www.riskiq.com Open in urlscan Pro
107.154.114.154  Public Scan

25 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76

• https://s.adroll.com/j/exp/OJCMQP7QIRE2VEJKLPZKG2/index.js HTTP 302
• https://s.adroll.com/j/exp/index.js

Request Chain 77

• https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
• https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
• https://segments.company-target.com/log?vendor=choca&user_id=AAD92E7E9MIAAEGUXwmYvA HTTP 303
• https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAD92E7E9MIAAEGUXwmYvA&verifyHash=584a27a3958618fd86dc55067353a42748534d3f

Request Chain 87

• https://widget.intercom.io/widget/jh6w1mfi HTTP 302
• https://js.intercomcdn.com/shim.latest.js

Request Chain 95

• https://platform.twitter.com/oct.js HTTP 301
• https://static.ads-twitter.com/oct.js

Request Chain 108

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=19503&time=1652187393315&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D19503%26time%3D1652187393315%26url%3Dhttps%253A%252F%252Fwww.riskiq.com%252Fblog%252Fexternal-threat-management%252Ftrickbot-magecart-fake-sites%252F%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=19503&time=1652187393315&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=19503&time=1652187393315&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&liSync=true&e_ipv6=AQKYC_CGXpDIEgAAAYCuCu7JF69t7BiiYwHAyvs6oUwplDNAvsJBiMZL3SrM-qZEAOGRP_TaZFszb_spBbmshAu-Y5oEEA

Request Chain 129

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1000875753/?random=1554077605&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&auid=888387049.1652187393&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=AWF6Yp-pGYGM9fgP4cidmAw&sscte=1&crd=&eitems=ChAI8JrokwYQzbf4neuUlZdUEh0AWL7E3hPWPeS-czNPzqSK3k07DLzbOeuxqzr-Sw HTTP 302
• https://www.google.com/pagead/1p-conversion/1000875753/?random=1554077605&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&auid=888387049.1652187393&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=AWF6Yp-pGYGM9fgP4cidmAw&cid=CAQSKQCNIrLMF4iZD2p1y0rgkhIAX4ViLhPX4x2C0cniKdjKNkEP0Xtor2I8&eitems=ChAI8JrokwYQzbf4neuUlZdUEh0AWL7E3osyr43V3SLq8xmnMOd8jJfe3w3kPioyrQ&random=1063663232&resp=GooglemKTybQhCsO HTTP 302
• https://www.google.de/pagead/1p-conversion/1000875753/?random=1554077605&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&auid=888387049.1652187393&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=AWF6Yp-pGYGM9fgP4cidmAw&cid=CAQSKQCNIrLMF4iZD2p1y0rgkhIAX4ViLhPX4x2C0cniKdjKNkEP0Xtor2I8&eitems=ChAI8JrokwYQzbf4neuUlZdUEh0AWL7E3osyr43V3SLq8xmnMOd8jJfe3w3kPioyrQ&random=1063663232&resp=GooglemKTybQhCsO&ipr=y&prhg=0

142 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/	348 KB 37 KB	36ms 21ms	Document text/html	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash f5000f7b819e65ef36b2a1616eb40ed11673157dfd201c561f131af9fc01d8c1 Security Headers Name Value Content-Security-Policy frame-ancestors community.riskiq.com staging.community.riskiq.com localhost:* upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options ALLOW-FROM https://community.riskiq.com SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control max-age=1800, public, must-revalidate Content-Encoding gzip Content-Length 37058 Content-Security-Policy frame-ancestors community.riskiq.com staging.community.riskiq.com localhost:* upgrade-insecure-requests Content-Type text/html; charset=UTF-8 Date Tue, 10 May 2022 12:56:31 GMT Etag "981025fb" Expires Tue, 10 May 2022 13:26:31 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-CDN Imperva X-Content-Type-Options nosniff X-Frame-Options ALLOW-FROM https://community.riskiq.com SAMEORIGIN X-Iinfo 12-82249447-0 0CNN RT(1652187390986 9) q(0 -1 -1 0) r(0 -1)
GET H/1.1	200 OK	t-will-Were-Pall-toody-Come-you-but-and-you-man- Show response www.riskiq.com/	143 KB 46 KB	36ms 35ms	Script text/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/t-will-Were-Pall-toody-Come-you-but-and-you-man- Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software connector / Resource Hash 54ac0a8a59dba8e0416094a1fbf619f950971ef45c59c22c8e7ea7e7fa34b6a0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT content-encoding gzip server connector Strict-Transport-Security max-age=31536000; includeSubDomains; preload content-type text/javascript access-control-allow-origin * X-Iinfo 12-82249447-82249455 NNNN CT(3 5 0) RT(1652187390986 55) q(0 0 0 -1) r(0 0) U2 cache-control private, max-age=60 server-timing bon, total;dur=8.369276 keep-alive timeout=5 content-length 46857 X-CDN Imperva
GET H/1.1	200 OK	style.min.css www.riskiq.com/wp-includes/css/dist/block-library/	81 KB 12 KB	25ms 12ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:34 GMT X-CDN Imperva Etag W/"62758f06-145a9" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 9-50241563-0 0CNN RT(1652187391046 7) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 11587 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	jquery-ui.css www.riskiq.com/wp-content/plugins/faq-schema-for-pages-and-posts//css/	18 KB 4 KB	32ms 19ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/faq-schema-for-pages-and-posts//css/jquery-ui.css?ver=2.0.0 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 9d8f82c45b478f1a5b6945e093836b3f52dd160470090a30e4baa0173d8cb2b3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:08 GMT X-CDN Imperva Etag W/"62758f28-4995" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 11-88437889-0 0CNN RT(1652187391046 9) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 3588 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	simple-banner.css www.riskiq.com/wp-content/plugins/simple-banner/	397 B 680 B	25ms 11ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/simple-banner/simple-banner.css?ver=2.11.0 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 8fce36318ae0707c20333ed16ffe4897628548dc8d2a3c672b07ccc16f3f310f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:07 GMT X-CDN Imperva Etag W/"62758f27-1e7" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 7-56301829-0 0CNN RT(1652187391047 7) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 249 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	genericons.css www.riskiq.com/wp-content/plugins/megamenu-pro/icons/genericons/genericons/	27 KB 17 KB	27ms 14ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/megamenu-pro/icons/genericons/genericons/genericons.css?ver=2.1.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 98726f9632fa3f6359c2d118f2061241729bcfc9a98563ccb6cf87444d32bd88 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:07 GMT X-CDN Imperva Etag W/"62758f27-6b84" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 2-16379045-0 0CNN RT(1652187391047 8) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 16466 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	font-awesome.min.css www.riskiq.com/wp-content/plugins/megamenu-pro/icons/fontawesome/css/	30 KB 7 KB	32ms 18ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/megamenu-pro/icons/fontawesome/css/font-awesome.min.css?ver=2.1.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:07 GMT X-CDN Imperva Etag W/"62758f27-7918" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 11-88437890-0 0CNN RT(1652187391048 14) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 7102 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	all.min.css www.riskiq.com/wp-content/plugins/megamenu-pro/icons/fontawesome5/css/	54 KB 12 KB	41ms 16ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/megamenu-pro/icons/fontawesome5/css/all.min.css?ver=2.1.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 64f77a13c6e6d3adce340a06f37c55054d9cdd48cb1d9347943749592a2a565e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:08 GMT X-CDN Imperva Etag W/"62758f28-d81d" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 7-56301829-0 0CNN RT(1652187391047 24) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 11690 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	enlighterjs.min.css www.riskiq.com/wp-content/plugins/enlighter/cache/	78 KB 9 KB	43ms 13ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=0A0B0C Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:55 GMT X-CDN Imperva Etag W/"62758f57-13686" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 9-50241563-0 0CNN RT(1652187391046 25) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 9247 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	libraries.css www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/	128 KB 18 KB	74ms 43ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/libraries.css?ver=5.9.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash f8c45ea6d580992fba8c8d5fb1868eb85c124808b16436e01fa4272e56f28db9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-201b4" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 11-88437889-0 0CNN RT(1652187391046 41) q(0 -1 -1 -1) r(1 -1) Cache-Control max-age=1800, public Content-Length 17799 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	use-dis.css www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/	803 KB 80 KB	44ms 11ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 0470756160ed95f849c19f8461cb21475ab100635bb804c72802caba22ee8894 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:06 GMT X-CDN Imperva Etag W/"62758f26-c8a48" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 2-16379045-0 0CNN RT(1652187391047 27) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 81534 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	flickity.css www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/css/	2 KB 1 KB	74ms 42ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/css/flickity.css?ver=1.0.0 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 7942ebec94aaf00f60e57ed024d2a36bd722b2876cba5252b298c5e9c643387a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-9e3" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 11-88437890-0 0CNN RT(1652187391048 40) q(0 -1 -1 -1) r(1 -1) Cache-Control max-age=1800, public Content-Length 614 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	flickity-fade.css www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/css/	161 B 538 B	53ms 12ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/css/flickity-fade.css?ver=1.0.0 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash d999b648f0d4db3e671a1bca716a44322b0f1daa53f89297f7dc7e24b231dc19 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag "62758f24-d3" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 12-82249447-0 0CNN RT(1652187390986 97) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 108 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	animate.min.css www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/dist/css/	70 KB 6 KB	56ms 14ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/dist/css/animate.min.css?ver=1.0.0 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:05 GMT X-CDN Imperva Etag W/"62758f25-11846" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 9-50241563-0 0CNN RT(1652187391046 41) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 5481 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	styles.css www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/dist/css/	37 KB 6 KB	54ms 10ms	Stylesheet text/css	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/dist/css/styles.css?ver=1.6.1 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 9b5cb2b96c39a80a1f6ce316fefb4050636eb0cdde713f27964788064e153c0e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-9371" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type text/css X-Iinfo 7-56301829-0 0CNN RT(1652187391047 41) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 5701 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	jquery.min.js Show response www.riskiq.com/wp-includes/js/jquery/	87 KB 31 KB	61ms 11ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash dac43ee603984a0cc147709cfa5c93cd3d42ea34dd2af211469fabfeacaf230c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:34 GMT X-CDN Imperva Etag W/"62758f06-15db1" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 2-16379045-0 0CNN RT(1652187391047 46) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 30846 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	simple-banner.js Show response www.riskiq.com/wp-content/plugins/simple-banner/	3 KB 2 KB	70ms 17ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/simple-banner/simple-banner.js?ver=2.11.0 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 29176db438f6a979b60970c816b89123a729d512b47abc7bd1c4fadd2341c7ed Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:07 GMT X-CDN Imperva Etag W/"62758f27-136a" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 12-82249447-0 0CNN RT(1652187390986 110) q(0 -1 -1 -1) r(1 -1) Cache-Control max-age=1800, public Content-Length 1109 Expires Tue, 10 May 2022 13:26:31 GMT
