ef-6196eb0a12aef-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 2056
GET H/1.1	200 OK	responsive.css www.rewterz.com/wp-content/themes/betheme/css/	67 KB 12 KB	1002ms 194ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/css/responsive.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 910348154b70d3e7c29d12550136c24ef013edb5838f12f6525400b939c04b87 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "10b52-6196eb0a205b1-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 12363
GET H2	200	css fonts.googleapis.com/	14 KB 952 B	138ms 49ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2ac498757970d47e51cf8f3b5f884190997c2588f30fe0f6c550b1afce8470f4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Tue, 25 Jun 2024 07:56:18 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 25 Jun 2024 07:56:18 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 25 Jun 2024 07:56:18 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 915 B	137ms 48ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Barlow%3A400%2C700&display=swap&ver=6.5.5 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 71814105001732d3edb373504d80dee3c6d155d3feb52deb297d886452ed9c5c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Tue, 25 Jun 2024 07:56:18 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 25 Jun 2024 07:52:03 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 25 Jun 2024 07:56:18 GMT
GET BLOB	200 OK	3e0e1d8e-d7a7-4b8e-89ea-15162c98698a https://www.rewterz.com/	1 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://www.rewterz.com/3e0e1d8e-d7a7-4b8e-89ea-15162c98698a Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Length 1185 Content-Type text/javascript
GET H/1.1	200 OK	jquery.min.js Show response www.rewterz.com/wp-includes/js/jquery/	86 KB 30 KB	1062ms 237ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Wed, 08 Nov 2023 02:17:40 GMT Server Apache ETag "15601-6099ab10f7ffe-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 30368
GET H/1.1	200 OK	jquery-migrate.min.js Show response www.rewterz.com/wp-includes/js/jquery/	13 KB 5 KB	1137ms 247ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:19 GMT Content-Encoding gzip Last-Modified Wed, 09 Aug 2023 02:17:44 GMT Server Apache ETag "3509-6027415c207df-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4872
GET H/1.1	200 OK	logo_SVG-01.svg www.rewterz.com/wp-content/uploads/2022/11/	698 B 970 B	445ms 194ms	Image image/svg+xml	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2022/11/logo_SVG-01.svg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 69840f2a0ed40b27bc7e919cc3c2c68be1dc3e1343c60bd21a4741af9abb8011 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:20 GMT Last-Modified Tue, 01 Nov 2022 09:38:43 GMT Server Apache ETag "2ba-5ec657d6fc196" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 698
GET H/1.1	200 OK	xdrLogo.png www.rewterz.com/wp-content/uploads/2023/01/	22 KB 22 KB	1259ms 198ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/xdrLogo.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash d7eb51bb7aabba4a0d85a021d286e20bc61936489cb99799df6fcb9cca869222 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:20 GMT Last-Modified Thu, 05 Jan 2023 09:23:34 GMT Server Apache ETag "5671-5f180daefe39c" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 22129
GET H/1.1	200 OK	center_new.png www.rewterz.com/wp-content/uploads/2023/01/	139 KB 139 KB	316ms 206ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/center_new.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 69669e774c4670c09ac0ece7710be2e33fedcb9d09b3a1c8d0eee21ec34a0818 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:20 GMT Last-Modified Fri, 06 Jan 2023 12:13:11 GMT Server Apache ETag "22b14-5f1975757bf86" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 142100
GET H/1.1	200 OK	studio_01_Mascot_New.png www.rewterz.com/wp-content/uploads/2023/03/	747 KB 747 KB	191ms 191ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/03/studio_01_Mascot_New.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 0d73eb7b3d25c799af7030f4a09d2f3e72a34363c2138394ba64ab1949e0715c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:20 GMT Last-Modified Tue, 07 Mar 2023 11:04:37 GMT Server Apache ETag "baaf9-5f64d60a1ddb8" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 764665
GET H/1.1	200 OK	News.jpg www.rewterz.com/wp-content/uploads/2023/01/	39 KB 39 KB	238ms 227ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash eeeb610a66540dad1c431b5b5c26bbf158e4bced839b8dff70c19da14c13854d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache ETag "9a04-5f1711067d368" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 39428
GET H/1.1	200 OK	16.jpg www.rewterz.com/wp-content/uploads/2023/01/	564 KB 564 KB	260ms 260ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/16.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 012e41bd55f857e7c536648c35aec07874e675ce185f8cbeec60321033216ff3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Last-Modified Mon, 02 Jan 2023 10:09:41 GMT Server Apache ETag "8cee8-5f145264d5423" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 577256
GET H/1.1	200 OK	pdf-file-1.png www.rewterz.com/wp-content/uploads/2023/01/	2 KB 2 KB	204ms 198ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/pdf-file-1.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 5bfe5d69340acac94e1b747712544d0159bee54813320aabe93d515627fa491f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Last-Modified Mon, 02 Jan 2023 10:28:27 GMT Server Apache ETag "842-5f145696c5f02" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 2114
GET H/1.1	200 OK	play_btn_Small.png www.rewterz.com/wp-content/uploads/2023/01/	20 KB 20 KB	213ms 212ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/play_btn_Small.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash dd13bf8404f7b89c916472f108c02bc5ff01c4e2b0a7b69e25fc6866167b7f2a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Last-Modified Mon, 02 Jan 2023 13:48:02 GMT Server Apache ETag "4e60-5f1483333c4e4" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 20064
GET H/1.1	200 OK	play_btn_hover_Small.png www.rewterz.com/wp-content/uploads/2023/01/	20 KB 20 KB	227ms 226ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/play_btn_hover_Small.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 33b724f0a45fe4e11d070c9b03014746021873af3f8c59e00219d41a63d93158 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Mon, 02 Jan 2023 13:48:03 GMT Server Apache ETag "4f1d-5f148333f4e19" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 20253
GET H/1.1	200 OK	leadership.png www.rewterz.com/wp-content/uploads/2023/01/	50 KB 50 KB	204ms 202ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/leadership.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ea89b577a7f8970538905ed7405dd6bf3c37ff5a36e311cecb9442efd7c75ad8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Mon, 02 Jan 2023 13:20:21 GMT Server Apache ETag "c8cd-5f147d02fc1d4" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 51405
GET H/1.1	200 OK	help.png www.rewterz.com/wp-content/uploads/2023/01/	26 KB 26 KB	214ms 214ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/help.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash a27e221b35f35950178fbc5afe974015a5f485b5ae91ca8ffe5847e768a3c1ee Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Mon, 02 Jan 2023 13:24:37 GMT Server Apache ETag "689c-5f147df77eabf" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 26780