GET H2	200	notice Show response consent.trustarc.com/	12 KB 5 KB	64ms 19ms	Script text/javascript	18.64.79.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/notice?domain=riskiq.com&text=true&c=teconsent&gtm=1&pcookie&js=nj&noticeType=bb Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-29.txl50.r.cloudfront.net Software nginx / Resource Hash 9f9e60fdff3323de91c81788a41b68e5113d4acbb49a5526dc4b41685b9419d4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.riskiq.com/ Origin https://www.riskiq.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:50:31 GMT content-encoding gzip x-content-type-options nosniff age 360 x-cache Hit from cloudfront cloudfront-viewer-country DE vary Accept-Encoding content-length 4635 x-xss-protection 1; mode=block access-control-allow-origin * server nginx x-frame-options SAMEORIGIN strict-transport-security max-age=31536000; includeSubDomains content-type text/javascript;charset=UTF-8 via 1.1 64ff1e6af494771d4212cf7d4543447e.cloudfront.net (CloudFront) access-control-expose-headers * cache-control max-age=3600 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id epOqvtaR_hauLb87sm7KHEpADiQpoODe7QIX5eekTvZxHdNuOnICtg== expires Tue, 10 May 2022 13:50:31 GMT
GET H2	200	jed5dps.css use.typekit.net/	44 KB 3 KB	62ms 13ms	Stylesheet text/css	2a02:26f0:f7::5c7b:e024 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/jed5dps.css Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash fec41ca538bca7bbae4deacdbec7805c9bf7e4a49a623cc3cf0c8b9ab457af61 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; content-encoding gzip server nginx date Tue, 10 May 2022 12:56:31 GMT vary Accept-Encoding content-type text/css;charset=utf-8 access-control-allow-origin * cache-control private, max-age=600, stale-while-revalidate=604800 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 3208
GET H/1.1	200 OK	RiskIQ-Logo_MSFTcompany-1.svg www.riskiq.com/wp-content/uploads/2022/01/	29 KB 8 KB	12ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2022/01/RiskIQ-Logo_MSFTcompany-1.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 6833b594d158367f254f7f82c17d126f406c2125e7145155f61f53fe9c10b872 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:38 GMT X-CDN Imperva Etag W/"62758f0a-72e8" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 9-50241563-0 0CNN RT(1652187391046 161) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 7487 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	products-2col-world-protect.jpg www.riskiq.com/wp-content/uploads/2021/04/	98 KB 98 KB	16ms 16ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/04/products-2col-world-protect.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 7aeac0a40cb92ef8664e0f414847f44aafa5cd0167431bc7c5cd22672242db50 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:40 GMT X-CDN Imperva Etag "62758f0c-61bb9" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 12-82249447-0 0CNN RT(1652187390986 228) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 100368 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	5musthaves-asm-chess.jpg www.riskiq.com/wp-content/uploads/2021/07/	25 KB 26 KB	13ms 11ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/07/5musthaves-asm-chess.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 2924233b3f3f6e9ec422f5617f77abfabd07a6c93f7d56d741243136bb549298 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:39 GMT X-CDN Imperva Etag "62758f0b-18dc3" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 9-50241563-0 0CNN RT(1652187391046 174) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 25933 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	iStock-1211443622-2.jpg www.riskiq.com/wp-content/uploads/2020/10/	126 KB 126 KB	11ms 10ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/10/iStock-1211443622-2.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 39c8095da36e6f01389a2034543831fa7261b1ba02c3b8e910a63b34f2c5b815 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:42 GMT X-CDN Imperva Etag "62758f0e-2870e" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 7-56301829-0 0CNN RT(1652187391047 174) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 128886 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	products-2col-risk-monitoring.jpg www.riskiq.com/wp-content/uploads/2021/04/	46 KB 47 KB	12ms 11ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/04/products-2col-risk-monitoring.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 54771b1e75d2517838ec07854090cd4dfef5f3519f57fb96f4fc5a681bcad92a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:40 GMT X-CDN Imperva Etag "62758f0c-4b10c" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 2-16379045-0 0CNN RT(1652187391047 175) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 47343 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	illuminate-ondemand-featured-zoomout.jpg www.riskiq.com/wp-content/uploads/2021/07/	28 KB 28 KB	20ms 10ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/07/illuminate-ondemand-featured-zoomout.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash efabf87174fbd269cf21d88391a01280a69d19ff9c83a040ea25b904c212eb30 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:39 GMT X-CDN Imperva Etag "62758f0b-1d44f" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 12-82249447-0 0CNN RT(1652187390986 271) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 28318 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	Webp.net-resizeimage-33.jpg www.riskiq.com/wp-content/uploads/2021/07/	55 KB 55 KB	13ms 12ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/07/Webp.net-resizeimage-33.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 9655b589c3a27648eff326ccc922d170ebea428ed2c438d33135ddd496406bdc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:40 GMT X-CDN Imperva Etag "62758f0c-63e19" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 7-56301829-0 0CNN RT(1652187391047 228) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 56015 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	istock-1136884511-1.jpg www.riskiq.com/wp-content/uploads/2021/07/	62 KB 62 KB	12ms 11ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/07/istock-1136884511-1.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 938ffe8705ecfe36c52ab7b77eb8d47ecaca67ac5fa60fadb5b56a921568722f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:40 GMT X-CDN Imperva Etag "62758f0c-6cdc4" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 9-50241563-0 0CNN RT(1652187391046 228) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 62986 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	istock-181851608-1.jpg www.riskiq.com/wp-content/uploads/2021/06/	112 KB 113 KB	14ms 13ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/06/istock-181851608-1.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 3fbd636d58008f4910fbf3c0c8ac3f894225a169199933e526eb20dd42dbcd40 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:40 GMT X-CDN Imperva Etag "62758f0c-4591b" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 2-16379045-0 0CNN RT(1652187391047 227) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 115008 Expires Tue, 10 May 2022 13:26:31 GMT
GET H2	200	forms2.min.js Show response safe.riskiq.com/js/forms2/js/	205 KB 68 KB	48ms 28ms	Script application/x-javascript	104.17.74.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe.riskiq.com/js/forms2/js/forms2.min.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 54b1a318711ed45da6f1a787a0b0f601199c8676b7d565a4163674833c64b0a0 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Tue, 03 May 2022 03:46:42 GMT server cloudflare age 3638 etag "2760059-3326e-5de135b5b2c80" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 7092d5de9a9b9948-FRA expires Tue, 10 May 2022 16:56:31 GMT
GET H/1.1	200 OK	facebook.svg www.riskiq.com/wp-content/uploads/2020/04/	430 B 748 B	16ms 14ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/04/facebook.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 8f5d9f82ee57abe38826d9953a15097a70bffae2e923f2a6700bbce654c07fca Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:45 GMT X-CDN Imperva Etag W/"62758f11-1ae" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 11-88437889-0 0CNN RT(1652187391046 231) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 309 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	Path@3x.svg www.riskiq.com/wp-content/uploads/2020/07/	1 KB 1019 B	13ms 12ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/07/Path@3x.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 786bad294c05c6b48b562a979eee701f9d9b7ebb4612a671d7929bcdc8960602 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:43 GMT X-CDN Imperva Etag W/"62758f0f-474" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 12-82249447-0 0CNN RT(1652187390986 288) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 580 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	twitter.svg www.riskiq.com/wp-content/uploads/2020/04/	756 B 913 B	23ms 21ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/04/twitter.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 92e3c8107f88bebf69f07eea3a00276eb08fa0075421a1f35ba51774ecfc8f0c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:46 GMT X-CDN Imperva Etag W/"62758f12-2f4" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 11-88437889-0 0CNN RT(1652187391046 253) q(0 -1 -1 -1) r(1 -1) Cache-Control max-age=1800, public Content-Length 474 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	Path@3x-1.svg www.riskiq.com/wp-content/uploads/2020/07/	2 KB 1 KB	23ms 22ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/07/Path@3x-1.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 441cf4583eb82e38f4470e32298bf0178846c0af18ddc14a23605eb4bb5309e4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:43 GMT X-CDN Imperva Etag W/"62758f0f-77d" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 11-88437890-0 0CNN RT(1652187391048 252) q(0 -1 -1 -1) r(1 -1) Cache-Control max-age=1800, public Content-Length 1010 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	linkedin.svg www.riskiq.com/wp-content/uploads/2020/04/	577 B 800 B	12ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/04/linkedin.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 87b9943fbc943d31b03e75d29a9549e07626f8ab8c85312a5c2a2449003d1298 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:45 GMT X-CDN Imperva Etag W/"62758f11-241" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 7-56301829-0 0CNN RT(1652187391047 243) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 362 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	Shape@3x.svg www.riskiq.com/wp-content/uploads/2020/07/	1 KB 1 KB	11ms 10ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/07/Shape@3x.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 54135136fb51b2f2a5989298184a512dee21e8ae6497394d077f4c533089939c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:43 GMT X-CDN Imperva Etag W/"62758f0f-5dc" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 12-82249447-0 0CNN RT(1652187390986 304) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 654 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	rss.svg www.riskiq.com/wp-content/uploads/2020/04/	454 B 741 B	11ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/04/rss.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 2fc532a225c448fe015bdcb635a986a394b5969ef6dd4bf86b9ebb9256ac9d04 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:45 GMT X-CDN Imperva Etag W/"62758f11-1c6" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 9-50241563-0 0CNN RT(1652187391046 248) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 303 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	Combined-Shape@3x.svg www.riskiq.com/wp-content/uploads/2020/07/	1 KB 1023 B	11ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/07/Combined-Shape@3x.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash d406830131bc54c26fce5bcc759c12a4e2e9a705310b31e12642d1913a0ea178 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:43 GMT X-CDN Imperva Etag W/"62758f0f-4e3" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 2-16379045-0 0CNN RT(1652187391047 248) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 585 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	enlighterjs.min.js Show response www.riskiq.com/wp-content/plugins/enlighter/cache/	57 KB 17 KB	16ms 15ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=0A0B0C Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 4fb1e1ebf592082cd42ae84fb76d16a88c09fef9cf99e8729048d901c7896baa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:55 GMT X-CDN Imperva Etag W/"62758f57-e33f" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 11-88437889-0 0CNN RT(1652187391046 110) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 16804 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	hoverIntent.min.js Show response www.riskiq.com/wp-includes/js/	1 KB 1 KB	11ms 11ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 9caf1590d8b8d5bb0aaedf9fcbcfa4e9561359fdfc479821b5e28ed7786a410d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:34 GMT X-CDN Imperva Etag W/"62758f06-5dc" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 11-88437889-0 0CNN RT(1652187391046 141) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 677 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	maxmegamenu.js Show response www.riskiq.com/wp-content/plugins/megamenu/js/	19 KB 4 KB	12ms 11ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=2.9.6 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash ff3b8ed89f9ddeab9c8197ccd6720bc2650cbeeef03f03a2f7b625fcee788f7a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:08 GMT X-CDN Imperva Etag W/"62758f28-7741" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 11-88437890-0 0CNN RT(1652187391048 140) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 3803 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	public.js Show response www.riskiq.com/wp-content/plugins/megamenu-pro/assets/	14 KB 3 KB	22ms 19ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/plugins/megamenu-pro/assets/public.js?ver=2.1.