GET H/1.1	200 OK	News-167x146.jpg www.rewterz.com/wp-content/uploads/2023/01/	2 KB 2 KB	345ms 324ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News-167x146.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash fb1638da998fdcaf1b3ad55c3e07fa85a4dd668c6d52b1e38423ef35edc7dd7c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache ETag "868-5f171106d9033" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=90 Content-Length 2152
GET H/1.1	200 OK	logo_SVG-01-svg.svg www.rewterz.com/wp-content/uploads/2023/03/	702 B 974 B	302ms 257ms	Image image/svg+xml	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/03/logo_SVG-01-svg.svg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 253aac5658624549e30b156b64476a924aca040cb36538cfdf46dcdac5579923 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Fri, 10 Mar 2023 23:23:22 GMT Server Apache ETag "2be-5f6940c18b4bb" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=87 Content-Length 702
GET H3	200	widget.js Show response widget.clutch.co/static/js/	17 KB 7 KB	294ms 66ms	Script text/javascript	104.18.69.32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://widget.clutch.co/static/js/widget.js Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.69.32 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 994da3408a56728cd11a29c1f7fd9d3b7d41d5e94eb6dcc98a585c6832f7435c Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:21 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 07 Mar 2024 08:44:04 GMT server cloudflare strict-transport-security max-age=2592000 age 1820884 vary Accept-Encoding content-type text/javascript; charset=utf-8 cache-control max-age=2592000000000000 cf-ray 89936687c877bbbd-WAW alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	divider-2.css www.rewterz.com/wp-content/themes/betheme/css/elements/	138 KB 49 KB	1712ms 1701ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/css/elements/divider-2.css?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash d96ae3f9718f46225174532e9c446f4a1979b2bda1d7822fb92ee7a18cb6d5ef Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "2269b-6196eb0a205b1-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 49658
GET H/1.1	200 OK	post-15053.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 1012 B	213ms 200ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15053.css?ver=1719302170 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash f12c0ebc91ff90bd7d8b20d0c724e0fb32021a933a6b0ff9ca656213172f89c1 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Fri, 10 Mar 2023 22:20:41 GMT Server Apache ETag "d7f-5f6932bf94a8e-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 693
GET H/1.1	200 OK	post-14912.css www.rewterz.com/wp-content/uploads/betheme/css/	9 KB 1 KB	205ms 185ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-14912.css?ver=1719302170 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 4e8a9350b17a5c92c5c33ae67cfbc575c50bb24e063ae6c67de39f434e268504 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 12:33:32 GMT Server Apache ETag "258b-5f197a028f6f5-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 947
GET H/1.1	200 OK	post-15034.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 810 B	227ms 199ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15034.css?ver=1719302171 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 2ac04cbc489f6c69a5bed5993816ca5a983e6c10dd14cab2092596964f74beeb Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Mon, 13 Mar 2023 16:52:33 GMT Server Apache ETag "a8c-5f6caeffd50ef-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 491
GET H/1.1	200 OK	post-15056.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 1021 B	232ms 189ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15056.css?ver=1719302172 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 7d271fad56254d6d2b53764d13141e2e7e6027a58bac4022d0517e5c62c52e22 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Fri, 03 May 2024 09:10:36 GMT Server Apache ETag "bcc-6178917c39fe4-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 701
GET H/1.1	200 OK	post-15053.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 1012 B	185ms 185ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15053.css?ver=1719302172 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash f12c0ebc91ff90bd7d8b20d0c724e0fb32021a933a6b0ff9ca656213172f89c1 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Fri, 10 Mar 2023 22:20:41 GMT Server Apache ETag "d7f-5f6932bf94a8e-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 693
GET H/1.1	200 OK	post-14912.css www.rewterz.com/wp-content/uploads/betheme/css/	9 KB 1 KB	209ms 209ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-14912.css?ver=1719302173 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 4e8a9350b17a5c92c5c33ae67cfbc575c50bb24e063ae6c67de39f434e268504 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 12:33:32 GMT Server Apache ETag "258b-5f197a028f6f5-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 947
GET H/1.1	200 OK	post-15034.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 810 B	192ms 191ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15034.css?ver=1719302173 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 2ac04cbc489f6c69a5bed5993816ca5a983e6c10dd14cab2092596964f74beeb Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Mon, 13 Mar 2023 16:52:33 GMT Server Apache ETag "a8c-5f6caeffd50ef-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 491
GET H/1.1	200 OK	post-15056.css www.rewterz.com/wp-content/uploads/betheme/css/	3 KB 1020 B	229ms 228ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-15056.css?ver=1719302174 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 7d271fad56254d6d2b53764d13141e2e7e6027a58bac4022d0517e5c62c52e22 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Fri, 03 May 2024 09:10:36 GMT Server Apache ETag "bcc-6178917c39fe4-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 701
GET H/1.1	200 OK	post-33441.css www.rewterz.com/wp-content/uploads/betheme/css/	269 B 470 B	209ms 208ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/betheme/css/post-33441.css?ver=1719302175 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash da1d49283cabce89750e4a32587b994f05e347bc463c96b9c2eed9d4e828007c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Mon, 24 Jun 2024 05:02:34 GMT Server Apache ETag "10d-61b9bb07a3c8c-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 151
GET H/1.1	200 OK	rs6.css www.rewterz.com/wp-content/plugins/revslider/public/assets/css/	57 KB 12 KB	231ms 231ms	Stylesheet text/css	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 95f59f9a4a19697496edc01bb55011ea4056f90625cc816a7f18256f056a6258 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Tue, 01 Nov 2022 08:24:40 GMT Server Apache ETag "e394-5ec647490eac1-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 12467