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 25b532bf013fa151ae895b07ddbcf628813a0aad6129a2a163177024adc16672 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:07 GMT X-CDN Imperva Etag W/"62758f27-587f" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 12-82249447-0 0CNN RT(1652187390986 205) q(0 -1 -1 -1) r(1 -1) Cache-Control max-age=1800, public Content-Length 2947 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	flickity.min.js Show response www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/js/	55 KB 14 KB	16ms 12ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/js/flickity.min.js?ver=5.9.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash f9f055033884449e8ec1acbbfe86dd3ba6e79995ad21a9f39a2414cb6bec9606 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-e0a9" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 2-16379045-0 0CNN RT(1652187391047 145) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 13633 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	flickity-hash.js Show response www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/js/	2 KB 1 KB	15ms 11ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/js/flickity-hash.js?ver=5.9.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash df7a7c6ff02d8ea3474775b60fba06a5f21361eae7cb049e9b0506aae98462cc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-ae1" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 9-50241563-0 0CNN RT(1652187391046 146) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 708 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	flickity-fade.js Show response www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/js/	5 KB 2 KB	15ms 11ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/vendor/js/flickity-fade.js?ver=5.9.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash eb269d5f9c783d3297edf13d1bbe55e73f417788edc9408c923d7b8ea9658d3e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-1a24" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 7-56301829-0 0CNN RT(1652187391047 146) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 1411 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	vendor_header.js Show response www.riskiq.com/wp-content/themes/e25-base-theme/dist/js/	306 KB 92 KB	27ms 25ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/js/vendor_header.js?ver=1 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 26459282abcd150075220a15714839b43e2778fe6fc0474123a86bd5b76eb495 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:05 GMT X-CDN Imperva Etag W/"62758f25-4d0cc" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 11-88437889-0 0CNN RT(1652187391046 163) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 93547 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	vendor_footer.js Show response www.riskiq.com/wp-content/themes/e25-base-theme/dist/js/	934 B 902 B	30ms 29ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/js/vendor_footer.js?ver=1 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash aff9e2dacb88c6691c4afb0d7819866ff8bc7019418d0ee4c9fd06bcf3060940 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-3a6" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 11-88437890-0 0CNN RT(1652187391048 163) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 454 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	bundle.js Show response www.riskiq.com/wp-content/themes/e25-base-theme/dist/js/	192 KB 56 KB	12ms 11ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/js/bundle.js?ver=5.9.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash d868b59dbe8b11adbd0eb2f8a2fe82bdcca454c0dfd7cecb76f3f08fe0ee3093 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:05 GMT X-CDN Imperva Etag W/"62758f25-3075f" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 2-16379045-0 0CNN RT(1652187391047 159) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 57268 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	app.min.js Show response www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/dist/js/	7 KB 3 KB	11ms 10ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/dist/js/app.min.js?ver=5.9.2 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 7848a2f6bf8603c15ff98caa41174d7988e77351b3d3d1411c1e64b2c4c9c952 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-1c89" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type application/javascript X-Iinfo 7-56301829-0 0CNN RT(1652187391047 160) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 2268 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	_Incapsula_Resource Show response www.riskiq.com/	129 KB 18 KB	14ms 13ms	Script application/javascript	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=932179286 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash e2004dd6512421dbdf7c958de7a4287ad9a26eec3747af75b2bf06e90c72818a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Encoding gzip Cache-Control no-cache, no-store X-Robots-Tag noindex Content-Length 18657 Content-Type application/javascript
GET H2	200	p.css p.typekit.net/	5 B 181 B	53ms 13ms	Stylesheet text/css	2a02:26f0:3500:7::17d8:4dc7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=utk4wnx&ht=tk&f=139.140.169.173.174.175.176.25136.25137.143.144.145.146.147.148.149.150.151.152.25138.25139.156.157.161.162.163.164.25140.25141&a=4290061&app=typekit&e=css Requested by Host: www.riskiq.com URL: https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:7::17d8:4dc7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT last-modified Sat, 16 Oct 2021 08:18:43 GMT server nginx etag "616a8ae3-5" content-type text/css access-control-allow-origin * cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes content-length 5
GET H2	200	p.css p.typekit.net/	5 B 181 B	15ms 15ms	Stylesheet text/css	2a02:26f0:3500:7::17d8:4dc7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=jed5dps&ht=tk&f=137.138.139.140.169.170.171.172.173.174.175.176.5474.5475.25136.25137.141.142.143.144.145.146.147.148.149.150.151.152.153.154.25138.25139.155.156.157.158.159.160.161.162.163.164.165.166.167.168.25140.25141.18085.27034.27042.28121.28122.35914.40146.40148.42209.42210.42211.45394.46043.46044&a=99868482&app=typekit&e=css Requested by Host: use.typekit.net URL: https://use.typekit.net/jed5dps.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:7::17d8:4dc7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers accept-language de-DE,de;q=0.9 Referer https://use.typekit.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT last-modified Sat, 16 Oct 2021 08:18:43 GMT server nginx etag "616a8ae3-5" content-type text/css access-control-allow-origin * cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes content-length 5
GET H2	200	gtm.js Show response www.googletagmanager.com/	207 KB 71 KB	52ms 30ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-NF9FQDJ Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 422448af83e89b89203d024a9b400a1b15737d35689fa18e190e97a223060bae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 72648 x-xss-protection 0 last-modified Tue, 10 May 2022 12:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 10 May 2022 12:56:31 GMT
GET H/1.1	200 OK	riskiq-background-4.png www.riskiq.com/wp-content/themes/e25-base-theme/dist/images/	3 KB 3 KB	24ms 11ms	Image image/png	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/images/riskiq-background-4.png Requested by Host: www.riskiq.com URL: https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 410f1fd7bdcb39f573a116a3989f02e07ff5ac1b9b63cc3ee07c2c67b228deda Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag "62758f24-b2b" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/png X-Iinfo 12-82249447-0 0CNN RT(1652187390986 250) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 2859 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	menu-icon-3.svg www.riskiq.com/wp-content/uploads/2020/04/	2 KB 1 KB	31ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/04/menu-icon-3.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 652ec12b16cb8fa22807f6fb38fcb3000a0af4ba277fe009a472706c1174e980 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:45 GMT X-CDN Imperva Etag W/"62758f11-6c9" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 7-56301829-0 0CNN RT(1652187391047 197) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 683 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	icons.svg www.riskiq.com/wp-content/themes/e25-base-theme/dist/images/	8 KB 4 KB	45ms 12ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/images/icons.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 1f5bc770f53681637f31f9e7d32ce719e14630371e061b4845ced9dbba652bcd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-1eae" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 9-50241563-0 0CNN RT(1652187391046 211) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 3307 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	menu-passivetotal-icon.svg www.riskiq.com/wp-content/uploads/2020/07/	1 KB 1 KB	26ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/07/menu-passivetotal-icon.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 4ed8fa7de2a1a7577255681bcc8bc865699260eae6f3d87d83847cf1e486356a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:44 GMT X-CDN Imperva Etag W/"62758f10-4e6" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 9-50241563-0 0CNN RT(1652187391046 193) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 622 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	menu-digitalfootprint-icon.svg www.riskiq.com/wp-content/uploads/2020/07/	1 KB 1 KB	26ms 12ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2020/07/menu-digitalfootprint-icon.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash d8b582df52f60e907f36dca16803fc6203d6e849772cc08af7ffd4482e3e4656 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:44 GMT X-CDN Imperva Etag W/"62758f10-524" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 2-16379045-0 0CNN RT(1652187391047 190) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 711 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	menu-external-threats-icon.svg www.riskiq.com/wp-content/uploads/2021/04/	2 KB 2 KB	25ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/04/menu-external-threats-icon.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 61d651a9a059419fce98f941b478d0397e6c8c928482b8e9b6cc84d5909ea2e3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:40 GMT X-CDN Imperva Etag W/"62758f0c-9c6" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 11-88437889-0 0CNN RT(1652187391046 192) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 1118 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	riskiq-background-3.png www.riskiq.com/wp-content/themes/e25-base-theme/dist/images/	5 KB 6 KB	23ms 14ms	Image image/png	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/images/riskiq-background-3.png Requested by Host: www.riskiq.com URL: https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash bb6ebbab2fa3c98fad2db596f9fc0100d8aa94e0fc803ce716cb28a9823ad58d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag "62758f24-15ac" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/png X-Iinfo 11-88437890-0 0CNN RT(1652187391048 186) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 5548 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	menu-cti-icon.svg www.riskiq.com/wp-content/uploads/2021/12/	2 KB 1 KB	44ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/12/menu-cti-icon.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 69118141cab303dae4a9f376f890ad05709e8d93e96359be46ef458b7560ee66 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:38 GMT X-CDN Imperva Etag W/"62758f0a-7c6" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 2-16379045-0 0CNN RT(1652187391047 210) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 925 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	menu-easm-icon.svg www.riskiq.com/wp-content/uploads/2021/12/	2 KB 2 KB	44ms 12ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/12/menu-easm-icon.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 53e56195b630d68236951858f87af255d70018ca34ac31b465a59a283d647c10 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:39 GMT X-CDN Imperva Etag W/"62758f0b-93e" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 11-88437889-0 0CNN RT(1652187391046 210) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 1123 Expires Tue, 10 May 2022 13:26:31 GMT
GET H2	200	l use.typekit.net/af/efe4a5/00000000000000007735e609/30/	29 KB 29 KB	62ms 13ms	Font application/font-woff2	2a02:26f0:f7::5c7b:e024 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/efe4a5/00000000000000007735e609/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/jed5dps.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash c4d04d2b6a041dde11c80d8332f983a58c1031c663ab4f42230899cb82adf4a7 Request headers Referer https://use.typekit.net/jed5dps.css Origin https://www.riskiq.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT server nginx etag "6aeae62b893768150f3460329dc461358e8ab2f5" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 29820
GET H2	200	l use.typekit.net/af/2555e1/00000000000000007735e603/30/	30 KB 30 KB	64ms 16ms	Font application/font-woff2	2a02:26f0:f7::5c7b:e024 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/2555e1/00000000000000007735e603/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/jed5dps.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash a33128c94dd3c425bc3f4a9ba389a1f3d7a75233e8cb788ea80f8f43a3d68423 Request headers Referer https://use.typekit.net/jed5dps.css Origin https://www.riskiq.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT server nginx etag "09d1a94c81035c62708e0a513ee76d7886d15a25" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 30704
GET H/1.1	200 OK	icons.svg www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/images/	8 KB 4 KB	22ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/images/icons.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/dist/css/styles.css?ver=1.6.1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 1f5bc770f53681637f31f9e7d32ce719e14630371e061b4845ced9dbba652bcd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/wp-content/themes/e25-base-theme/custom-dev/dist/css/styles.css?ver=1.6.1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag W/"62758f24-1eae" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 7-56301829-0 0CNN RT(1652187391047 211) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 3307 Expires Tue, 10 May 2022 13:26:31 GMT
GET H/1.1	200 OK	Webp.net-resizeimage-62.jpg www.riskiq.com/wp-content/uploads/2022/04/	106 KB 106 KB	27ms 16ms	Image image/jpeg	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2022/04/Webp.net-resizeimage-62.jpg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 801e78b6e3cab24e9c80b48dbbeaf0abd45da036d811e3319543d874ade5a6ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:11:39 GMT X-CDN Imperva Etag "62758f0b-929db" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/jpeg X-Iinfo 11-88437890-0 0CNN RT(1652187391048 212) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 108152 Expires Tue, 10 May 2022 13:26:31 GMT
GET H2	200	l use.typekit.net/af/78aca8/00000000000000007735e60d/30/	29 KB 29 KB	47ms 27ms	Font application/font-woff2	2a02:26f0:f7::5c7b:e024 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/78aca8/00000000000000007735e60d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/jed5dps.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash b07871da02311868c31ab6ac5a4e78cc877f118acd854857f6f51519f3ddbbc9 Request headers Referer https://use.typekit.net/jed5dps.css Origin https://www.riskiq.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT server nginx etag "1d1aed9a298449b26ef6d57c78caa88b6b5de306" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 29764
GET H/1.1	200 OK	blog-inner-form-background.png www.riskiq.com/wp-content/themes/e25-base-theme/dist/images/	8 KB 8 KB	12ms 12ms	Image image/png	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/images/blog-inner-form-background.png Requested by Host: www.riskiq.com URL: https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash edb99715f10d2ff77e8ed15263b8774ba23296de7dc2eb0254c40030d59917c4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/wp-content/themes/e25-base-theme/dist/css/use-dis.css?ver=1.5.6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Last-Modified Fri, 06 May 2022 21:12:04 GMT X-CDN Imperva Etag "62758f24-2a9e" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/png X-Iinfo 7-56301829-0 0CNN RT(1652187391047 257) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 8262 Expires Tue, 10 May 2022 13:26:31 GMT
GET H2	200	getForm Show response safe.riskiq.com/index.php/form/	5 KB 2 KB	101ms 101ms	Script application/javascript	104.17.74.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe.riskiq.com/index.php/form/getForm?munchkinId=455-NHF-420&form=1141&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&callback=jQuery112406525272857417277_1652187391875&_=1652187391876 Requested by Host: safe.riskiq.com URL: https://safe.riskiq.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 72fca69ce8f200bf42675eb4f9f4628d609c9582f94cdb1e01d24134b8356c63 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:32 GMT content-encoding gzip server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 cf-ray 7092d5df8c709948-FRA cached true
GET H/1.1	200 OK	menu-icon-3.svg www.riskiq.com/wp-content/uploads/2021/04/	2 KB 1 KB	12ms 11ms	Image image/svg+xml	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/wp-content/uploads/2021/04/menu-icon-3.svg Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash 652ec12b16cb8fa22807f6fb38fcb3000a0af4ba277fe009a472706c1174e980 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:31 GMT Content-Encoding gzip Last-Modified Fri, 06 May 2022 21:11:40 GMT X-CDN Imperva Etag W/"62758f0c-6c9" Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Type image/svg+xml X-Iinfo 12-82249447-0 0CNN RT(1652187390986 335) q(0 -1 -1 -1) r(0 -1) Cache-Control max-age=1800, public Content-Length 683 Expires Tue, 10 May 2022 13:26:31 GMT
GET H2	200	v1.7-458 Show response consent.trustarc.com/asset/notice.js/v/	75 KB 24 KB	22ms 22ms	Script text/javascript	18.64.79.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/asset/notice.js/v/v1.7-458 Requested by Host: consent.trustarc.com URL: https://consent.trustarc.com/notice?domain=riskiq.com&text=true&c=teconsent&gtm=1&pcookie&js=nj&noticeType=bb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-29.txl50.r.cloudfront.net Software nginx / Resource Hash 0e04f8170ba222625c05aef2e88adfae07ace87e4cf95c4370d0cbcab8046baf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.riskiq.com/ Origin https://www.riskiq.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:23 GMT content-encoding gzip vary Accept-Encoding age 9 x-cache Hit from cloudfront pragma public access-control-allow-origin * last-modified Wed, 27 Apr 2022 01:43:38 GMT server nginx strict-transport-security max-age=31536000; includeSubDomains content-type text/javascript via 1.1 64ff1e6af494771d4212cf7d4543447e.cloudfront.net (CloudFront) access-control-expose-headers * cache-control max-age=2592000 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id aP5eyJXlOZlW4nDkSBxN8xZz-MUdgyQGTJEykXNL8nMFWCHWcr2w5w== expires Thu, 09 Jun 2022 12:56:23 GMT
GET H2	200	log consent.trustarc.com/	43 B 439 B	94ms 57ms	Image image/gif	18.64.79.29 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://consent.trustarc.com/log?domain=riskiq.com&country=de&state=&behavior=implied&c=ede9 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-29.txl50.r.cloudfront.net Software nginx / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 12:56:32 GMT via 1.1 2acbf2019107010c0ddc17d27100210c.cloudfront.net (CloudFront) server nginx x-amz-cf-pop TXL50-P2 vary Origin x-cache Miss from cloudfront content-type image/gif cache-control private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 strict-transport-security max-age=31536000; includeSubDomains content-length 43 x-amz-cf-id _5JbimQC0u56h7DU79bNuRTd6SGqK-rV6i7A6DgylWNYS3XBcsvKTg== expires Mon, 26 Jul 1997 05:00:00 GMT
GET H/1.1	200 OK	_Incapsula_Resource www.riskiq.com/	1 B 278 B	7ms 7ms	Image text/plain	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.riskiq.com/_Incapsula_Resource?SWKMTFSR=1&e=0.33775951904170287 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains; preload Cache-Control no-cache, no-store X-Robots-Tag noindex Content-Length 1 Content-Type text/plain
GET H2	200	dd29fca14b220381.min.js Show response tag.demandbase.com/	66 KB 18 KB	47ms 7ms	Script application/javascript	108.138.17.47 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.demandbase.com/dd29fca14b220381.min.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.17.47 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-17-47.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 425cdbc9f4d9584a16b4dfd485c08ae32f947d280e8e73e28e6c8f097d350bab Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-amz-version-id OMHcQLudlG_tyGtIkkDVL7KM1rTvmIW7 content-encoding gzip etag W/"84dcb9eca346312619bf362165bbf31b" age 3180 x-cache Hit from cloudfront vary Accept-Encoding last-modified Thu, 03 Mar 2022 17:32:33 GMT server AmazonS3 date Tue, 10 May 2022 12:03:32 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-type application/javascript; charset=utf-8 via 1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront) cache-control public, max-age=3600 permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-pop FRA56-P7 x-amz-cf-id pM4XclR-8GWgfpmJznG3_DiApjhITc3KPFjJe7vW47VFqiDRF5nEeg==
GET H/1.1	200 OK	roundtrip.js Show response s.adroll.com/j/OJCMQP7QIRE2VEJKLPZKG2/	58 KB 18 KB	25ms 8ms	Script text/javascript	2600:9000:225e:9800:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/OJCMQP7QIRE2VEJKLPZKG2/roundtrip.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:9800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ef17fea15b234f32b9975e29a8af4ec1681efe8b12723370907008abffadf254 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers X-Amz-Version-Id 3SiaEGZLjxsOrX8nWbGOjoNe27U13X1S Content-Encoding gzip Etag W/"2b3e5a662f3b7b077c0bdf9f170c5f8f" Age 3174 X-Amz-Server-Side-Encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Vary Accept-Encoding Via 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront) Last-Modified Mon, 25 Apr 2022 12:15:07 GMT Server AmazonS3 Date Tue, 10 May 2022 12:03:39 GMT Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=3600, must-revalidate Access-Control-Allow-Credentials false X-Amz-Cf-Pop FRA60-P4 Access-Control-Allow-Headers * X-Amz-Cf-Id wDZPF_nnZSQ1kyLvj3PjmwzabQ0CqCvcnLoUc5CDus_VgOiohZWaMw==
GET H2	200	forms2.css safe.riskiq.com/js/forms2/css/	13 KB 3 KB	17ms 17ms	Stylesheet text/css	104.17.74.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe.riskiq.com/js/forms2/css/forms2.css Requested by Host: safe.riskiq.com URL: https://safe.riskiq.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:32 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT age 3637 vary Accept-Encoding content-length 2623 last-modified Tue, 03 May 2022 03:46:42 GMT server cloudflare etag "276001a-3437-5de135b5b2c80" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=63113904 content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 7092d5e15fe89948-FRA expires Tue, 10 May 2022 16:56:32 GMT
GET H2	200	forms2-theme-simple.css safe.riskiq.com/js/forms2/css/	826 B 331 B	25ms 25ms	Stylesheet text/css	104.17.74.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe.riskiq.com/js/forms2/css/forms2-theme-simple.css Requested by Host: safe.riskiq.com URL: https://safe.riskiq.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:32 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT age 687 content-length 242 last-modified Tue, 03 May 2022 03:46:42 GMT server cloudflare etag "2760015-33a-5de135b5b2c80" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 7092d5e15fe99948-FRA expires Tue, 10 May 2022 16:56:32 GMT
GET H2	200	notice Show response consent.trustarc.com/	15 KB 5 KB	19ms 18ms	Script text/javascript	18.64.79.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/notice?domain=riskiq.com&country=de&js=nj2&text=true&c=teconsent&gtm=1&pcookie&noticeType=bb Requested by Host: consent.trustarc.com URL: https://consent.trustarc.com/notice?domain=riskiq.com&text=true&c=teconsent&gtm=1&pcookie&js=nj&noticeType=bb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-29.txl50.r.cloudfront.net Software nginx / Resource Hash 79f61eead422d3cfa4a1e3b04091ce4a99ad1b77911a2ddd8ba58b454286c282 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.riskiq.com/ Origin https://www.riskiq.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:50:31 GMT content-encoding gzip x-content-type-options nosniff age 361 x-cache Hit from cloudfront cloudfront-viewer-country DE vary Accept-Encoding content-length 4569 x-xss-protection 1; mode=block access-control-allow-origin * server nginx x-frame-options SAMEORIGIN strict-transport-security max-age=31536000; includeSubDomains content-type text/javascript;charset=UTF-8 via 1.1 64ff1e6af494771d4212cf7d4543447e.cloudfront.net (CloudFront) access-control-expose-headers * cache-control max-age=3600 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id OMrOkrC1ATbJaNJ3mv4U31x7pTWulOsWZlxGkM5caDMCienIFC0_GQ== expires Tue, 10 May 2022 13:50:31 GMT