GET H2	200	6553015.js Show response js.hs-scripts.com/	2 KB 1 KB	269ms 83ms	Script application/javascript	2606:4700::6810:8bd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e5d48c5f9534296932c469f2da5541993e6710fbfad2252a3f1b4325e9969846 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT x-hubspot-correlation-id d562027a-3250-4c79-92f6-eba0d2375537 x-evy-trace-route-service-name envoyset-translator cf-polished origSize=2007 age 6 x-envoy-upstream-service-time 7 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d562027a-3250-4c79-92f6-eba0d2375537 cf-bgj minify last-modified Tue, 25 Jun 2024 07:56:15 GMT server cloudflare access-control-max-age 3600 vary origin, Accept-Encoding content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-zbxnk x-evy-trace-virtual-host all access-control-allow-credentials true cache-control public, max-age=90 cf-ray 899366890ced1e31-FRA expires Tue, 25 Jun 2024 07:57:51 GMT
GET H/1.1	200 OK	rbtools.min.js Show response www.rewterz.com/wp-content/plugins/revslider/public/assets/js/	161 KB 61 KB	462ms 458ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Content-Encoding gzip Last-Modified Tue, 01 Nov 2022 08:24:40 GMT Server Apache ETag "285db-5ec647490eac1-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91
GET H/1.1	200 OK	rs6.min.js Show response www.rewterz.com/wp-content/plugins/revslider/public/assets/js/	397 KB 104 KB	679ms 676ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 1544b2ce742950f3428a134f1f3043cf841ba73639f19f04ded8c9e0e5d893c5 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Content-Encoding gzip Last-Modified Tue, 01 Nov 2022 08:24:40 GMT Server Apache ETag "63433-5ec647490eac1-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93
GET H/1.1	200 OK	script.min.js Show response www.rewterz.com/wp-content/plugins/wp-job-openings/assets/js/	48 KB 15 KB	360ms 358ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/plugins/wp-job-openings/assets/js/script.min.js?ver=3.4.6 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash f5c4ba1964e745443a0c654fc82f22e7e540e84da7c72d20ea85451cc79a035a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Mon, 15 Apr 2024 08:18:41 GMT Server Apache ETag "be7c-6161e44ec0e94-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 15206
GET H/1.1	200 OK	core.min.js Show response www.rewterz.com/wp-includes/js/jquery/ui/	21 KB 7 KB	198ms 197ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Content-Encoding gzip Last-Modified Thu, 30 Mar 2023 02:17:41 GMT Server Apache ETag "53be-5f814b283f089-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 7099
GET H/1.1	200 OK	tabs.min.js Show response www.rewterz.com/wp-includes/js/jquery/ui/	12 KB 4 KB	265ms 264ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.2 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 6a0d53f68e013dac42a52a5264c5d28a12a06b6bc7cc1d63bc2d385558bd2dd7 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Wed, 02 Nov 2022 02:21:52 GMT Server Apache ETag "2ea1-5ec7380f14fe2-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 3915
GET H/1.1	200 OK	debouncedresize.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	472 B 630 B	326ms 325ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/debouncedresize.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 7c5a0e187e68ccbf13dafd079e2c46c7917cc60b6959e5a881da324958f34d92 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "1d8-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 297
GET H/1.1	200 OK	magnificpopup.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	20 KB 7 KB	217ms 216ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/magnificpopup.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 82705acbecdd84306ce33e08f576eca6a688896895e6e48d1c36a4071fcba14e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "4f10-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=90 Content-Length 7323
GET H/1.1	200 OK	menu.js Show response www.rewterz.com/wp-content/themes/betheme/js/	3 KB 1 KB	252ms 252ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/menu.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash e31562bbd4b9f377eec9662b440b0c1262ff73f7e85c3a6e3639635e4516013f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "b2b-6196eb0a3ab95-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 1015
GET H/1.1	200 OK	visible.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	608 B 711 B	254ms 254ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/visible.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 8ecf312a51fd23a6d2258191745ab900d7f393a4633515e0df6305cde42b1a3a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "260-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=89 Content-Length 378
GET H/1.1	200 OK	animations.min.js Show response www.rewterz.com/wp-content/themes/betheme/assets/animations/	2 KB 960 B	220ms 219ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/assets/animations/animations.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash aeae8ba7d9c8ee997a8ddb5f5ec82381ed7851b750e4d1f466a1f19fad7a8462 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "726-6196eb0a12aef-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 627
GET H/1.1	200 OK	jplayer.min.js Show response www.rewterz.com/wp-content/themes/betheme/assets/jplayer/	51 KB 13 KB	201ms 201ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 6e6c69ba30da65996fe5cfd06a9248ad71966d7f05781b646d87358a7e202511 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "cd61-6196eb0a12aef-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 12708
GET H/1.1	200 OK	enllax.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	2 KB 862 B	244ms 244ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/enllax.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash c24a7908e8bccfb36947de91ab342f33f1c966b31f50ed1fb83d9d8b3d579a1f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "604-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 529
GET H/1.1	200 OK	translate3d.js Show response www.rewterz.com/wp-content/themes/betheme/js/parallax/	4 KB 2 KB	241ms 240ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/parallax/translate3d.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 19906e9585e0f90c005878ee2c63fcd8d1ed933a0ef6bea16bb1a2226b075b40 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "fd1-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 1318
GET H/1.1	200 OK	scripts.js Show response www.rewterz.com/wp-content/themes/betheme/js/	148 KB 30 KB	552ms 551ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/scripts.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 1ef9b3a9a62d4ecac0a9b50252a5fb54936773d6a9cf21c50433c8a9b0f27d5b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "25168-6196eb0a3cad6-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=88 Content-Length 30507
GET H/1.1	200 OK	isotope.min.js Show response www.rewterz.com/wp-content/themes/betheme/js/plugins/	34 KB 10 KB	236ms 235ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/js/plugins/isotope.min.js?ver=27.4.4 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ee61cd1f7ca665a583657d1dee5250e253e8e05327557e4de1d1e8b6450804e0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Content-Encoding gzip Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "89eb-6196eb0a3bb36-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 9763