GET H/1.1	200 OK	index.js Show response s.adroll.com/j/exp/ Redirect Chain https://s.adroll.com/j/exp/OJCMQP7QIRE2VEJKLPZKG2/index.js https://s.adroll.com/j/exp/index.js	28 B 762 B	7ms 7ms	Script application/javascript	2600:9000:225e:9800:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/exp/index.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Server 2600:9000:225e:9800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers X-Amz-Version-Id Yo1foR6FJ6WFFBWqTYM2cazsDqVdFv1D Via 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront) Etag "5816cced8568d223aa09d889f300692b" Age 62685 X-Amz-Server-Side-Encryption AES256 X-Cache Hit from cloudfront Connection keep-alive Content-Length 28 Last-Modified Thu, 03 Mar 2022 22:40:46 GMT Server AmazonS3 Date Mon, 09 May 2022 20:22:38 GMT Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Allow-Credentials false X-Amz-Cf-Pop FRA60-P4 Accept-Ranges bytes Access-Control-Allow-Headers * X-Amz-Cf-Id gDsAXrzFGAbig1qTa-3-UUjBuBq2oYppF1JoK9kUL6E07NZ-wBvssQ== Redirect headers Date Mon, 09 May 2022 20:21:56 GMT Via 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront) Age 59675 X-Cache Hit from cloudfront Connection keep-alive Content-Length 0 Server AmazonS3 Location https://s.adroll.com/j/exp/index.js Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type application/xml Access-Control-Allow-Origin * Access-Control-Allow-Credentials false X-Amz-Cf-Pop FRA60-P4 Access-Control-Allow-Headers * X-Amz-Cf-Id Q7BR9EsmUSfStKNJ2FCrxLvdIrlc8Lk5STSfDznEhE2Dq1ZQqoJ5IQ==
GET H/1.1	200 OK	validateCookie segments.company-target.com/ Redirect Chain https://match.prod.bidr.io/cookie-sync/demandbase https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 https://segments.company-target.com/log?vendor=choca&user_id=AAD92E7E9MIAAEGUXwmYvA https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAD92E7E9MIAAEGUXwmYvA&verifyHash=584a27a3958618fd86dc55067353a42748534d3f	26 B 409 B	99ms 98ms	Image image/gif	143.204.215.101 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAD92E7E9MIAAEGUXwmYvA&verifyHash=584a27a3958618fd86dc55067353a42748534d3f Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Server 143.204.215.101 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-215-101.fra53.r.cloudfront.net Software / Resource Hash 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:32 GMT Via 1.1 8d31bbd9d6638cdacab37047b8045da4.cloudfront.net (CloudFront) X-Amz-Cf-Pop FRA53-C1 Vary Origin X-Cache Miss from cloudfront Content-Type image/gif Transfer-Encoding chunked Connection keep-alive trace-id cdf37fce84ef2545 X-Amz-Cf-Id 68dkkeKaI-pEby8esXjeniEwjSW9Fdcda4SBnqxWS-HvqT7dxmwtjQ== Redirect headers Date Tue, 10 May 2022 12:56:32 GMT Via 1.1 8d31bbd9d6638cdacab37047b8045da4.cloudfront.net (CloudFront) X-Amz-Cf-Pop FRA53-C1 Vary Origin X-Cache Miss from cloudfront Location /validateCookie?vendor=choca&user_id=AAD92E7E9MIAAEGUXwmYvA&verifyHash=584a27a3958618fd86dc55067353a42748534d3f Connection keep-alive trace-id 5071ab80e204736f Content-Length 0 X-Amz-Cf-Id p0lkQ7QYZp_5rsCaP0pf3r7lB2600VowgKvqLeI3Sj48bp3d0DoLFg==
GET H2	451	464526.gif id.rlcdn.com/	0 98 B	30ms 15ms	Image text/plain	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/464526.gif Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:32 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
GET H2	401	ip.json Show response api.company-target.com/api/v2/	12 B 510 B	59ms 36ms	XHR text/plain	108.157.4.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&page_title=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&src=tag&auth=usr5gHfun2VRKlNsTRePqe13nLYcs05kiHk3afIe Requested by Host: tag.demandbase.com URL: https://tag.demandbase.com/dd29fca14b220381.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.157.4.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-157-4-82.dus51.r.cloudfront.net Software nginx / Resource Hash d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:32 GMT via 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront) www-authenticate DemandBase API v2 x-amz-cf-pop DUS51-P2 x-cache Error from cloudfront access-control-max-age 7200 request-id a89db2ae-7cc0-403b-8289-7417ceafc7d7 content-length 12 server nginx vary Origin access-control-allow-methods GET, POST, OPTIONS content-type text/plain;charset=utf-8 access-control-allow-origin https://www.riskiq.com access-control-expose-headers access-control-allow-credentials true x-amz-cf-id MYGY5TcTJTNcbCzWmvxWYR_Csu-zE2hHV_liOnNwM9t66xtxybBfog== x-content-type-options nosniff
GET H2	200	XDFrame Show response safe.riskiq.com/index.php/form/ Frame 1CF7	2 KB 861 B	606ms 606ms	Document text/html	104.17.74.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe.riskiq.com/index.php/form/XDFrame Requested by Host: safe.riskiq.com URL: https://safe.riskiq.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dac0957d25d6a0ca3adeea8291ed849ba2f2d128a319bbaaf65f5c1afe43a694 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.riskiq.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=3600 cf-cache-status DYNAMIC cf-ray 7092d5e249a69948-FRA content-encoding gzip content-type text/html; charset=utf-8 date Tue, 10 May 2022 12:56:32 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare vary Accept-Encoding x-content-type-options nosniff
GET H2	200	bannermsg consent.trustarc.com/	43 B 468 B	96ms 96ms	Image image/gif	18.64.79.29 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://consent.trustarc.com/bannermsg?action=views&domain=riskiq.com&behavior=implied&country=de&language=en&rand=0.23228301131820395 Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-29.txl50.r.cloudfront.net Software nginx / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:32 GMT via 1.1 2acbf2019107010c0ddc17d27100210c.cloudfront.net (CloudFront) x-content-type-options nosniff x-amz-cf-pop TXL50-P2 x-cache Miss from cloudfront vary Origin content-length 43 x-xss-protection 1; mode=block pragma no-cache server nginx x-frame-options SAMEORIGIN strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache x-amz-cf-id SwDARN9TT4U3RbZfqGJIqckkVNcSvXt4h9xWYaMZkf9_ECwBEDxR4g== expires Tue, 10 May 2022 12:56:31 GMT
GET H2	200	OJCMQP7QIRE2VEJKLPZKG2 Show response d.adroll.com/consent/check/	439 B 532 B	88ms 29ms	Script application/javascript	54.220.64.232 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d.adroll.com/consent/check/OJCMQP7QIRE2VEJKLPZKG2?arrfrr=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&_s=7540fd21b44701cae93eb88411132d11&_b=2 Requested by Host: s.adroll.com URL: https://s.adroll.com/j/OJCMQP7QIRE2VEJKLPZKG2/roundtrip.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.220.64.232 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-220-64-232.eu-west-1.compute.amazonaws.com Software nginx/1.20.0 / Resource Hash 2e362e47b08d6ae8a1e446103276757cd5dbc00b54a411cb967df5e3af2a507e Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:32 GMT server nginx/1.20.0 content-length 439 content-type application/javascript
POST H/1.1	200 OK	t-will-Were-Pall-toody-Come-you-but-and-you-man- Show response www.riskiq.com/	606 B 989 B	30ms 29ms	Fetch application/json	107.154.114.154 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.riskiq.com/t-will-Were-Pall-toody-Come-you-but-and-you-man-?d=www.riskiq.com Requested by Host: www.riskiq.com URL: https://www.riskiq.com/t-will-Were-Pall-toody-Come-you-but-and-you-man- Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 107.154.114.154 , United States, ASN19551 (INCAPSULA, US), Reverse DNS 107.154.114.154.ip.incapdns.net Software connector / Resource Hash 5f9881678594e9d12dbb75b5d412136ac8fcb68536e4d40d57f3916e93988242 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json; charset=utf-8 Referer https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Content-Type text/plain; charset=utf-8 Response headers date Tue, 10 May 2022 12:56:32 GMT Content-Encoding gzip server connector Strict-Transport-Security max-age=31536000; includeSubDomains; preload content-type application/json access-control-allow-origin * X-Iinfo 12-82249447-82249455 SNYN RT(1652187390986 906) q(0 0 0 -1) r(1 1) U6 cache-control no-cache, no-store Transfer-Encoding chunked server-timing bon, total;dur=18.874174 keep-alive timeout=5 X-CDN Imperva
GET H/1.1	200 OK	consent_tcfv2.js Show response s.adroll.com/j/	410 KB 55 KB	8ms 7ms	Script application/javascript	2600:9000:225e:9800:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/consent_tcfv2.js Requested by Host: s.adroll.com URL: https://s.adroll.com/j/OJCMQP7QIRE2VEJKLPZKG2/roundtrip.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:9800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 91144fbcc0e3f609b021e362ec29d2a9b58f15e840f229eb99ea2c04d927882b Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers X-Amz-Version-Id 44sIT20LqRj70wQHqyIoOw7etYYdjkbK Content-Encoding gzip Etag W/"0a7d0ea8d7d31b07e925fe340acf431b" Age 287 X-Amz-Server-Side-Encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Vary Accept-Encoding Via 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront) Last-Modified Wed, 04 May 2022 19:41:48 GMT Server AmazonS3 Date Tue, 10 May 2022 12:51:51 GMT Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control max-age=300, must-revalidate Access-Control-Allow-Credentials false X-Amz-Cf-Pop FRA60-P4 Access-Control-Allow-Headers * X-Amz-Cf-Id sR8nG-HcHBgy7Rn_a18qFhgUnb0H5LSI4FNBf3xJjQmx1bQZiW19eA==
GET H/1.1	200 OK	nextroll-32x32.png s.adroll.com/i/favicon/	2 KB 2 KB	8ms 8ms	Image image/png	2600:9000:225e:9800:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.adroll.com/i/favicon/nextroll-32x32.png Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:9800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers X-Amz-Version-Id eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0 Via 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront) Etag "403a0a7dcf2d617e7ea852bfb9d11945" Age 31728 X-Amz-Server-Side-Encryption AES256 X-Cache Hit from cloudfront Connection keep-alive Content-Length 1615 Last-Modified Mon, 28 Jun 2021 18:19:21 GMT Server AmazonS3 Date Tue, 10 May 2022 04:11:56 GMT Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type image/png Access-Control-Allow-Origin * Access-Control-Allow-Credentials false X-Amz-Cf-Pop FRA60-P4 Accept-Ranges bytes Access-Control-Allow-Headers * X-Amz-Cf-Id jw55DsiQ4Sg8elKURmVJUrkuUiu19ce7bncgGUtF4YhCsp0IuitTfQ==
GET H2	200	forms2.min.js Show response safe.riskiq.com/js/forms2/js/ Frame 1CF7	205 KB 68 KB	27ms 26ms	Script application/x-javascript	104.17.74.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe.riskiq.com/js/forms2/js/forms2.min.js Requested by Host: safe.riskiq.com URL: https://safe.riskiq.com/index.php/form/XDFrame Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 54b1a318711ed45da6f1a787a0b0f601199c8676b7d565a4163674833c64b0a0 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://safe.riskiq.com/index.php/form/XDFrame User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Tue, 03 May 2022 03:46:42 GMT server cloudflare age 3639 etag "2760059-3326e-5de135b5b2c80" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 7092d5e629839948-FRA expires Tue, 10 May 2022 16:56:32 GMT
GET H2	200	shim.latest.js Show response js.intercomcdn.com/ Redirect Chain https://widget.intercom.io/widget/jh6w1mfi https://js.intercomcdn.com/shim.latest.js	18 KB 6 KB	23ms 7ms	Script application/javascript	99.86.7.14 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.intercomcdn.com/shim.latest.js Protocol H2 Server 99.86.7.14 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-7-14.fra6.r.cloudfront.net Software AmazonS3 / Resource Hash 0466ec9c7cd2c2fd1b509d54fa2d1fce15d3a77d317e80de3eeb2989383dd18c Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Tue, 10 May 2022 12:52:32 GMT content-encoding gzip last-modified Tue, 10 May 2022 12:42:25 GMT server AmazonS3 age 242 etag "799034cc9c5bab1d5c64692aef8ccc1c" x-cache Hit from cloudfront content-type application/javascript; charset=UTF-8 via 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront) cache-control max-age=300, s-maxage=300, public x-amz-cf-pop FRA6-C1 accept-ranges bytes content-length 6092 x-amz-cf-id U64PpFFxV0WubZp7K3bgycqykaEaq-Wd8JZ-Y3Oy2ls6v6jDcIQHBA== Redirect headers date Fri, 29 Apr 2022 20:38:14 GMT via 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront) server AmazonS3 age 922699 x-cache Hit from cloudfront location https://js.intercomcdn.com/shim.latest.js x-amz-cf-pop FRA6-C1 content-length 0 x-amz-cf-id -LSrCNygW1KlBOiq3isG_qObf5qOVZ5cGSmJfTINnRi-u6miBOX1Lw==