GET H2	200	js Show response www.googletagmanager.com/gtag/	301 KB 102 KB	102ms 74ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-2H1K10XHV5&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-2844962-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 427f01bac71dc9a5c242c3a7594143a001705dbde82c8bc2b0ff99e8d438e3d3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:21 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 104403 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 25 Jun 2024 07:56:21 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	214ms 40ms	Script text/javascript	2001:4860:4802:38::178 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-2844962-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 25 Jun 2024 07:41:03 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 918 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Tue, 25 Jun 2024 09:41:03 GMT
GET H2	200	m41k4nifgy Show response www.clarity.ms/tag/	655 B 1020 B	370ms 172ms	Script application/x-javascript	2620:1ec:29:1::72 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/tag/m41k4nifgy?ref=wordpress Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::72 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 8d9636f9c26198f382d0c3389cefad541c6ca3689ace1003be7df65583969503 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires -1 date Tue, 25 Jun 2024 07:56:21 GMT x-azure-ref 20240625T075621Z-1586678d48fzrw6g1f167q9wdn00000000g000000000knx5 x-cache CONFIG_NOCACHE content-type application/x-javascript cache-control no-cache, no-store accept-ranges bytes content-length 655 request-context appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
GET H/1.1	200 OK	logo_SVG-01.svg www.rewterz.com/wp-content/uploads/2022/11/	698 B 0	1ms 1ms	Image image/svg+xml	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2022/11/logo_SVG-01.svg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 69840f2a0ed40b27bc7e919cc3c2c68be1dc3e1343c60bd21a4741af9abb8011 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:20 GMT Last-Modified Tue, 01 Nov 2022 09:38:43 GMT Server Apache Accept-Ranges bytes ETag "2ba-5ec657d6fc196" Content-Length 698 Content-Type image/svg+xml
GET H/1.1	200 OK	News.jpg www.rewterz.com/wp-content/uploads/2023/01/	39 KB 0	0ms 0ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash eeeb610a66540dad1c431b5b5c26bbf158e4bced839b8dff70c19da14c13854d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache Accept-Ranges bytes ETag "9a04-5f1711067d368" Content-Length 39428 Content-Type image/jpeg
GET H/1.1	200 OK	xdrLogo.png www.rewterz.com/wp-content/uploads/2023/01/	22 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/xdrLogo.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash d7eb51bb7aabba4a0d85a021d286e20bc61936489cb99799df6fcb9cca869222 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:20 GMT Last-Modified Thu, 05 Jan 2023 09:23:34 GMT Server Apache Accept-Ranges bytes ETag "5671-5f180daefe39c" Content-Length 22129 Content-Type image/png
GET H/1.1	200 OK	center_new.png www.rewterz.com/wp-content/uploads/2023/01/	139 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/center_new.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 69669e774c4670c09ac0ece7710be2e33fedcb9d09b3a1c8d0eee21ec34a0818 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:20 GMT Last-Modified Fri, 06 Jan 2023 12:13:11 GMT Server Apache Accept-Ranges bytes ETag "22b14-5f1975757bf86" Content-Length 142100 Content-Type image/png
GET H/1.1	200 OK	studio_01_Mascot_New.png www.rewterz.com/wp-content/uploads/2023/03/	747 KB 0	0ms 0ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/03/studio_01_Mascot_New.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 0d73eb7b3d25c799af7030f4a09d2f3e72a34363c2138394ba64ab1949e0715c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:20 GMT Last-Modified Tue, 07 Mar 2023 11:04:37 GMT Server Apache Accept-Ranges bytes ETag "baaf9-5f64d60a1ddb8" Content-Length 764665 Content-Type image/png
GET H/1.1	200 OK	16.jpg www.rewterz.com/wp-content/uploads/2023/01/	564 KB 0	10ms 10ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/16.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 012e41bd55f857e7c536648c35aec07874e675ce185f8cbeec60321033216ff3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Last-Modified Mon, 02 Jan 2023 10:09:41 GMT Server Apache Accept-Ranges bytes ETag "8cee8-5f145264d5423" Content-Length 577256 Content-Type image/jpeg
GET H/1.1	200 OK	pdf-file-1.png www.rewterz.com/wp-content/uploads/2023/01/	2 KB 0	8ms 8ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/pdf-file-1.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 5bfe5d69340acac94e1b747712544d0159bee54813320aabe93d515627fa491f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Last-Modified Mon, 02 Jan 2023 10:28:27 GMT Server Apache Accept-Ranges bytes ETag "842-5f145696c5f02" Content-Length 2114 Content-Type image/png
GET H/1.1	200 OK	play_btn_Small.png www.rewterz.com/wp-content/uploads/2023/01/	20 KB 0	2ms 2ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/play_btn_Small.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash dd13bf8404f7b89c916472f108c02bc5ff01c4e2b0a7b69e25fc6866167b7f2a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:22 GMT Last-Modified Mon, 02 Jan 2023 13:48:02 GMT Server Apache Accept-Ranges bytes ETag "4e60-5f1483333c4e4" Content-Length 20064 Content-Type image/png
GET H/1.1	200 OK	play_btn_hover_Small.png www.rewterz.com/wp-content/uploads/2023/01/	20 KB 0	1ms 1ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/play_btn_hover_Small.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 33b724f0a45fe4e11d070c9b03014746021873af3f8c59e00219d41a63d93158 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Mon, 02 Jan 2023 13:48:03 GMT Server Apache Accept-Ranges bytes ETag "4f1d-5f148333f4e19" Content-Length 20253 Content-Type image/png
GET H/1.1	200 OK	leadership.png www.rewterz.com/wp-content/uploads/2023/01/	50 KB 0	1ms 1ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/leadership.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ea89b577a7f8970538905ed7405dd6bf3c37ff5a36e311cecb9442efd7c75ad8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Mon, 02 Jan 2023 13:20:21 GMT Server Apache Accept-Ranges bytes ETag "c8cd-5f147d02fc1d4" Content-Length 51405 Content-Type image/png
GET H/1.1	200 OK	help.png www.rewterz.com/wp-content/uploads/2023/01/	26 KB 0	1ms 1ms	Image image/png	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/help.png Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash a27e221b35f35950178fbc5afe974015a5f485b5ae91ca8ffe5847e768a3c1ee Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Mon, 02 Jan 2023 13:24:37 GMT Server Apache Accept-Ranges bytes ETag "689c-5f147df77eabf" Content-Length 26780 Content-Type image/png
GET H/1.1	200 OK	News-167x146.jpg www.rewterz.com/wp-content/uploads/2023/01/	2 KB 0	0ms 0ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/01/News-167x146.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash fb1638da998fdcaf1b3ad55c3e07fa85a4dd668c6d52b1e38423ef35edc7dd7c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:23 GMT Last-Modified Wed, 04 Jan 2023 14:33:12 GMT Server Apache Accept-Ranges bytes ETag "868-5f171106d9033" Content-Length 2152 Content-Type image/jpeg
GET H/1.1	200 OK	BG_RED.jpg www.rewterz.com/wp-content/uploads/2023/03/	159 KB 159 KB	190ms 189ms	Image image/jpeg	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.rewterz.com/wp-content/uploads/2023/03/BG_RED.jpg Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash ead896ede9c5838d91a0158c1f561fb5387133080c96be126310889390ea33b8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Last-Modified Tue, 07 Mar 2023 10:50:11 GMT Server Apache ETag "27a28-5f64d2d014e63" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 162344
GET H2	200	HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2 fonts.gstatic.com/s/barlowcondensed/v12/	21 KB 21 KB	196ms 95ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8320299532b4b81498d5b3714d49c9d5938883b55f4c2a1efe6f105bf4a942bd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 15:14:18 GMT x-content-type-options nosniff age 578523 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21440 x-xss-protection 0 last-modified Tue, 19 Apr 2022 18:46:45 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 15:14:18 GMT
GET H2	200	7cHpv4kjgoGqM7E_DMs5.woff2 fonts.gstatic.com/s/barlow/v12/	21 KB 21 KB	230ms 130ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:59:10 GMT x-content-type-options nosniff age 579431 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21144 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:43:23 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:59:10 GMT
GET H/1.1	200 OK	icons.woff2 www.rewterz.com/wp-content/themes/betheme/fonts/mfn/	70 KB 71 KB	196ms 192ms	Font application/octet-stream	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/themes/betheme/fonts/mfn/icons.woff2?11083851 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/wp-content/themes/betheme/css/be.css?ver=27.4.4 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash c0fa90ca6e7303bfcf6bfa7d412e8fc370c8c9b5188a6700a902be3ecc9e9456 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/wp-content/themes/betheme/css/be.css?ver=27.4.4 Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:21 GMT Last-Modified Mon, 27 May 2024 12:31:00 GMT Server Apache ETag "119c8-6196eb0a3da76" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 72136
GET H2	200	HTxwL3I-JCGChYJ8VI-L6OO_au7B47rxz3bWuQ.woff2 fonts.gstatic.com/s/barlowcondensed/v12/	20 KB 20 KB	142ms 43ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B47rxz3bWuQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash aa1895205efb0ef0fa4232b6289c46a12bf07b9493598c2d50d3afe6d9ce9d9d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:59:26 GMT x-content-type-options nosniff age 579415 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20180 x-xss-protection 0 last-modified Tue, 19 Apr 2022 18:34:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:59:26 GMT
GET H2	200	7cHqv4kjgoGqM7E3_-gs51os.woff2 fonts.gstatic.com/s/barlow/v12/	20 KB 21 KB	211ms 112ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:46:54 GMT x-content-type-options nosniff age 580167 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20960 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:18:28 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:46:54 GMT
GET H2	200	7cHqv4kjgoGqM7E3t-4s51os.woff2 fonts.gstatic.com/s/barlow/v12/	21 KB 21 KB	174ms 75ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 24 Jun 2024 11:19:34 GMT x-content-type-options nosniff age 74207 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21724 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:29:44 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 24 Jun 2025 11:19:34 GMT
GET H2	200	7cHrv4kjgoGqM7E_Cfs7wH8.woff2 fonts.gstatic.com/s/barlow/v12/	23 KB 23 KB	240ms 142ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlow/v12/7cHrv4kjgoGqM7E_Cfs7wH8.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 51d0115090b2cfd0cb581cbf62ee79bb94fdcb3f9c2432d39d3adacd8888ccef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 14:58:58 GMT x-content-type-options nosniff age 579443 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23564 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:09:09 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 14:58:58 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 207 B	48ms 46ms	XHR text/plain	2001:4860:4802:38::178 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1339990544&t=pageview&_s=1&dl=https%3A%2F%2Fwww.rewterz.com%2Fthreat-advisory%2Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs&ul=de-de&de=UTF-8&dt=Oyster%20Backdoor%20Distributes%20via%20Trojanized%20Downloads%20of%20Frequently%20Used%20Software%20%E2%80%93%20Active%20IOCs%20Oyster%20Backdoor%20Distributes%20via%20Trojanized%20Downloads%20of%20Frequently%20Used%20Software%20%E2%80%93%20Active%20IOCs%20-%20Rewterz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=854889841&gjid=183539952&cid=206847757.1719302181&tid=UA-2844962-1&_gid=1269523760.1719302181&_r=1&gtm=457e46j0za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&jsscut=1&npa=1&z=1118949812 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:21 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.rewterz.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	204	register-conversion region1.google-analytics.com/privacy-sandbox/ Redirect Chain https://region1.analytics.google.com/g/collect?v=2&tid=G-2H1K10XHV5&gtm=45je46j0v889293908za200&_p=1719302178725&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=206847757.1719302181&... https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=206847757.1719302181&dbk=6839877693252260365&dma=1&dma_cps=sypham&en=page_view&gtm=45je46j0v889293908za200&npa=1&ti...	0 0	104ms 87ms	Fetch text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=206847757.1719302181&dbk=6839877693252260365&dma=1&dma_cps=sypham&en=page_view&gtm=45je46j0v889293908za200&npa=1&tid=G-2H1K10XHV5&dl=https%3A%2F%2Fwww.rewterz.com%3F Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H2 Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.rewterz.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers pragma no-cache attribution-reporting-register-trigger {"aggregatable_trigger_data":[{"key_piece":"0xddfde1745f7b646c","source_keys":["1"]},{"key_piece":"0x328f6f59f2b44a7e","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"debug_key":"6839877693252260365","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"}],"filters":{"2":["1025116166"],"5":["06-25","06-24","06-23"]}} date Tue, 25 Jun 2024 07:56:21 GMT server Golfe2 content-type text/plain cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 25 Jun 2024 07:56:21 GMT server Golfe2 content-type text/html; charset=UTF-8 location https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=206847757.1719302181&dbk=6839877693252260365&dma=1&dma_cps=sypham&en=page_view&gtm=45je46j0v889293908za200&npa=1&tid=G-2H1K10XHV5&dl=https%3A%2F%2Fwww.rewterz.com%3F access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 480 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 245 B	162ms 49ms	Ping text/plain	2a00:1450:400c:c06::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2H1K10XHV5&cid=206847757.1719302181&gtm=45je46j0v889293908za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-2H1K10XHV5&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:21 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.rewterz.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	136ms 66ms	Image image/gif	142.250.185.67 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2H1K10XHV5&cid=206847757.1719302181&gtm=45je46j0v889293908za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1422038779 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.67 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:21 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 151 B	163ms 54ms	XHR text/plain	2a00:1450:400c:c06::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2844962-1&cid=206847757.1719302181&jid=854889841&gjid=183539952&_gid=1269523760.1719302181&npa=1&_u=YEBAAUAAAAAAACAAI~&z=301593172 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Tue, 25 Jun 2024 07:56:21 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.rewterz.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	clarity.js Show response www.clarity.ms/s/0.7.32/	61 KB 26 KB	83ms 82ms	Script application/javascript	2620:1ec:29:1::72 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/s/0.7.32/clarity.js Requested by Host: www.clarity.ms URL: https://www.clarity.ms/tag/m41k4nifgy?ref=wordpress Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::72 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:21 GMT content-encoding br last-modified Fri, 10 May 2024 17:30:20 GMT etag W/"0x8DC7116DE09E645" vary Accept-Encoding x-azure-ref 20240625T075621Z-1586678d48fzrw6g1f167q9wdn00000000g000000000knxc content-type application/javascript;charset=utf-8 access-control-allow-origin * x-ms-request-id b4e52e54-401e-0078-065a-c58d23000000 cache-control public, max-age=86400 x-cache TCP_HIT x-ms-version 2018-03-28 x-fd-int-roxy-purgeid 51562430
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	153ms 65ms	Image image/gif	172.217.18.4 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2844962-1&cid=206847757.1719302181&jid=854889841&npa=1&_u=YEBAAUAAAAAAACAAI~&z=1565328524 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.18.4 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s22-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:21 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	65ms 64ms	Image image/gif	142.250.185.67 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2844962-1&cid=206847757.1719302181&jid=854889841&npa=1&_u=YEBAAUAAAAAAACAAI~&z=1565328524 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.67 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:21 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	204 No Content	collect Show response k.clarity.ms/	0 279 B	505ms 129ms	XHR text/plain	172.175.38.6 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://k.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 172.175.38.6 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.rewterz.com Date Tue, 25 Jun 2024 07:56:22 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
POST H/1.1	204 No Content	collect Show response k.clarity.ms/	0 279 B	674ms 428ms	XHR text/plain	172.175.38.6 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://k.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 172.175.38.6 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.rewterz.com Date Tue, 25 Jun 2024 07:56:22 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
GET H2	200	conversations-embed.js Show response js.usemessages.com/	85 KB 24 KB	400ms 52ms	Script application/javascript	2606:4700::6810:4b8e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:4b8e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 753b5d77684b20581dddd43b3a944bca93a44da9e6dee0c8232ca6ed8a40ead5 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:24 GMT x-amz-version-id yFTRQFC1g6ZpuTIoktepwBCyrzt6F_8h content-encoding gzip x-content-type-options nosniff via 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 146 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.16706/bundles/project.js&cfRay=8993630a9feb65d4-FRA x-cache Hit from cloudfront x-hubspot-correlation-id a5b3a036-02d4-4ba5-a97c-b85cf3bb46b4 cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a5b3a036-02d4-4ba5-a97c-b85cf3bb46b4 last-modified Fri, 21 Jun 2024 14:34:54 UTC server cloudflare etag W/"d5ed42fdc505d7812288ee600abec355" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-2hwf8 cf-ray 8993669bea76996c-FRA x-amz-cf-id kr3nJRcWs5dgGsEOA-7s7SgRZvSkRRRiU3pMMSkwevAnjQ45-6enOQ== x-hs-target-asset conversations-embed/static-1.16706/bundles/project.js
GET H2	200	6553015.js Show response js.hs-analytics.net/analytics/1719302100000/	68 KB 24 KB	399ms 53ms	Script text/javascript	2606:4700::6811:afc9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1719302100000/6553015.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0cd4bbda617e0cfd9794051cef2f48b3e29682e3458445844e9eeca79042b16a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:24 GMT x-amz-version-id null content-encoding gzip cf-cache-status HIT x-amz-request-id 4RDVRVFJ2BRKE86F x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 4393918c-562b-433d-ace2-db82c1dba53f age 2 x-envoy-upstream-service-time 26 x-amz-id-2 1I99wENEc4WJwAOxmDfa/IlsHx45ELtpe1Iy45ZjknZp/KhEbTRKJIqh2PYw0Z21bkQiIOxK9I80yzHxc2jjVH+q0oa8kl8EK5xVAiXJij0= x-evy-trace-listener listener_https x-request-id 4393918c-562b-433d-ace2-db82c1dba53f x-evy-trace-route-configuration listener_https/all last-modified Fri, 21 Jun 2024 21:10:15 GMT server cloudflare etag W/"741c4a7b428b1eb2722a9c46bb3a9afd" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-647fb cache-control max-age=300,public access-control-allow-credentials false cf-ray 8993669bef858fe2-FRA expires Tue, 25 Jun 2024 08:01:22 GMT
GET H2	200	collectedforms.js Show response js.hscollectedforms.net/	69 KB 24 KB	416ms 72ms	Script application/javascript	2606:4700::6810:6cfe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hscollectedforms.net/collectedforms.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip age 333 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=89935e7d3dc29944-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"7d377a186677c174f204d466b8fa5fdb" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset collected-forms-embed-js/static-1.503/bundles/project.js date Tue, 25 Jun 2024 07:56:24 GMT x-amz-version-id WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W x-content-type-options nosniff cf-cache-status HIT via 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront) x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 029ff749-cc1f-4f7e-bfcf-1729d9d18b5b x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 x-evy-trace-route-configuration listener_https/all x-request-id 029ff749-cc1f-4f7e-bfcf-1729d9d18b5b last-modified Wed, 15 May 2024 14:34:44 UTC server cloudflare x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-kt4hg cf-ray 8993669bee059f13-FRA x-amz-cf-id 4nALZsQ-dGqwfwBN9f9l2SEWj4_96BCKwncMrjyauj8QoXVchYRbYA==
GET H2	200	banner.js Show response js.hs-banner.com/v2/6553015/	71 KB 26 KB	397ms 55ms	Script text/javascript	2606:4700:4400::ac40:991b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/6553015/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/6553015.js?integration=WordPress&ver=11.1.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a2df9eb98d154638cc144a4723faa17106133e7a1b3b47f8232580c293af5ed3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:24 GMT x-amz-version-id 2mnTL3jXxQ_H2lGd1GAs6rIe51NPKk2g content-encoding gzip cf-cache-status HIT x-amz-request-id 3HHNM9JFMHCC1A8C x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id e40126d4-3690-4070-b49d-e894b3550ca8 age 8 x-envoy-upstream-service-time 80 x-amz-id-2 NgUTXINQa1EIlbCf/QacSTUz0ZyIpELx3lMzgwOW9SLMleZMb8OgPDl2fLVfjvGFOQIiU/gwgj0= x-evy-trace-listener listener_https x-request-id e40126d4-3690-4070-b49d-e894b3550ca8 x-evy-trace-route-configuration listener_https/all last-modified Mon, 15 Apr 2024 14:48:08 GMT server cloudflare etag W/"ddbeb0d8841c3d36a74c07861eb62a27" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-w85d2 vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 8993669be8092bf6-FRA expires Tue, 25 Jun 2024 08:01:16 GMT
GET H3	200	1 widget.clutch.co/widgets/get/ Frame 498A	0 0	300ms 151ms	Document text/html	104.18.69.32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://widget.clutch.co/widgets/get/1?ref_domain=www.rewterz.com&uid=2328721&rel_nofollow=true&ref_path=/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Requested by Host: widget.clutch.co URL: https://widget.clutch.co/static/js/widget.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.69.32 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Content-Security-Policy font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; Strict-Transport-Security max-age=2592000 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.rewterz.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers age 372 alt-svc h3=":443"; ma=86400 cache-control public, max-age=3600 cf-cache-status HIT cf-ray 8993669bc8bcbf32-WAW content-encoding br content-security-policy font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; content-type text/html; charset=utf-8 date Tue, 25 Jun 2024 07:56:24 GMT expires Tue, 25 Jun 2024 08:56:24 GMT last-modified Tue, 25 Jun 2024 07:37:36 GMT server cloudflare strict-transport-security max-age=2592000 vary Accept-Encoding
GET H/1.1	200 OK	wp-emoji-release.min.js Show response www.rewterz.com/wp-includes/js/	18 KB 5 KB	1288ms 1288ms	Script application/javascript	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.5 Requested by Host: www.rewterz.com URL: https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:25 GMT Content-Encoding gzip Last-Modified Wed, 03 Apr 2024 02:17:47 GMT Server Apache ETag "4926-61527d420e295-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 5062
GET H2	200	HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2 fonts.gstatic.com/s/barlowcondensed/v12/	20 KB 20 KB	58ms 46ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/barlowcondensed/v12/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Barlow%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic%7CBarlow+Condensed%3A1%2C300%2C400%2C400italic%2C500%2C700%2C700italic&display=swap&ver=6.5.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://fonts.googleapis.com/ Origin https://www.rewterz.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 15:11:42 GMT x-content-type-options nosniff age 578682 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20200 x-xss-protection 0 last-modified Tue, 19 Apr 2022 18:28:11 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 18 Jun 2025 15:11:42 GMT
GET H2	200	public Show response api.hubspot.com/livechat-public/v1/message/	3 KB 2 KB	429ms 225ms	XHR application/json	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=6553015&conversations-embed=static-1.16706&mobile=false&messagesUtk=471151fa68e84376a45bdc5ce2c3a9b0&traceId=471151fa68e84376a45bdc5ce2c3a9b0 Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a7264d7f44855b64c5f71a93b0f01bc224dd15f82546cc80c0499bb6544740e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 X-HubSpot-Messages-Uri https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:25 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id a49354a0-c376-4980-ae9b-0110f37911fc x-envoy-upstream-service-time 132 content-length 1337 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a49354a0-c376-4980-ae9b-0110f37911fc server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-jzd76 cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NX2f78PnITu62SYkexaykC2EpksH9%2FBvG9XdEiBkxcs4S1oG45BuJRFa7q6CEbxdlBL2jdjbfMszFUwzQwW%2B3Pa2wR7vLlwuHhy9YAQP9r%2BsetaZIrfCmtYHc9hEzfcH28KGFxq3%2FTR%2FtDMzmw%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 899366a38ee0976a-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET H2	200	json Show response forms.hscollectedforms.net/collected-forms/v1/config/	133 B 453 B	174ms 161ms	XHR application/json	2606:4700::6810:6cfe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=6553015&utk= Requested by Host: js.hscollectedforms.net URL: https://js.hscollectedforms.net/collectedforms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dae324f47a82406107372ddd18ab5538d154bea84c919e9a01f7935c68008bab Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/json, text/plain, */* Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:24 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 6644fd77-4d2d-4c79-b442-6d5dc7381c05 x-envoy-upstream-service-time 2 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 6644fd77-4d2d-4c79-b442-6d5dc7381c05 server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-virtual-host all cache-control max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-5s6qd access-control-max-age 180 x-robots-tag none access-control-allow-headers * cf-ray 8993669da8e09f13-FRA
OPTIONS H2	200	public api.hubspot.com/livechat-public/v1/message/ Frame	0 0	867ms 184ms	Preflight text/plain	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=6553015&conversations-embed=static-1.16706&mobile=false&messagesUtk=471151fa68e84376a45bdc5ce2c3a9b0&traceId=471151fa68e84376a45bdc5ce2c3a9b0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers x-hubspot-messages-uri Access-Control-Request-Method GET Origin https://www.rewterz.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.rewterz.com allow HEAD,GET,OPTIONS cf-cache-status DYNAMIC cf-ray 899366a15ab5976a-FRA content-length 18 content-type text/plain; charset=utf-8 date Tue, 25 Jun 2024 07:56:25 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qfOD1oS9tqEkzADPpy2RWc01GZ0HRYVeo%2BTRb2MqyEnP3U3nIrJg2jUE3Qzf9n%2BZez%2FdTpZObx%2FfYRcTda9uhEuruFfHnCeDbnOosl3lKLPBp4t3rtZMZ93wfJe1%2FUc6%2BSlUFPaHu4iB9paFPA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding x-content-type-options nosniff x-envoy-upstream-service-time 4 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-hbzqf x-evy-trace-virtual-host all x-hubspot-correlation-id 42f42063-acc3-4378-9740-8e9adceaf27d x-request-id 42f42063-acc3-4378-9740-8e9adceaf27d
GET H2	200	471151fa68e84376a45bdc5ce2c3a9b0 app.hubspot.com/conversations-visitor/6553015/threads/utk/ Frame 2128	0 0	503ms 296ms	Document text/html	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/conversations-visitor/6553015/threads/utk/471151fa68e84376a45bdc5ce2c3a9b0?uuid=360e7fecea314ea897da46a3bc3d9bed&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=rewterz.com&inApp53=false&messagesUtk=471151fa68e84376a45bdc5ce2c3a9b0&url=https%3A%2F%2Fwww.rewterz.com%2Fthreat-advisory%2Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false&hideScrollToButton=true Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options no-sniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.rewterz.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-credentials false age 2039 cache-control max-age=600 cache-tag staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod cf-cache-status DYNAMIC cf-ray 899366a70fb518af-FRA content-encoding gzip content-security-policy-report-only script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.19158/html/index.html&cfRay=899366a70fb518af&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F6553015%2Fthreads%2Futk%2F471151fa68e84376a45bdc5ce2c3a9b0%3Fuuid%3D360e7fecea314ea897da46a3bc3d9bed%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Drewterz.com%26inApp53%3Dfalse%26messagesUtk%3D471151fa68e84376a45bdc5ce2c3a9b0%26url%3Dhttps%253A%252F%252Fwww.rewterz.com%252Fthreat-advisory%252Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse%26hideScrollToButton%3Dtrue&referrer=https%3A%2F%2Fwww.rewterz.com%2F&cfenv=prod&pdt=2024-06-25&csp=ro content-type text/html; charset=utf-8 date Tue, 25 Jun 2024 07:56:26 GMT etag W/"fb287ed2f52438a02778401b4d4b3cf2" last-modified Fri, 21 Jun 2024 14:34:54 UTC report-to {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]} reporting-endpoints default="https://send.hsbrowserreports.com/csp/reports?cfRay=899366a70fb518af&resource=conversations-visitor-ui/static-1.19158/html/index.html" server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding via 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront) x-amz-cf-id 3PnbB6axi_OrYcmrUHzPJdIVKm-IZjdnahda-MbpFQljIqaKYuAs4Q== x-amz-cf-pop IAD12-P3 x-amz-replication-status COMPLETED x-amz-server-side-encryption AES256 x-amz-version-id udsYh5XgdwGd9o6YhUcIX41sHGStXR7B x-cache Hit from cloudfront x-content-type-options no-sniff x-envoy-upstream-service-time 6 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-65f7f7c749-zrgzf x-evy-trace-virtual-host all x-hs-cache-status MISS x-hs-target-asset conversations-visitor-ui/static-1.19158/html/index.html x-hs-worker-debug-mode false x-hubspot-correlation-id 632ee3a7-b6c0-4ffa-8ec0-492ef4e42587 x-request-id 632ee3a7-b6c0-4ffa-8ec0-492ef4e42587
POST H/1.1	204 No Content	collect Show response k.clarity.ms/	0 279 B	149ms 143ms	XHR text/plain	172.175.38.6 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://k.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 172.175.38.6 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.rewterz.com Date Tue, 25 Jun 2024 07:56:25 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
GET H2	200	c.gif c.clarity.ms/ Redirect Chain https://c.clarity.ms/c.gif https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F2402582063F4E69AE47077A72CD5079&RedC=c.clarity.ms&MXFR=09E2809E8C7F642D177E9437887F6A03 https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=F2402582063F4E69AE47077A72CD5079&MUID=2190C315809A69022992D7BC81116860	42 B 465 B	268ms 268ms	Image image/gif	20.205.115.81 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=F2402582063F4E69AE47077A72CD5079&MUID=2190C315809A69022992D7BC81116860 Protocol H2 Server 20.205.115.81 Hong Kong, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.rewterz.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers pragma no-cache date Tue, 25 Jun 2024 07:56:29 GMT last-modified Wed, 19 Jun 2024 18:40:23 GMT server Microsoft-IIS/10.0 etag "b7f9ec2478c2da1:0" x-powered-by ASP.NET content-type image/gif p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" cache-control private, no-cache, proxy-revalidate, no-store accept-ranges bytes content-length 42 Redirect headers pragma no-cache date Tue, 25 Jun 2024 07:56:28 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 38850FD55B6E4C78B60D3FDB5148A06D Ref B: FRA31EDGE0608 Ref C: 2024-06-25T07:56:29Z x-powered-by ASP.NET x-cache CONFIG_NOCACHE p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" location https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=F2402582063F4E69AE47077A72CD5079&MUID=2190C315809A69022992D7BC81116860 cache-control private, no-cache, proxy-revalidate, no-store content-length 0
GET H2	200	6553015.js Show response js-na1.hs-scripts.com/	2 KB 714 B	134ms 78ms	Script application/javascript	2606:4700::6810:8bd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-na1.hs-scripts.com/6553015.js Requested by Host: js.hs-analytics.net URL: https://js.hs-analytics.net/analytics/1719302100000/6553015.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 50ed7521c7ecc8f1f7b46f159236f286f62f9ff61542c8009a76dae99f6edbaf Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:28 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT x-hubspot-correlation-id 42fed0bb-4423-4db0-8c5a-dc1040ff22ac x-evy-trace-route-service-name envoyset-translator cf-polished origSize=2007 age 374 x-envoy-upstream-service-time 5 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 42fed0bb-4423-4db0-8c5a-dc1040ff22ac cf-bgj minify last-modified Tue, 25 Jun 2024 07:50:14 GMT server cloudflare access-control-max-age 3600 vary origin, Accept-Encoding content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.rewterz.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-7dd59b876-sqbsr x-evy-trace-virtual-host all access-control-allow-credentials true cf-ray 899366b40fd01e31-FRA
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	352ms 175ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=6553015&ct=blog-post&rcu=https%3A%2F%2Fwww.rewterz.com%2Fthreat-advisory%2Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs&pu=https%3A%2F%2Fwww.rewterz.com%2Fthreat-advisory%2Foyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs&t=Oyster+Backdoor+Distributes+via+Trojanized+Downloads+of+Frequently+Used+Software+%E2%80%93+Active+IOCs+Oyster+Backdoor+Distributes+via+Trojanized+Downloads+of+Frequently+Used+Software+%E2%80%93+Active+IOCs+-+Rewterz&cts=1719302188083&vi=ce20be5a2d40ac37eab4363b5b28c9e3&nc=true&u=107359773.ce20be5a2d40ac37eab4363b5b28c9e3.1719302188067.1719302188067.1719302188067.1&b=107359773.1.1719302188068&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 07:56:28 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 100fa277-0715-4439-8ebd-44fafdb03950 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 12 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 100fa277-0715-4439-8ebd-44fafdb03950 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=39%2BC%2BeKm0a%2Bz0%2B%2F0qNp4ONWDiRPuIIe5XRDLYq6A8a1tBj5ZR5QNWSUI7KMAEbOI7nhxI30p%2BiV27eIo4rGQNX5Mmz29xzy2UrHIIcG%2BWLjUdSmoFfedwkhXZjfvcMkBKVpDGK8NiS3XI9ldte2O"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-2cxth x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 899366b4c8529b94-FRA x-robots-tag none
GET H/1.1	200 OK	favicon.svg www.rewterz.com/wp-content/uploads/2023/03/	570 B 842 B	348ms 347ms	Other image/svg+xml	198.199.112.140 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.rewterz.com/wp-content/uploads/2023/03/favicon.svg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.199.112.140 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS www.rewterz.com Software Apache / Resource Hash 038ea1c1f62bd718e8a997586d861ad8855b848940d3c32e0ed09f66cba9c0fb Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.rewterz.com/threat-advisory/oyster-backdoor-distributes-via-trojanized-downloads-of-frequently-used-software-active-iocs Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 25 Jun 2024 07:56:28 GMT Last-Modified Fri, 10 Mar 2023 23:02:38 GMT Server Apache ETag "23a-5f693c1f642e9" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 570
POST H/1.1	204 No Content	collect Show response k.clarity.ms/	0 279 B	440ms 161ms	XHR text/plain	172.175.38.6 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://k.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 172.175.38.6 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.rewterz.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.rewterz.com Date Tue, 25 Jun 2024 07:56:31 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78