GET H/1.1	200 OK	6si.min.js Show response j.6sc.co/	27 KB 9 KB	136ms 17ms	Script application/javascript	96.16.137.162 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a96-16-137-162.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:33 GMT Content-Encoding gzip X-Content-Type-Options nosniff Connection keep-alive Vary Accept-Encoding Content-Length 8575 Pragma no-cache Last-Modified Thu, 07 Oct 2021 17:17:43 GMT Server nginx/1.14.0 (Ubuntu) ETag "615f2bb7-6a5f" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type application/javascript Access-Control-Allow-Origin Cache-Control private, no-cache, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Tue, 10 May 2022 12:56:33 GMT
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	8 KB 3 KB	131ms 16ms	Script application/x-javascript	2a02:26f0:3500:7::17d8:4dcc AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF9FQDJ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:7::17d8:4dcc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:33 GMT Content-Encoding gzip Last-Modified Wed, 13 Apr 2022 23:25:22 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=36741 Connection keep-alive Accept-Ranges bytes Content-Length 3085
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	39 KB 15 KB	138ms 24ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF9FQDJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash 89ba0d4f6cf9500041778760fea24e37c6de04955c6a62b5435c64b600423749 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14865 x-xss-protection 0 server cafe etag 2710672821686371805 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Tue, 10 May 2022 12:56:33 GMT
GET H2	200	hotjar-573151.js Show response static.hotjar.com/c/	4 KB 2 KB	121ms 10ms	Script application/javascript	65.9.63.46 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-573151.js?sv=7 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF9FQDJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.63.46 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-63-46.fra56.r.cloudfront.net Software / Resource Hash c982a620fbc44c518949f84c4cadaa05804fc07c1c1302b5c8962a96b4370bd6 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:31 GMT content-encoding br x-content-type-options nosniff cache-control max-age=60 age 2 etag W/382bd46d9363d4626d42d924c1711a4a vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache-hit 1 cross-origin-resource-policy cross-origin x-amz-cf-pop FRA56-C1 x-amz-cf-id 3oqSSA9K49SYhQW-0ljpbakq688fjQWINUFurZivNNTjlJVTX5u1VA== via 1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	99 KB 27 KB	116ms 6ms	Script application/x-javascript	2a03:2880:f02d:100:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b819b3ac2fe5857b7026a609f9115f0d50a7d6e8085ba5987d70ed6baaa41f4e Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 26311 x-xss-protection 0 pragma public x-fb-debug Gc1SDDgxqk9Ay0Jnozizj2foqn6PzFlDcG2jSe5PddiLGQYobxVYKHkf4ZeMf0ZepT5d8WLiDh71i1K2lLKkvg== x-fb-trip-id 917726464 x-frame-options DENY date Tue, 10 May 2022 12:56:33 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	28 KB 10 KB	118ms 12ms	Script application/javascript	199.232.188.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 93cc545f534a75a876beccc35125e563e20bb9857714482547fc151f07d57595 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT content-encoding gzip last-modified Tue, 03 May 2022 16:26:14 GMT etag "1ce6e12fa6e9b18909e94a06df1ef9cb+gzip+gzip" vary Accept-Encoding,Host x-tw-cdn FT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache x-cache HIT, HIT accept-ranges bytes content-type application/javascript; charset=utf-8 content-length 9561 x-served-by cache-iad-kiad7000038-IAD, cache-muc13962-MUC
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	117ms 9ms	Script application/x-javascript	104.89.28.179 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.28.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-28-179.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:33 GMT Content-Encoding gzip Last-Modified Fri, 29 Oct 2021 01:24:07 GMT Server AkamaiNetStorage ETag "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 753
GET H2	200	oct.js Show response static.ads-twitter.com/ Redirect Chain https://platform.twitter.com/oct.js https://static.ads-twitter.com/oct.js	28 KB 9 KB	12ms 11ms	Script application/javascript	199.232.188.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/oct.js Protocol H2 Server 199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 93cc545f534a75a876beccc35125e563e20bb9857714482547fc151f07d57595 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT content-encoding gzip last-modified Tue, 03 May 2022 16:26:14 GMT etag "1ce6e12fa6e9b18909e94a06df1ef9cb+gzip+gzip" vary Accept-Encoding,Host x-tw-cdn FT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache x-cache HIT, HIT accept-ranges bytes content-type application/javascript; charset=utf-8 content-length 9561 x-served-by cache-iad-kjyo7100070-IAD, cache-muc13962-MUC Redirect headers x-tw-cdn VZ Date Tue, 10 May 2022 12:56:33 GMT Server ECS (mil/6CF6) Access-Control-Allow-Origin * Access-Control-Allow-Methods GET P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Location https://static.ads-twitter.com/oct.js Server-Timing "x-cache;desc= ,x-tw-cdn;desc=",edge;dur=1 Content-Length 0
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	115ms 8ms	Script text/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 13 Apr 2022 21:02:38 GMT server Golfe2 age 4903 date Tue, 10 May 2022 11:34:50 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Tue, 10 May 2022 13:34:50 GMT
GET H2	200	sl.js Show response scout-cdn.salesloft.com/	6 KB 3 KB	21ms 6ms	Script application/javascript	23.111.9.64 STACKPATH
General Check archive.org Show headers Download Go to Full URL https://scout-cdn.salesloft.com/sl.js Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.111.9.64 , United States, ASN33438 (STACKPATH, US), Reverse DNS Software NetDNA-cache/2.2 / Resource Hash 4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT content-encoding gzip last-modified Mon, 13 Dec 2021 16:28:37 GMT server NetDNA-cache/2.2 x-amz-request-id 14PHNVH1QB9N4WXC etag W/"d74cc4825c8e333b2116da3fcc649db1" x-cache HIT x-amz-version-id 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc content-type application/javascript x-amz-id-2 Msc+TXiavCSx/Ko8S9WM0HZJYqtRUUa2aBWq2tk49t7qb8iJ0x5ulbRWCjz/OUf0qadbnL3WmvQ=
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/161/	11 KB 5 KB	8ms 8ms	Script application/x-javascript	104.89.28.179 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/161/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.28.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-28-179.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:33 GMT Content-Encoding gzip Last-Modified Wed, 08 Sep 2021 00:38:21 GMT Server AkamaiNetStorage ETag "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 4681 Expires Thu, 18 Aug 2022 12:56:33 GMT
GET H2	200	1558019831190971 Show response connect.facebook.net/signals/config/	305 KB 87 KB	8ms 8ms	Script application/x-javascript	2a03:2880:f02d:100:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1558019831190971?v=2.9.58&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 66e002054c66a957c0b9a7e1457b4b9dd356c2664f72c6687f57d71598050631 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 88836 x-xss-protection 0 pragma public x-fb-debug sW/vq/Xx+T6llbZjGs907mTpCL7OLQkCDuXIrizuWi6AbNY8083/5f7zRIqfBIRNZ+rUa37yMPrcxw1vFZh/4w== x-fb-trip-id 917726464 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Tue, 10 May 2022 12:56:33 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	modules.5923ebad1321802c309c.js Show response script.hotjar.com/	238 KB 62 KB	22ms 7ms	Script application/javascript	108.138.7.79 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.5923ebad1321802c309c.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-573151.js?sv=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.7.79 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-79.fra56.r.cloudfront.net Software / Resource Hash c8879ebe06df99c311b603336d0ac2afe1e514a28d1b8c09a5392772f9f84397 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 10:15:06 GMT content-encoding br x-content-type-options nosniff age 9687 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 63345 access-control-allow-origin * last-modified Tue, 10 May 2022 10:14:32 GMT etag "07ad0edec7a15002100be879d47ddd1b" vary Accept-Encoding content-type application/javascript via 1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront) cache-control max-age=31536000 x-amz-cf-pop FRA56-P6 accept-ranges bytes x-robots-tag none x-amz-cf-id 8R3NOjcgp_5MZ9AFmsClmlG6s1EcPsdq9cmkpRP8acRK0Atvkxkk2w==
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 442 B	61ms 21ms	XHR text/plain	2a00:1450:400c:c0c::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-42056430-1&cid=884729399.1652187393&jid=1088836042&gjid=252395687&_gid=924340342.1652187393&_u=aHDAgEABAAAAAE~&z=660660945 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.riskiq.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Tue, 10 May 2022 12:56:33 GMT content-type text/plain access-control-allow-origin https://www.riskiq.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	26ms 7ms	Script text/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF9FQDJ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 13 Apr 2022 21:02:38 GMT server Golfe2 age 4903 date Tue, 10 May 2022 11:34:50 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Tue, 10 May 2022 13:34:50 GMT
GET H/1.1	200 OK	/ Show response api.ipify.org/	30 B 214 B	289ms 97ms	Script application/javascript	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=jsonp&callback=getIP Requested by Host: www.riskiq.com URL: https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash bbae592056c567484e6aced4fb42b8f3d4d06703b7ee871822be35f2eb033306 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:33 GMT Via 1.1 vegur Server Cowboy Connection keep-alive Content-Length 30 Vary Origin Content-Type application/javascript
GET H3	200	collect www.google-analytics.com/	35 B 55 B	32ms 15ms	Image image/gif	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=477867327&t=pageview&_s=1&dl=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&ul=en-us&de=UTF-8&dt=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDAgEAB~&jid=1088836042&gjid=252395687&cid=884729399.1652187393&tid=UA-42056430-1&_gid=924340342.1652187393&gtm=2wg590NF9FQDJ&cd2=12&cd3=20220510125633&cd4=884729399.1652187393&cd8=(not%20set)&cd9=1&cd10=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F101.0.4951.41%20Safari%2F537.36&z=37945987 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 00:18:44 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 45469 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	adsct analytics.twitter.com/i/	43 B 355 B	135ms 117ms	Image image/gif	104.244.42.67 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=nx4wb&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=13581cb5-297d-4a7d-aaab-9fdcfb240b89&tw_document_href=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.67 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-response-time 110 date Tue, 10 May 2022 12:56:32 GMT server tsa_o strict-transport-security max-age=631138519 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash fc19c489fd40182b89d77a36bc332e3b1f20d179c2a75ef8a08d5f9be514a24f content-length 43
GET H2	200	adsct t.co/i/	43 B 337 B	125ms 110ms	Image image/gif	104.244.42.133 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=nx4wb&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=13581cb5-297d-4a7d-aaab-9fdcfb240b89&tw_document_href=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.133 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-response-time 103 date Tue, 10 May 2022 12:56:32 GMT server tsa_o strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash f8eb8efa2a26b8e9dbe1b3d212c1c86f01c6536a35249f42bd4caf5cf68982ea content-length 43
GET H2	200	box-21ccaa45726c0f3c8c458f7a87eb2298.html Show response vars.hotjar.com/ Frame FE71	2 KB 1 KB	25ms 7ms	Document text/html	143.204.215.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-573151.js?sv=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.215.65 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-215-65.fra53.r.cloudfront.net Software / Resource Hash c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44 Request headers Referer https://www.riskiq.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 15807074 cache-control max-age=31536000 content-encoding br content-length 1044 content-type text/html cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Mon, 08 Nov 2021 14:05:19 GMT etag "6a4e2ae376c29011d2e53de65a08d0b7" last-modified Tue, 01 Jun 2021 09:17:15 GMT vary Accept-Encoding via 1.1 1cc446ef4692d8e752b16c07f2f58a58.cloudfront.net (CloudFront) x-amz-cf-id kPIzm1yXx_rc0d_wFhKrKb7Wr1v8DNbD9l4-ar4nbGCGbGNU45xPqg== x-amz-cf-pop FRA53-C1 x-cache Hit from cloudfront x-robots-tag none
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=19503&time=1652187393315&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D19503%26time%3D1652187393315%26url%3Dhttps%253A%252F%252Fwww.riskiq.com%252Fblog%... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=19503&time=1652187393315&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=19503&time=1652187393315&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&liSync=true&e_ipv...	0 264 B	248ms 184ms	Image application/javascript	13.107.43.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=19503&time=1652187393315&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&liSync=true&e_ipv6=AQKYC_CGXpDIEgAAAYCuCu7JF69t7BiiYwHAyvs6oUwplDNAvsJBiMZL3SrM-qZEAOGRP_TaZFszb_spBbmshAu-Y5oEEA Protocol H2 Server 13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: F5D4E73146D64E5182C66F56DAAF7C24 Ref B: VIEEDGE1415 Ref C: 2022-05-10T12:56:33Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-proto http/2 content-length 0 x-li-uuid AAXep9q4EILxCK6428T02g== x-li-fabric prod-ltx1 Redirect headers date Tue, 10 May 2022 12:56:33 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: C32BBCD94AA64946BE86BA3E658D0514 Ref B: FRAEDGE1206 Ref C: 2022-05-10T12:56:33Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=19503&time=1652187393315&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&liSync=true&e_ipv6=AQKYC_CGXpDIEgAAAYCuCu7JF69t7BiiYwHAyvs6oUwplDNAvsJBiMZL3SrM-qZEAOGRP_TaZFszb_spBbmshAu-Y5oEEA x-li-proto http/2 content-length 0 x-li-uuid AAXep9q0lfgN1YIDGAbBBw==
GET H/1.1	200 OK	getuidj Show response secure.adnxs.com/	11 B 700 B	25ms 9ms	XHR application/json	37.252.172.45 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/getuidj Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.21.3 / Resource Hash 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Pragma no-cache Date Tue, 10 May 2022 12:56:33 GMT X-Proxy-Origin 217.64.151.29; 217.64.151.29; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com AN-X-Request-Uuid ba8b0be9-cd1c-4bfb-a171-609bd877518d Server nginx/1.21.3 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://www.riskiq.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json; charset=utf-8 Content-Length 11 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	/ Show response c.6sc.co/	47 B 370 B	61ms 19ms	XHR text/plain	96.16.137.162 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a96-16-137-162.deploy.static.akamaitechnologies.com Software / Resource Hash 0645659a9f36571d43a2fc2ca85d09a531d8d1d7ef677e57d4149139f71d5792 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:33 GMT Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type text/plain Access-Control-Allow-Origin https://www.riskiq.com Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers * Content-Length 47
GET H2	200	ga-audiences www.google.com/ads/	42 B 501 B	53ms 32ms	Image image/gif	2a00:1450:4001:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-42056430-1&cid=884729399.1652187393&jid=1088836042&_u=aHDAgEABAAAAAE~&z=1145282264 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 12:56:33 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 501 B	54ms 32ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-42056430-1&cid=884729399.1652187393&jid=1088836042&_u=aHDAgEABAAAAAE~&z=1145282264 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 12:56:33 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	200 OK	visitWebPage 455-nhf-420.mktoresp.com/webevents/	2 B 311 B	616ms 157ms	Ping text/plain	192.28.147.68 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://455-nhf-420.mktoresp.com/webevents/visitWebPage?_mchNc=1652187393323&_mchCn=&_mchId=455-NHF-420&_mchTk=_mch-riskiq.com-1652187393322-50454&_mchHo=www.riskiq.com&_mchPo=&_mchRu=%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/161/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.28.147.68 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:33 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id 52421c7a-5252-46f9-a2c6-2546f5ff0867
GET H2	200	frame-modern.f5bf4cd4.js Show response js.intercomcdn.com/ Frame 7877	312 KB 83 KB	7ms 7ms	Script application/javascript	99.86.7.14 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.intercomcdn.com/frame-modern.f5bf4cd4.js Requested by Host: widget.intercom.io URL: https://widget.intercom.io/widget/jh6w1mfi Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.7.14 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-7-14.fra6.r.cloudfront.net Software AmazonS3 / Resource Hash f45d26902e2a035ba49b38d45e2ff04fb244d764b7e9123c5306bf20be5a6453 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Tue, 10 May 2022 12:42:32 GMT content-encoding gzip last-modified Tue, 10 May 2022 12:41:17 GMT server AmazonS3 age 842 etag "82523c8b2adb87f7c574dfc23258c7fb" x-cache Hit from cloudfront content-type application/javascript; charset=UTF-8 via 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront) cache-control max-age=31536000, s-maxage=7200, public x-amz-cf-pop FRA6-C1 accept-ranges bytes content-length 84745 x-amz-cf-id dqc30ktLSYL_kCQEJPRWQHtptjHT_m1yeScgInAhUp8Ok26Qx5YXlA==
GET H2	200	vendor-modern.05c86e5a.js Show response js.intercomcdn.com/ Frame 7877	136 KB 42 KB	15ms 14ms	Script application/javascript	99.86.7.14 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.intercomcdn.com/vendor-modern.05c86e5a.js Requested by Host: widget.intercom.io URL: https://widget.intercom.io/widget/jh6w1mfi Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.7.14 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-7-14.fra6.r.cloudfront.net Software AmazonS3 / Resource Hash d7ed67c403e25fe887fa6386a1911adfdf73559fbc59cb4fecde9c69007f0c98 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Tue, 10 May 2022 12:42:32 GMT content-encoding gzip last-modified Tue, 10 May 2022 12:41:17 GMT server AmazonS3 age 842 etag "46dafcd79be846bcc26b74c01dab2001" x-cache Hit from cloudfront content-type application/javascript; charset=UTF-8 via 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront) cache-control max-age=31536000, s-maxage=7200, public x-amz-cf-pop FRA6-C1 accept-ranges bytes content-length 42639 x-amz-cf-id f1la8Ia_anx2LX50ysx_DDf4WFOOpS_4rcL6h--HIxkpUqrOfnmkJw==
GET H2	200	r Show response scout.salesloft.com/	41 B 403 B	286ms 95ms	XHR application/json	34.196.104.91 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDMyNzN9.P6sCDLdEB_Wp08C1rr_i1waPE71D22aiPkwBTj3iVOY Requested by Host: scout-cdn.salesloft.com URL: https://scout-cdn.salesloft.com/sl.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.196.104.91 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-104-91.compute-1.amazonaws.com Software / Resource Hash aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT strict-transport-security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains access-control-allow-methods GET content-type application/json; charset=utf-8 access-control-allow-origin https://www.riskiq.com access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true content-length 41 x-request-id 6681dfef617a96913b0d3e6ccdad9468
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/1000875753/	2 KB 2 KB	39ms 18ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1000875753/?random=1652187393385&cv=9&fst=1652187393385&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7305fc89b942bae18337f6d77228f95ecbf345f6701e77804d9429df4b667aa8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 12:56:33 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1116 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ Show response www.googleadservices.com/pagead/conversion/1000875753/	2 KB 1 KB	72ms 56ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion/1000875753/?random=1652187393386&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&auid=888387049.1652187393&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash 85dc121729b479a21f84521a9e256333f9c32fcda068496e8426f26bb088c63f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 12:56:33 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1307 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 408 B	21ms 7ms	Image image/gif	2a03:2880:f12d:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1558019831190971&ev=PageView&dl=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&rl=&if=false&ts=1652187393417&sw=1600&sh=1200&v=2.9.58&r=stable&ec=0&o=30&fbp=fb.1.1652187393415.488006549&it=1652187393183&coo=false&exp=p1&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 44 expires Tue, 10 May 2022 12:56:33 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	234ms 193ms	Image image/gif	96.16.137.162 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=0c2092e937487ef484d5b02633004955&svisitor=null&session=294ca3e8-bf08-42ca-82c8-27c7028d2756&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A33%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&pageViewId=320b9c69-2f8f-4c47-8b09-5bbb68ecc514&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a96-16-137-162.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:33 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Fri, 21 Feb 2020 18:57:20 GMT Server nginx/1.14.0 (Ubuntu) ETag "5e502810-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	adsct analytics.twitter.com/i/	43 B 101 B	118ms 118ms	Image image/gif	104.244.42.67 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=nuddl&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=ec86a266-4a4a-4a81-955e-cf7c17fec490&tw_document_href=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.67 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-response-time 111 date Tue, 10 May 2022 12:56:33 GMT server tsa_o strict-transport-security max-age=631138519 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash fc19c489fd40182b89d77a36bc332e3b1f20d179c2a75ef8a08d5f9be514a24f content-length 43
GET H2	200	adsct t.co/i/	43 B 78 B	117ms 117ms	Image image/gif	104.244.42.133 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=nuddl&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=ec86a266-4a4a-4a81-955e-cf7c17fec490&tw_document_href=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.133 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-response-time 110 date Tue, 10 May 2022 12:56:32 GMT server tsa_o strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash f8eb8efa2a26b8e9dbe1b3d212c1c86f01c6536a35249f42bd4caf5cf68982ea content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 77 B	116ms 115ms	Image image/gif	104.244.42.67 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=nx4wb&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=ce082914-070e-4f84-b7d4-da87058885a2&tw_document_href=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.67 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-response-time 109 date Tue, 10 May 2022 12:56:32 GMT server tsa_o strict-transport-security max-age=631138519 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash fc19c489fd40182b89d77a36bc332e3b1f20d179c2a75ef8a08d5f9be514a24f content-length 43
GET H2	200	adsct t.co/i/	43 B 101 B	116ms 115ms	Image image/gif	104.244.42.133 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=nx4wb&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=ce082914-070e-4f84-b7d4-da87058885a2&tw_document_href=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.133 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-response-time 109 date Tue, 10 May 2022 12:56:33 GMT server tsa_o strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash f8eb8efa2a26b8e9dbe1b3d212c1c86f01c6536a35249f42bd4caf5cf68982ea content-length 43
POST H2	200	visit-data Show response in.hotjar.com/api/v2/client/sites/573151/	147 B 322 B	91ms 33ms	XHR application/json	54.77.142.136 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://in.hotjar.com/api/v2/client/sites/573151/visit-data?sv=7 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.5923ebad1321802c309c.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.77.142.136 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-77-142-136.eu-west-1.compute.amazonaws.com Software / Resource Hash 45674f87c18e6efb09ed61e106a5fadcca7c39c2e3b25a4d08915f752417cee8 Request headers Referer https://www.riskiq.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Content-Type text/plain; charset=UTF-8 Response headers date Tue, 10 May 2022 12:56:33 GMT content-encoding br vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-max-age 86400 cache-control no-cache, no-store access-control-allow-credentials true
GET H2	204	573151 Show response vc.hotjar.io/sessions/	0 257 B	82ms 38ms	XHR text/plain	143.204.98.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vc.hotjar.io/sessions/573151?s=0.25&r=0.21315396080545246 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.5923ebad1321802c309c.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-32.fra50.r.cloudfront.net Software Python/3.7 aiohttp/3.5.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT via 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront) server Python/3.7 aiohttp/3.5.4 x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront access-control-allow-origin * cache-control no-store x-amz-cf-id elYJkbMkzRI4KMmKQo4f_8t2-j9LR5ER0zQ_1CuUmMz_dNN1dH9tHw==
GET H3	200	/ www.google.com/pagead/1p-user-list/1000875753/	42 B 64 B	36ms 19ms	Image image/gif	2a00:1450:4001:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/1000875753/?random=1652187393385&cv=9&fst=1652184000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&async=1&fmt=3&is_vtc=1&random=4274101667&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 12:56:33 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/1000875753/	42 B 64 B	37ms 20ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/1000875753/?random=1652187393385&cv=9&fst=1652184000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&async=1&fmt=3&is_vtc=1&random=4274101667&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 12:56:33 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-conversion/1000875753/ Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1000875753/?random=1554077605&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO... https://www.google.com/pagead/1p-conversion/1000875753/?random=1554077605&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_... https://www.google.de/pagead/1p-conversion/1000875753/?random=1554077605&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_a...	42 B 64 B	23ms 23ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-conversion/1000875753/?random=1554077605&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&auid=888387049.1652187393&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=AWF6Yp-pGYGM9fgP4cidmAw&cid=CAQSKQCNIrLMF4iZD2p1y0rgkhIAX4ViLhPX4x2C0cniKdjKNkEP0Xtor2I8&eitems=ChAI8JrokwYQzbf4neuUlZdUEh0AWL7E3osyr43V3SLq8xmnMOd8jJfe3w3kPioyrQ&random=1063663232&resp=GooglemKTybQhCsO&ipr=y&prhg=0 Protocol H3 Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 12:56:33 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 10 May 2022 12:56:33 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-conversion/1000875753/?random=1554077605&cv=9&fst=1652187393386&num=1&value=0&label=f8q8CObD4GAQ6c2g3QM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&tiba=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&auid=888387049.1652187393&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=AWF6Yp-pGYGM9fgP4cidmAw&cid=CAQSKQCNIrLMF4iZD2p1y0rgkhIAX4ViLhPX4x2C0cniKdjKNkEP0Xtor2I8&eitems=ChAI8JrokwYQzbf4neuUlZdUEh0AWL7E3osyr43V3SLq8xmnMOd8jJfe3w3kPioyrQ&random=1063663232&resp=GooglemKTybQhCsO&ipr=y&prhg=0 cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	ping Show response api-iam.intercom.io/messenger/web/ Frame 7877	3 KB 2 KB	869ms 679ms	XHR application/json	75.2.88.188 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-iam.intercom.io/messenger/web/ping Requested by Host: js.intercomcdn.com URL: https://js.intercomcdn.com/frame-modern.f5bf4cd4.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 75.2.88.188 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ad8b87a22ce463223.awsglobalaccelerator.com Software nginx / Resource Hash 4fed3846ba4e5f9cf1932de807603ce2f3603051c961abd8e3736c92df0f8e02 Security Headers Name Value Strict-Transport-Security max-age=31556952; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Tue, 10 May 2022 12:56:34 GMT content-encoding gzip x-ami-version ami-0b9740af4580e35f5 status 200 OK strict-transport-security max-age=31556952; includeSubDomains; preload vary Accept,Accept-Encoding x-xss-protection 1; mode=block x-request-id 00052lb8ntvgu84cu29g x-runtime 0.568202 server nginx x-frame-options SAMEORIGIN etag W/"4fed3846ba4e5f9cf1932de807603ce2" x-ratelimit-remaining 13328 access-control-allow-methods POST, GET, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.riskiq.com x-intercom-version cf87813a6669d76c9325c96dcd6085a06ea80c0d cache-control max-age=0, private, must-revalidate access-control-allow-credentials true x-ratelimit-reset 1652187400 x-ratelimit-limit 13333 access-control-allow-headers Content-Type x-content-type-options nosniff
POST H2	200	content Show response ws28.hotjar.com/api/v2/sites/573151/recordings/	66 B 259 B	268ms 73ms	XHR application/json	52.30.14.187 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ws28.hotjar.com/api/v2/sites/573151/recordings/content Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.5923ebad1321802c309c.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.30.14.187 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-30-14-187.eu-west-1.compute.amazonaws.com Software / Resource Hash be8b7dec35df880fb4fc00bb382e2902d568ff1a3177345056eeb6613ea96d74 Request headers Referer https://www.riskiq.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Content-Type text/plain; charset=UTF-8 Response headers date Tue, 10 May 2022 12:56:33 GMT content-encoding br vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-max-age 86400 cache-control no-cache, no-store access-control-allow-credentials true
GET H3	200	collect www.google-analytics.com/	35 B 55 B	7ms 6ms	Image image/gif	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=477867327&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&ul=en-us&de=UTF-8&dt=RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=NonInteraction&ea=IP%20Returned&el=217.64.151.29&_u=aHDAgEABAAAAAE~&jid=&gjid=&cid=884729399.1652187393&tid=UA-42056430-1&_gid=924340342.1652187393&gtm=2wg590NF9FQDJ&cd2=12&cd3=20220510125633&cd4=884729399.1652187393&cd8=(not%20set)&cd9=1&cd10=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F101.0.4951.41%20Safari%2F537.36&cd6=217.64.151.29&z=1271731336 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers pragma no-cache date Tue, 10 May 2022 00:18:44 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 45469 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	i Show response scout.salesloft.com/	48 B 511 B	94ms 94ms	XHR application/json	34.196.104.91 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://scout.salesloft.com/i Requested by Host: scout-cdn.salesloft.com URL: https://scout-cdn.salesloft.com/sl.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.196.104.91 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-104-91.compute-1.amazonaws.com Software / Resource Hash 273ec54d7a24af9b0e989255ae586312359c5a3e33e2cd23676e0746f2744d7b Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Tue, 10 May 2022 12:56:33 GMT strict-transport-security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains access-control-allow-methods GET content-type application/json; charset=utf-8 access-control-allow-origin https://www.riskiq.com access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true content-length 48 x-request-id 29893d6d768b0659f831a5da79116232
POST H3	200	/ Show response www.facebook.com/tr/ Frame CC37	0 18 B	16ms 7ms	Document text/plain	2a03:2880:f12d:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://www.riskiq.com Referer https://www.riskiq.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://www.riskiq.com alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Tue, 10 May 2022 12:56:33 GMT priority u=0 server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	215ms 214ms	Image image/gif	96.16.137.162 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=0c2092e937487ef484d5b02633004955&svisitor=cbd5ce178c6c000001617a62b30000008fc51000&session=294ca3e8-bf08-42ca-82c8-27c7028d2756&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A33%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&pageViewId=320b9c69-2f8f-4c47-8b09-5bbb68ecc514&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a96-16-137-162.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:34 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Sat, 05 Jun 2021 07:56:05 GMT Server nginx/1.14.0 (Ubuntu) ETag "60bb2e15-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	ping Show response api-iam.intercom.io/messenger/web/ Frame 7877	3 KB 2 KB	399ms 399ms	XHR application/json	75.2.88.188 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-iam.intercom.io/messenger/web/ping Requested by Host: js.intercomcdn.com URL: https://js.intercomcdn.com/frame-modern.f5bf4cd4.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 75.2.88.188 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ad8b87a22ce463223.awsglobalaccelerator.com Software nginx / Resource Hash 4afd3168f623fc1f6ffa112a1e3e4637c8a01dc3b08908960355636329500b93 Security Headers Name Value Strict-Transport-Security max-age=31556952; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Tue, 10 May 2022 12:56:34 GMT content-encoding gzip x-ami-version ami-0b9740af4580e35f5 status 200 OK strict-transport-security max-age=31556952; includeSubDomains; preload vary Accept,Accept-Encoding x-xss-protection 1; mode=block x-request-id 0000mgkqq4l1v5siqt20 x-runtime 0.290994 server nginx x-frame-options SAMEORIGIN etag W/"4afd3168f623fc1f6ffa112a1e3e4637" x-ratelimit-remaining 13326 access-control-allow-methods POST, GET, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.riskiq.com x-intercom-version cf87813a6669d76c9325c96dcd6085a06ea80c0d cache-control max-age=0, private, must-revalidate access-control-allow-credentials true x-ratelimit-reset 1652187400 x-ratelimit-limit 13333 access-control-allow-headers Content-Type x-content-type-options nosniff
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	313ms 313ms	Image image/gif	96.16.137.162 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=0c2092e937487ef484d5b02633004955&svisitor=cbd5ce178c6c000001617a62b30000008fc51000&session=294ca3e8-bf08-42ca-82c8-27c7028d2756&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A34%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%222006%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&pageViewId=320b9c69-2f8f-4c47-8b09-5bbb68ecc514&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a96-16-137-162.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:35 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Tue, 05 Oct 2021 22:17:52 GMT Server nginx/1.14.0 (Ubuntu) ETag "615ccf10-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	194ms 194ms	Image image/gif	96.16.137.162 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=0c2092e937487ef484d5b02633004955&svisitor=cbd5ce178c6c000001617a62b30000008fc51000&session=294ca3e8-bf08-42ca-82c8-27c7028d2756&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A35%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223007%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&pageViewId=320b9c69-2f8f-4c47-8b09-5bbb68ecc514&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a96-16-137-162.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:36 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Fri, 21 Feb 2020 18:57:20 GMT Server nginx/1.14.0 (Ubuntu) ETag "5e502810-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	212ms 211ms	Image image/gif	96.16.137.162 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=0c2092e937487ef484d5b02633004955&svisitor=cbd5ce178c6c000001617a62b30000008fc51000&session=294ca3e8-bf08-42ca-82c8-27c7028d2756&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A36%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224009%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&pageViewId=320b9c69-2f8f-4c47-8b09-5bbb68ecc514&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a96-16-137-162.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:37 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Tue, 05 Oct 2021 22:17:52 GMT Server nginx/1.14.0 (Ubuntu) ETag "615ccf10-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	201ms 201ms	Image image/gif	96.16.137.162 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=0c2092e937487ef484d5b02633004955&svisitor=cbd5ce178c6c000001617a62b30000008fc51000&session=294ca3e8-bf08-42ca-82c8-27c7028d2756&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20May%202022%2012%3A56%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225010%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22RiskIQ%20Threat%20Intelligence%20Roundup%3A%20Trickbot%2C%20Magecart%2C%20and%20More%20Fake%20Sites%20Targeting%20Ukraine%20%7C%20RiskIQ%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.riskiq.com%2Fblog%2Fexternal-threat-management%2Ftrickbot-magecart-fake-sites%2F&pageViewId=320b9c69-2f8f-4c47-8b09-5bbb68ecc514&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a96-16-137-162.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.riskiq.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Tue, 10 May 2022 12:56:38 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Fri, 21 Feb 2020 18:57:20 GMT Server nginx/1.14.0 (Ubuntu) ETag "5e502810-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT