www.securonix.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-like...
Submission: On June 25 via api (June 25th 2024, 6:23:16 am UTC) from IN — Scanned from DE

Summary HTTP 102 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 27 IPs in 5 countries across 21 domains to perform 102 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.securonix.com.
TLS certificate: Issued by E1 on April 29th 2024. Valid for: 3 months.

This is the only time www.securonix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
39	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
9	172.67.39.148 172.67.39.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700:310... 2606:4700:3108::ac42:283b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	23.53.43.58 23.53.43.58	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a98	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 6	2600:9000:264... 2600:9000:2644:8600:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6811:f6cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.245.86.87 18.245.86.87	16509 (AMAZON-02) (AMAZON-02)
2 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
1	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:710... 2a02:26f0:7100::210:172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:a82:1bf5:3077:5557	16509 (AMAZON-02) (AMAZON-02)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
2	18.245.86.73 18.245.86.73	16509 (AMAZON-02) (AMAZON-02)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
102	27

39 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.securonix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.67.39.148 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3108::ac42:283b (United States)

ASN13335 (CLOUDFLARENET, US)

embed.formhq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.53.43.58 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-43-58.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a98 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2644:8600:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:f6cb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.245.86.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-87.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:172 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe04:a82:1bf5:3077:5557 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.86.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-73.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	securonix.com www.securonix.com	5 MB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 5903 c.6sc.co — Cisco Umbrella Rank: 8340 ipv6.6sc.co — Cisco Umbrella Rank: 6045 b.6sc.co — Cisco Umbrella Rank: 3852	20 KB
9	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4733	33 KB
7	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 3747 d.adroll.com — Cisco Umbrella Rank: 1811	119 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 14358 ws.zoominfo.com — Cisco Umbrella Rank: 5175	30 KB
5	linkedin.com 2 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 360 px4.ads.linkedin.com — Cisco Umbrella Rank: 6416	4 KB
5	driftt.com js.driftt.com — Cisco Umbrella Rank: 7548	71 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 7464	4 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 361	14 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	296 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9419	709 B
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 1008	4 KB
2	formhq.net embed.formhq.net — Cisco Umbrella Rank: 181883	4 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 83 ajax.googleapis.com — Cisco Umbrella Rank: 469	32 KB
1	google.de www.google.de — Cisco Umbrella Rank: 8088	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136	247 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3125
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 902	14 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	3 KB
1	gstatic.com fonts.gstatic.com	50 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 268	2 KB
102	21

	Domain	Requested by
39	www.securonix.com	www.securonix.com
9	static.addtoany.com	www.securonix.com static.addtoany.com
7	b.6sc.co	www.securonix.com
6	s.adroll.com	1 redirects www.googletagmanager.com www.securonix.com s.adroll.com
5	js.driftt.com	www.securonix.com js.driftt.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	px.ads.linkedin.com	2 redirects snap.licdn.com
3	js.zi-scripts.com	www.securonix.com js.zi-scripts.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.securonix.com
3	www.googletagmanager.com	www.securonix.com www.googletagmanager.com
2	epsilon.6sense.com	j.6sc.co
2	unpkg.com	1 redirects www.securonix.com
2	embed.formhq.net	www.googletagmanager.com embed.formhq.net
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	d.adroll.com	s.adroll.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	www.google.de	www.securonix.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.securonix.com
1	snap.licdn.com	www.googletagmanager.com
1	cdn.jsdelivr.net	www.securonix.com
1	j.6sc.co	www.securonix.com
1	fonts.gstatic.com	fonts.googleapis.com
1	ajax.googleapis.com	www.securonix.com
1	cdnjs.cloudflare.com	www.securonix.com
1	fonts.googleapis.com	www.securonix.com
102	28

This site contains links to these domains. Also see Links.

Domain
vcon24.vfairs.com
securonix.force.com
in.linkedin.com
twitter.com
www.youtube.com
www.addtoany.com
learn.microsoft.com

Subject Issuer	Validity	Valid
www.securonix.com E1	`2024-04-29` - `2024-07-28`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
static.addtoany.com E5	`2024-06-21` - `2024-09-19`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
formhq.net E1	`2024-04-29` - `2024-07-28`	3 months	crt.sh
6sc.co R3	`2024-04-09` - `2024-07-08`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M02	`2024-05-03` - `2025-06-01`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
*.google.de WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2024-05-27` - `2024-08-25`	3 months	crt.sh
zoominfo.com E5	`2024-06-17` - `2024-09-15`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Frame ID: B8A5A33C252D5A2B0505D01A77EF90F9
Requests: 96 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: 1D5286E5F4B70D9D7B8120FBC41B4A70
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=r32rm8p2zmht&eId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=8f4208ff-8ad3-4680-8ad2-a5acbeba0bd6&sessionStarted=1719296591.73&campaignRefreshToken=6900f3c1-c4c5-41c7-8ad4-790525af1485&hideController=false&pageLoadStartTime=1719296589572&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F
Frame ID: F0B3D37E3EA08DFF50EA89236C57E61E
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1719296589572
Frame ID: EE942F2888BE14A8A2B82A0E9A7EECD6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Analysis of PHANTOM#SPIKE: Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan - Securonix

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

102
Requests

95 %
HTTPS

58 %
IPv6

21
Domains

28
Subdomains

27
IPs

5
Countries

5547 kB
Transfer

7297 kB
Size

21
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://vcon24.vfairs.com/en
Title: Come join us at our Customer Value Conference, Securonix V-Con24 - Register now!

Search URL Search Domain Scan URL

URL: https://securonix.force.com/
Title: Partner Portal Login

Search URL Search Domain Scan URL

URL: https://in.linkedin.com/company/securonix
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/Securonix
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@securonix
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&title=Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan
Title: Teilen

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/dotnet/api/system.net.security.sslstream?view=net-8.0
Title: SslStream

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/dotnet/api/system.threading.tasks.task.run?view=net-8.0
Title: Task.Run

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.securonix.com%2Ffooter%2F&title=Footer
Title: Teilen

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@4.2.0/dist/web-vitals.iife.js

Request Chain 57

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&tm=gtmv2&cookiesTest=true&e_ipv6=AQJMGrBPpXAsAAAAAZBOEAY41xrp-cfRgR5TUcQm65L_ziuO-K6iLBH4f25dy7Zo7h1wdP8

Request Chain 62

https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

102 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/ 128 KB
22 KB 407ms
228ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

a40f09f6818df49545be73dde2d84fc10bdcc4845164dade87398272467e952f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 8992de0378be450a-TXL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 25 Jun 2024 06:23:09 GMT
link: <https://www.securonix.com/wp-json/>; rel="https://api.w.org/" <https://www.securonix.com/wp-json/wp/v2/blog/29268>; rel="alternate"; type="application/json" <https://www.securonix.com/?p=29268>; rel=shortlink
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 7
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine

GET
H2 404 bootstrap.min.css
www.securonix.com/wp-content/themes/punch/styles/css/ 0
0 235ms
229ms Stylesheet
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/styles/css/bootstrap.min.css?ver=3.3.2
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 8992de04fbfd450a-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 404 style.css
www.securonix.com/wp-content/themes/punch/styles/css/ 0
0 783ms
778ms Stylesheet
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/styles/css/style.css?ver=6.5.3
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 8992de04fbff450a-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 wpcdt-public.css
www.securonix.com/wp-content/plugins/countdown-timer-ultimate/assets/css/ 822 B
442 B 87ms
82ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/countdown-timer-ultimate/assets/css/wpcdt-public.css?ver=2.5

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

09bfea7e712355726b2d97bf0a13a80f8f8e5e5834a13d666d1cea2bd3ab31a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-336"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de04fc02450a-TXL

GET
H2 200 jquery.powertip.min.css
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/ 2 KB
463 B 76ms
72ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/jquery.powertip.min.css?ver=1.2.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

814189be4de21d42597f62ffcc0ee1d28b6326d795bbad2e922952cad4dabab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-70d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de04fc05450a-TXL

GET
H2 200 maps_points.css
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/ 7 KB
2 KB 66ms
61ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/maps_points.css?ver=1.2.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a55a1504046635db1567af44c96b2a820151041a3d384726e32dad566684d899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-1c2f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de04fc0b450a-TXL

GET
H2 200 default.css
www.securonix.com/wp-content/plugins/tablepress/css/build/ 6 KB
2 KB 66ms
62ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/tablepress/css/build/default.css?ver=2.1.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c10bfd761676feda6e280e0d31794b1a8d21279f437ddb817a708d6fe0b72db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:41 GMT
server: cloudflare
etag: W/"66334865-17cb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de04fc14450a-TXL

GET
H2 200 tablepress-responsive.min.css
www.securonix.com/wp-content/plugins/tablepress-responsive-tables/css/ 9 KB
1 KB 79ms
75ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27e54854af25b175f482f4acc3c32a5dfd363ae62292e66b9212764d323af2db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:41 GMT
server: cloudflare
etag: W/"66334865-22aa"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de04fc18450a-TXL

GET
H2 200 addtoany.min.css
www.securonix.com/wp-content/plugins/add-to-any/ 2 KB
600 B 66ms
62ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:49 GMT
server: cloudflare
etag: W/"6633486d-644"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de04fc1d450a-TXL

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
932 B 143ms
51ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Work+Sans:ital,wght@0,300..700;1,300..700&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

09ba5df6e121c4577cac7addaca7ab9f189e8c1afd745652396b05f8e45baf0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 25 Jun 2024 06:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 25 Jun 2024 06:23:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 25 Jun 2024 06:23:09 GMT

GET
H3 200 select2.min.css
cdnjs.cloudflare.com/ajax/libs/select2/4.1.0-beta.1/css/ 15 KB
2 KB 102ms
54ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/select2/4.1.0-beta.1/css/select2.min.css?ver=1.2.51

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

907f4395f54e25a1da1181672f1a498e98b26f7bfc6dcb6c209a737472451e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 389468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1676
last-modified: Tue, 26 May 2020 03:00:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ecc8659-3dcf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNhbyk5F435mic7t8DECcXWvjl4Q1tlt7zHrl0vbUenOWzNS%2BUkVfiKaHf7%2BvQLBeMSVjLst9S7KIwV2IMv8mP2HdczGXNM1ZbwA0Tufw2YZo8LhZBNkZyiSe3wFxGxt%2B5V63sEx"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8992de054c8e6943-FRA
expires: Sun, 15 Jun 2025 06:23:09 GMT

GET
H2 200 single-common.css
www.securonix.com/wp-content/themes/securonix-hybrid/assets/css/ 19 KB
3 KB 72ms
68ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix-hybrid/assets/css/single-common.css?ver=1.2.51

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

32f274178facd20384d11f4cf5d6cb7aa0d72c1a544da5d66a441d703030b518

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 8036
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 31 May 2024 20:30:21 GMT
server: cloudflare
etag: W/"665a335d-4d8b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de04fc1f450a-TXL

GET
H2 200 avia-merged-styles-6292885bf0f081c03abe0eedd6656911---666a154b35074.css
www.securonix.com/wp-content/uploads/dynamic_avia/ 129 KB
22 KB 73ms
70ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/dynamic_avia/avia-merged-styles-6292885bf0f081c03abe0eedd6656911---666a154b35074.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b866f204d2a5b0fa88df426bfef64de132a4a2ef9cbb03bd42b46853b5f6747a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 12 Jun 2024 21:38:19 GMT
server: cloudflare
etag: W/"666a154b-2025c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de04fc23450a-TXL

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
31 KB 135ms
40ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js?ver=3.4.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 14:46:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 574586
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Jun 2025 14:46:43 GMT

GET
H2 404 library.js
www.securonix.com/wp-content/themes/punch/js/ 0
0 336ms
333ms Script
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/js/library.js?ver=6.5.3
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 8992de052c89450a-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 ajax.js Show response
www.securonix.com/wp-content/mu-plugins/kmdg-framework//assets/js/ 3 KB
1 KB 104ms
102ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/mu-plugins/kmdg-framework//assets/js/ajax.js?ver=KMDG_FRAMEWORK_VERSION

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba0dc4a2c348e233bb9d06d948ac25172b3dafbe04aac1692e925742fcf095a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:49 GMT
server: cloudflare
etag: W/"6633486d-bd5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de052c8b450a-TXL

GET
H2 404 bootstrap.min.js
www.securonix.com/wp-content/themes/punch/js/ 0
0 268ms
266ms Script
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/js/bootstrap.min.js?ver=3.3.2
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 8992de052c8c450a-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 101ms
54ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11453
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"e346c2841e4abbb66ee259e9540abb61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xjq7QFbi12VLG54U%2Bjg5quy%2FqZWru17BHm6PirUOYF94VC2B7wKgRRo6Tq0MWiJPYNcOnO%2BzleFhfMH2CV3E8h8WUqGEd6QTErTt6AGLBVlmKbsyuCHSr1v00lL3d2%2BHGJuSTSjs"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 8992de0a3f011c42-FRA

GET
H3 200 addtoany.min.js Show response
www.securonix.com/wp-content/plugins/add-to-any/ 129 B
474 B 222ms
219ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100587
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:49 GMT
server: cloudflare
etag: W/"6633486d-81"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de09ef4c2681-TXL

GET
H2 200 Securonix-logo.webp
www.securonix.com/wp-content/uploads/2024/04/ 14 KB
14 KB 89ms
87ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Securonix-logo.webp

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bf92d09ea70e1745242a22e86adb8088bc17c61a744c2f3d984601f6bd4e423

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 100586
alt-svc: h3=":443"; ma=86400
content-length: 14448
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:30 GMT
server: cloudflare
etag: "6633485a-3870"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de052c8e450a-TXL

GET
H2 200 phantom_advisory_2.png
www.securonix.com/wp-content/uploads/2024/06/ 610 KB
610 KB 1219ms
1217ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/06/phantom_advisory_2.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

737405abbe0c84f2c860f7b00b2cb0377df0f12d4c8d76c8f2d5749d2e7f64d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 624232
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 20 Jun 2024 22:14:52 GMT
server: cloudflare
etag: "6674a9dc-98668"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de052c90450a-TXL

GET
H2 200 phantom_advisory_3.png
www.securonix.com/wp-content/uploads/2024/06/ 1 MB
1 MB 285ms
284ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/06/phantom_advisory_3.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

44fe36f267735fedc846090b255f109da041d2d02c0a6c5d9b218e493e8521ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 1143730
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 20 Jun 2024 22:14:47 GMT
server: cloudflare
etag: "6674a9d7-1173b2"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de052c91450a-TXL

GET
H3 200 phantom_advisory_4.png
www.securonix.com/wp-content/uploads/2024/06/ 705 KB
706 KB 258ms
258ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/06/phantom_advisory_4.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ebc7dabb4cf440fd8f4e9832b469819a40dc9358202ecba211402a3b03bb35e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 721914
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 20 Jun 2024 22:14:43 GMT
server: cloudflare
etag: "6674a9d3-b03fa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de087bef2681-TXL

GET
H3 200 phantom_advisory_5.png
www.securonix.com/wp-content/uploads/2024/06/ 482 KB
482 KB 266ms
265ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/06/phantom_advisory_5.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2aff1f5d95a9640c8d121475df26498656ef67a186edc4bbcb9f8b8b963b7577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 493068
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 20 Jun 2024 22:14:39 GMT
server: cloudflare
etag: "6674a9cf-7860c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de09ef382681-TXL

GET
H3 200 phantom_advisory_6.png
www.securonix.com/wp-content/uploads/2024/06/ 372 KB
372 KB 222ms
219ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/06/phantom_advisory_6.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9b5ffe638ef96f1fa31f00dd9d7fcf49c53d509f472ac2f12f37e9cab4a9103

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=606195
content-disposition: inline; filename="phantom_advisory_6.webp"
alt-svc: h3=":443"; ma=86400
content-length: 380574
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 20 Jun 2024 22:14:36 GMT
server: cloudflare
etag: "6674a9cc-93ff3"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de09ef4e2681-TXL

GET
H3 200 phantom_advisory_7.png
www.securonix.com/wp-content/uploads/2024/06/ 586 KB
586 KB 273ms
269ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/06/phantom_advisory_7.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c93626ad32b3449b19ebd9c7e5dfa53947c8ed99ede81a422b146ac6da791fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 599627
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 20 Jun 2024 22:14:32 GMT
server: cloudflare
etag: "6674a9c8-9264b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de09ef512681-TXL

GET
H3 404 global.js
www.securonix.com/wp-content/themes/punch/js/ 0
0 230ms
226ms Script
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/js/global.js?ver=6.5.3
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 8992de09ef3f2681-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.powertip.min.js Show response
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 11 KB
4 KB 220ms
215ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/jquery.powertip.min.js?ver=1.2.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

80b41604ed76eb37787a40ba315a3af3a5c83b3bce68e39037deb9202582abc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-2ae5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de09ef422681-TXL

GET
H3 200 maps_points.js Show response
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 628 B
699 B 220ms
216ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/maps_points.js?ver=1.2.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0230904fa157dff50d8ecc1a80a203635fa812479f4432a69c3779986ab560e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100587
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-274"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de09ef462681-TXL

GET
H3 200 new-tab.js Show response
www.securonix.com/wp-content/plugins/page-links-to/dist/ 34 KB
13 KB 220ms
216ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100587
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-8687"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de09ef482681-TXL

GET
H3 200 smush-lazy-load.min.js Show response
www.securonix.com/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 222ms
218ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.16.2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bdcc9e3e427ad3a787ec7efe46d8c305e880eb44402c0000ff52f17ef6b0cdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:40 GMT
server: cloudflare
etag: W/"66334864-2018"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de09ef492681-TXL

GET
H3 200 dropdown.js Show response
www.securonix.com/wp-content/plugins/gtranslate/js/ 13 KB
5 KB 239ms
236ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/gtranslate/js/dropdown.js?ver=6.5.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fcc408630bdf993595abbcc2a7ace8a55058dd7a3107236a68cd76a690e1ae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100587
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-326d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de09ef542681-TXL

GET
H3 200 avia-footer-scripts-580cdc29960fb4a0f1ab0c8168a4daf0---666a154c5d79c.js Show response
www.securonix.com/wp-content/uploads/dynamic_avia/ 12 KB
3 KB 222ms
218ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/dynamic_avia/avia-footer-scripts-580cdc29960fb4a0f1ab0c8168a4daf0---666a154c5d79c.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ebb2ce2e9e5c77cc2c4081b2d88c1f10d471b0f9b440e672465d276f507273a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 12 Jun 2024 21:38:20 GMT
server: cloudflare
etag: W/"666a154c-31a1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de09ef4a2681-TXL

GET
BLOB 200
OK 6ff47b5e-6f3f-4dda-bee6-3a07be0267d8
https://www.securonix.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.securonix.com/6ff47b5e-6f3f-4dda-bee6-3a07be0267d8
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 322 KB
108 KB 157ms
68ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8321a254c4b6dc250dfe26dc3d662009d354218fc4313a6acf52994c8da02ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109799
x-xss-protection: 0
last-modified: Tue, 25 Jun 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 25 Jun 2024 06:23:10 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v19/ 49 KB
50 KB 134ms
41ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v19/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Work+Sans:ital,wght@0,300..700;1,300..700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6912f7388531e949bd5406b5668cd6b55fea4cc7e2d123dbaed489054dd98438

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 14:52:28 GMT
x-content-type-options: nosniff
age: 574242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50668
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:13:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Jun 2025 14:52:28 GMT

GET
H3 200 Dev-Gradient-Bottom-Top-Purple-Lines.png
www.securonix.com/wp-content/themes/securonix-hybrid/assets/img/png/ 120 KB
120 KB 225ms
225ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/themes/securonix-hybrid/assets/img/png/Dev-Gradient-Bottom-Top-Purple-Lines.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/wp-content/uploads/dynamic_avia/avia-merged-styles-6292885bf0f081c03abe0eedd6656911---666a154b35074.css

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

55a87f3988c2d2dc254d7fcf23779d87635baace698dda2ff0c1472a37a04599

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/wp-content/uploads/dynamic_avia/avia-merged-styles-6292885bf0f081c03abe0eedd6656911---666a154b35074.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 79387
cf-polished: origSize=632173, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 122642
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 May 2024 21:18:03 GMT
server: cloudflare
etag: "6634030b-9a56d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de09ff752681-TXL

GET
H3 200 securonix-icons.woff2
www.securonix.com/wp-content/uploads/avia_fonts/securonix-icons/ 13 KB
13 KB 200ms
200ms Font
font/woff2 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/avia_fonts/securonix-icons/securonix-icons.woff2?ver=1.2.51

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d137bc7b7127aaf5d686f13af5fefc562b4bf4d92cb4b0365171530fdfa9465c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 100586
alt-svc: h3=":443"; ma=86400
content-length: 12984
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 06 Jun 2024 19:51:04 GMT
server: cloudflare
etag: "66621328-32b8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de0a3fdf2681-TXL

GET
H3 200 fa-fontello.woff2
www.securonix.com/wp-content/themes/punch/assets/fonts/ 5 KB
5 KB 201ms
200ms Font
font/woff2 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/punch/assets/fonts/fa-fontello.woff2?ver=1.2.51

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e67d703e0c13b20be535d048fac3610238856ddda14cfb9cb5aa8c4a77486b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 100586
alt-svc: h3=":443"; ma=86400
content-length: 4636
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:39 GMT
server: cloudflare
etag: "66334863-121c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de0a3fe12681-TXL

GET
H3 200 sm.25.html
static.addtoany.com/menu/ Frame 1D52 0
0 100ms
56ms Document
text/html 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
age: 13453
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 8992de0ae80e92a7-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 25 Jun 2024 06:23:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TSb6ceU8Km%2FQoBhHnOVawQ5nlOg7YHtAwc1zYeeACM1Vejf1hsvQsU5EgzZBYHlnxkwG7E3VnrdXIcTw%2FClwIyVWcp%2BvsfkuC8R0rRwidtcjh65vd3CqQFRL0gJVfF3Dqwl1JOvRnnEjZi6fPTkCvL%2Fd"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.BRQnzO8v.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 121ms
75ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"25da5432b1057724b8210f17e9b9db05"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qkD0fTkQGiPwwoX5g0colKIGn2mPxAnL00Ute9HIkVaw1RDkDzUmNIuvLe54br6Xi5EbjV6ayqV4gzLHq7AbFL5UupB17c1ks%2FLM9P0dTLkH8m3q%2Bb7pTFSeDy7FAzSeubXoTjne"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 8992de0ad95965de-FRA

GET
H3 200 Securonix-logo-alt.webp
www.securonix.com/wp-content/uploads/2024/04/ 14 KB
14 KB 77ms
77ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Securonix-logo-alt.webp

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

195ead3f2c695bbc2891e27e0f4fb3d31f08097370ed4fc66abfe75b07fc238b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 100586
alt-svc: h3=":443"; ma=86400
content-length: 14378
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:30 GMT
server: cloudflare
etag: "6633485a-382a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de0b6a152681-TXL

GET
H3 200 phantom_advisory_1C.jpg
www.securonix.com/wp-content/uploads/2024/06/ 635 KB
636 KB 258ms
258ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/06/phantom_advisory_1C.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b38f9b4fe5ecc46a0be195e0835bd2e8bd062a78ce6a389c4abff31f2cf66e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 650675
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 21 Jun 2024 06:35:06 GMT
server: cloudflare
etag: "66751f1a-9edb3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de0b6a172681-TXL

GET
H3 200 body.css
www.securonix.com/wp-content/themes/punch/assets/css/ 6 KB
2 KB 75ms
75ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/punch/assets/css/body.css?v=1.0.94

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

585855ece0f56ae59cf584f5068fc0b2f0742d9e55d6b1ef79b6e54916afbe5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100586
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:39 GMT
server: cloudflare
etag: W/"66334863-160c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de0b6a1e2681-TXL

GET
H2 200 base.js Show response
embed.formhq.net/v1/ 6 KB
3 KB 170ms
56ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.formhq.net/v1/base.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7495655518a178afcfca8f950660f990e6169eb01960dd2bc8c9a19fd533557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4265
cf-polished: origSize=6385
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 01 Nov 2022 14:37:50 GMT
server: cloudflare
etag: W/"63612f3e-18f1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yjInFao6QfsxxD0ZZn6pw6EAFXC%2Be6Y%2BfKrHu42SlzySjllwD9pnWlyxBqjBZSLAcXx%2F4Pz%2Bl0CRgXA9h6sOvCMtP9tvSjwMfm6DJXMavnRPgSiapqImtk2eD4Mps%2BBWsCAJ227r3%2Bq0cZqqoZ7A"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=1800
cf-ray: 8992de0cbc60bb83-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 282 KB
97 KB 64ms
61ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

47ab43b8cce1a8386622ce4a17a31045ca93e6dfa323bb6f5b69bd1963fee032

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99551
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 25 Jun 2024 06:23:10 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 184ms
40ms Script
application/javascript 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 14 Jun 2024 00:42:44 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "666b9204-10980"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18315
expires: Tue, 25 Jun 2024 06:23:10 GMT

GET
H2 200 attributor.min.js Show response
cdn.jsdelivr.net/gh/derekcavaliero/attributor@latest/dist/ 7 KB
3 KB 160ms
51ms Script
application/javascript 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/derekcavaliero/attributor@latest/dist/attributor.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

435c1051149272e940e0bfbda1b4e09662f4408e658aa0ee899177819c9b8008

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 25 Jun 2024 06:23:10 GMT
x-content-type-options: nosniff
content-encoding: br
age: 41210
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2823
x-served-by: cache-fra-etou8220072-FRA, cache-mxp6965-MXP
x-jsd-version-type: branch
etag: W/"1da1-KfePJ46ikK9jPpNwOZncE3ivfdg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 264 KB
91 KB 69ms
69ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1004449086&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

437769d39ee25c4087f419599b8a84d2caa38d3299fa25be021ff96195453561

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93439
x-xss-protection: 0
last-modified: Tue, 25 Jun 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 25 Jun 2024 06:23:10 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 267ms
131ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 25 Jun 2024 06:23:10 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A1E98727B72E4958A64A7F6F655B274A Ref B: FRA31EDGE0616 Ref C: 2024-06-25T06:23:10Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 146ms
40ms Script
application/javascript 2a02:26f0:3500:10::210:a98
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a98 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 16:46:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=77108
accept-ranges: bytes
content-length: 14004

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 88 KB
27 KB 152ms
45ms Script
text/javascript 2600:9000:2644:8600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:8600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd374bea8f2cce1e9514e9f9a7af6cd7efbb566a5eea5cda53affc1391ada818

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: mo7_u_yH02gprJDRXoC6WhXOKdSomtp.
Content-Encoding: gzip
Via: 1.1 8e8e6ea60de74421f0058675cbcf9cb0.cloudfront.net (CloudFront)
Date: Tue, 25 Jun 2024 05:54:53 GMT
Age: 1698
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 05 Jun 2024 15:35:46 GMT
Server: AmazonS3
Etag: W/"39817cce3f515077c86e9cc99a65f623"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: pokrcr5zTTqNRxxEAVC8ko4VPncUrDujdHtTAVUxiy3_jKFazQk2og==

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@4.2.0/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@4.2.0/dist/web-vitals.iife.js

7 KB
3 KB

60ms
59ms

Script
application/javascript

2606:4700::6811:f6cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@4.2.0/dist/web-vitals.iife.js

Requested by

Protocol

Server

2606:4700::6811:f6cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

adf7f9b0dd938575c72ff1592ea18e7ab9bc53ff8838a38c8484c10f5d9be7fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 379693
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01J0VPWPFVHWB7BBNBJGQCB02M-fra
server: cloudflare
etag: "1c0c-hOpjVE2mSiNVJWsLrpc64ergTOY"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8992de0d1d153aa4-FRA

Redirect headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01J170ESJQAEP8T3KHBED241B0-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 564
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /web-vitals@4.2.0/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 8992de0cac813aa4-FRA

GET
H2 200 r32rm8p2zmht.js Show response
js.driftt.com/include/1719296700000/ 221 KB
62 KB 279ms
168ms Script
application/javascript 18.245.86.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1719296700000/r32rm8p2zmht.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-87.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2037c0cffae2688b5332df106c910e1532df3643c28b9023ff746645acda3f70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: USw4R1QyON_u1NhEdBvG7FTDCSL9gnOr
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Tue, 25 Jun 2024 06:23:10 GMT
via: 1.1 6d96f6742a3e24fad8577272b38c550a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 21 Jun 2024 15:56:20 GMT
server: istio-envoy
etag: W/"e8d94d8bce9981cde582b060ea1cdc6e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pmHrjCScAZqx7wxBSU-32AiohFwcgkWkcurROup71NrQ7EIqztAkPw==

GET
H3 200 body.css
www.securonix.com/wp-content/themes/securonix-hybrid/assets/css/ 31 KB
7 KB 47ms
46ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix-hybrid/assets/css/body.css?v=1.2.51

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a63ff7480429d33426dc89e9233838e2e54b46f59d5bac184d907d32def48f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100585
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 May 2024 21:15:23 GMT
server: cloudflare
etag: W/"6656496b-7c18"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de0d0dab2681-TXL

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
725 B 379ms
292ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.securonix.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 25C826769FE3475AAD26463A3DC369EC Ref B: FRAEDGE1214 Ref C: 2024-06-25T06:23:10Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://www.securonix.com
x-li-source-fabric: prod-lor1
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYbsO6TSL0yst4V+q4u4A==

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1 KB 378ms
285ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: *
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: gzip
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cache: CONFIG_NOCACHE
x-li-uuid: AAYbsO6TYdOfgu40LmojaQ==
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9F5CE26F76224781933945F73E1CC402 Ref B: DUS30EDGE0817 Ref C: 2024-06-25T06:23:11Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-ltx1
access-control-allow-origin: *
x-li-source-fabric: prod-lor1
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
access-control-allow-headers: *
x-fs-uuid: 00061bb0ee9361d39f82ee342e6a2369

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-cshar...

0
480 B

245ms
155ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&tm=gtmv2&cookiesTest=true&e_ipv6=AQJMGrBPpXAsAAAAAZBOEAY41xrp-cfRgR5TUcQm65L_ziuO-K6iLBH4f25dy7Zo7h1wdP8
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 57B4A69188D345DDAC480A943717BFA4 Ref B: FRAEDGE1117 Ref C: 2024-06-25T06:23:11Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lva1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYbsO6bsfhJqRx8llHn4Q==

Redirect headers

date: Tue, 25 Jun 2024 06:23:10 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 94BE716CF0114EF6851912D5B9F547F7 Ref B: FRAEDGE1214 Ref C: 2024-06-25T06:23:11Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1719296590900&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&tm=gtmv2&cookiesTest=true&e_ipv6=AQJMGrBPpXAsAAAAAZBOEAY41xrp-cfRgR5TUcQm65L_ziuO-K6iLBH4f25dy7Zo7h1wdP8
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYbsO6YK5QH0h0PRzDI8Q==

GET
H2 200 bWFya2V0bw.js Show response
embed.formhq.net/v1/platforms/ 422 B
585 B 56ms
56ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.formhq.net/v1/platforms/bWFya2V0bw.js

Requested by

Host: embed.formhq.net
URL: https://embed.formhq.net/v1/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8737f50e2aa546ff4baeb4492fdd334a75dfc93e292aba2ab7a45a8c3a73e4c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3323
cf-polished: origSize=423
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 02 Aug 2022 14:00:38 GMT
server: cloudflare
etag: W/"62e92e06-1a7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vtuvo0zxglQT4gHUviWkM4L%2FKF2j0eEHVkW%2Fg%2B7dBDzeZEhl2URFBho%2FKIlmF1%2FAcpUfkCVqojTXA0P%2FHg9yXLHH8xtO%2FZ%2F2XxtYJwu5uFq64RHe2WflBTjUaOI%2FVk4KumKDR2j%2FTLdWbanO2cyD"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=1800
cf-ray: 8992de0d4cf7bb83-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 141ms
50ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JPYDLXGD3Q&gtm=45je46j0v891181397za200&_p=1719296590.924&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1334179632.1719296591&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&cu=USD&dl=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&sid=1719296590&sct=1&seg=0&dt=Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1772&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
247 B 152ms
48ms Ping
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JPYDLXGD3Q&cid=1334179632.1719296591&gtm=45je46j0v891181397za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 108ms
51ms Image
image/gif 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JPYDLXGD3Q&cid=1334179632.1719296591&gtm=45je46j0v891181397za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1480669369

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
754 B

70ms
40ms

Script
application/javascript

2600:9000:2644:8600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: HTTP/1.1
Server: 2600:9000:2644:8600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Tue, 25 Jun 2024 06:14:11 GMT
Via: 1.1 34f8e9435dea359238debf97e45feb10.cloudfront.net (CloudFront)
Age: 541
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: tn8AiMZC0ooHUa9vMZyiB6ggk-UR2GswwpNT-ktiEpQ1WHgNUFMA8w==

Redirect headers

Date: Mon, 24 Jun 2024 17:40:19 GMT
Via: 1.1 8e8e6ea60de74421f0058675cbcf9cb0.cloudfront.net (CloudFront)
Age: 45771
X-Amz-Cf-Pop: FRA60-P6
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: psXgteZSnnyXq3KKr3bzH7XNMAEv5ycMSZG3uzqn70KKZ-V3K5Jcuw==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/ 9 KB
4 KB 91ms
42ms Script
text/javascript 2600:9000:2644:8600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:8600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a7616157191cea33870e61c8f37b9842c4a63088c5821eeee34e570679e904f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: zW02zsONcbZViNDkML28W_W3D7qneuQD
Content-Encoding: gzip
Via: 1.1 8e8e6ea60de74421f0058675cbcf9cb0.cloudfront.net (CloudFront)
Date: Tue, 25 Jun 2024 06:02:41 GMT
Age: 1231
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Fri, 14 Jun 2024 12:31:47 GMT
Server: AmazonS3
Etag: W/"706be4fd28aeb971d2ff83a528c2073a"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 2GoqJhlnf0MGSv6wPlXzplT6Geh3JEePBu6-cRkKr9MXdqD7Wy0vEA==

GET
H3 200 de.js Show response
static.addtoany.com/menu/locale/ 750 B
1016 B 67ms
67ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/locale/de.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8288
cf-polished: origSize=902
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"86610d84a116a5704d658324728b063f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGWyoJcYiwh4nkd14jSp3c1lEQA2Xx68kgN2X7sktVG1ruQFCFHZU25bN%2BfFaPfLaMNiiKT2gPjgQEmsicLhviJwFYb5aUf2uCufjHGGmF9DbcjHvIHgr%2FvxURg0wLrBhwJlbhRHMIPRsLm9uL91EPX%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 8992de0d9a991c42-FRA

GET
H3 200 linkedin.js Show response
static.addtoany.com/menu/svg/icons/ 435 B
830 B 76ms
75ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/linkedin.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"00b1b78053ab07c79bfea2e5a1db9d70"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z0OLHLKp%2BmKapet%2B86iNkO7p8bNl%2FyNZ%2BTVtXWwDXLUP10FJRgWTDWip3brcdA82ujI%2FS5eQmMjpTO74m47ZiOv96TfVnzSHAxRL4WzTgsVDAfuHXy9gxy73jCUO%2BfeWyHQY8i%2Ft"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8992de0d9c5f65de-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 645 B
920 B 72ms
72ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"af2b829f9b79fabec7c0148a8b7e444b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n2HZiZCdwdrggr0%2Fd2bce9T181dZ4%2BYB8dkzuvGouwTKEAtR%2B3DzomLFG07QM3F6oUsy3S0dD4gm6nHjfntru9JOBhcdCIHn4%2FzFABW9GVxQiKW1VuixS6Xwby%2BNWQ2HT9e2eaLd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8992de0d9c6065de-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 429 B
829 B 75ms
75ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"68925fa8e347041c6006837e73c518bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7wAyZQ7AarvYQ%2Bxb1eBTTLUW5mQEeBdgfOKplAh41I0IE%2FjIMbNGIOB%2BRNCRTZAZ3uw9fgANVCLFjdrKDkbZ15%2BBzJ%2FyMBRt7gKQaJxaswgqxVdi1wGlSQamAwzuA9NICnPOv62p"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8992de0d9c6365de-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
675 B 88ms
88ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"0aca4ea1e5f8f250126a8e0c597dd969"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=silsB8I32fyfuvThMfd7WYTNHnORfr7Brpk9ICtT%2BFsvu34MB9hrW%2F11PkRsOzJUax4Kop4ZgjOtMERw24sTTSMtUVNtqxkCF4B07yN5oWgVxt1GKBGAcVpKuyCh7aDHhf1zBzLF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8992de0d9c6565de-FRA

GET
H3 200 email.js Show response
static.addtoany.com/menu/svg/icons/ 415 B
821 B 66ms
66ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/email.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"eb2119ad4221a9d01abc336e06962867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a66kaT2Ia27LObIdIF11wKLH%2BszUcb9TUmEAlu05TJYNmV2OIXvHz3TufNDmRMItF%2F85y4vFW7ZQlGJgS3FmcV27p%2B82w%2FnS%2FUMh%2Fq%2BdT0sDKj5z5jHbA3aQNtkLY6wjssVjm3vi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 8992de0d9c6865de-FRA

GET
H3 200 wp-emoji-release.min.js Show response
www.securonix.com/wp-includes/js/ 18 KB
5 KB 60ms
59ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 100585
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 13 Feb 2024 14:36:07 GMT
server: cloudflare
etag: W/"65cb7e57-4926"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 8992de0d9ef32681-TXL

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 53ms
41ms XHR
text/html 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-43-58.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:10 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.securonix.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
311 B 186ms
41ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:11 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.securonix.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::7
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1719296591053_34603374_1251207672_25_1211_38_86_219";dur=1
content-length: 19
expires: Tue, 25 Jun 2024 06:23:11 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 148ms
138ms Image
image/gif 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=c61332dd-3c46-40e5-8089-51b5762117f0&session=25bc96d0-c1e3-4675-8b13-08bd6afc66e6&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A10%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20(STR)%20team%20has%20identified%20the%20use%20of%20a%20stealthy%20backdoor%20payload%20likely%20targeting%20Pakistani%20victims%20via%20unsolicited%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&pageViewId=926e6d7b-a229-4693-804e-4797c43a6006&v=1.1.21

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 25 Jun 2024 06:23:11 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 147ms
137ms Image
image/gif 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=c61332dd-3c46-40e5-8089-51b5762117f0&session=25bc96d0-c1e3-4675-8b13-08bd6afc66e6&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2025%20Jun%202024%2006%3A23%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2205b12115ad17914938bf7667643ca0d3%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2025%20Jun%202024%2006%3A23%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2025%20Jun%202024%2006%3A23%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2025%20Jun%202024%2006%3A23%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2245bc92abc111f3fccbf9c8779059ecfc1d69c9e6%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2025%20Jun%202024%2006%3A23%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20(STR)%20team%20has%20identified%20the%20use%20of%20a%20stealthy%20backdoor%20payload%20likely%20targeting%20Pakistani%20victims%20via%20unsolicited%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&pageViewId=926e6d7b-a229-4693-804e-4797c43a6006&v=1.1.21

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 25 Jun 2024 06:23:11 GMT

GET
H2 204 27010718.js Show response
bat.bing.com/p/action/ 0
118 B 132ms
130ms Script
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/27010718.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 25 Jun 2024 06:23:10 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 10B2F7E2F8D842BEA84553357BF77FC3 Ref B: FRA31EDGE0616 Ref C: 2024-06-25T06:23:11Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
360 B 165ms
163ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=27010718&tm=gtm002&Ver=2&mid=1b5a950b-7682-4e3c-96a6-d25ad7f6a3fb&sid=6532f44032bb11ef90b1b5f1b11bb808&vid=653305b032bb11ef94bbb1bb1a3293e9&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix&p=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&r=&lt=1802&evt=pageLoad&sv=1&rn=222694

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 25 Jun 2024 06:23:10 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EC3BAD06E6E44AD38D0212D83ACE4405 Ref B: FRA31EDGE0616 Ref C: 2024-06-25T06:23:11Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 VJKZ2AZ6BRDQFPNHOW6CAP Show response
d.adroll.com/consent/check/ 490 B
583 B 179ms
59ms Script
application/javascript 2a05:d018:cc3:fe04:a82:1bf5:3077:5557
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/VJKZ2AZ6BRDQFPNHOW6CAP?pv=97485170793.95448&arrfrr=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&_s=b9f46bf31408f41911e4ee8c13b6ac17&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:a82:1bf5:3077:5557 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: eeb3ca2cc9fc24486f0af968dd0fcf78b7f81ae4ed162ce4bf98e6df60158636

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
server: nginx/1.22.1
content-length: 490
content-type: application/javascript

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 725 B
709 B 240ms
163ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 45bc92abc111f3fccbf9c8779059ecfc1d69c9e6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 05b12115ad17914938bf7667643ca0d3
Referer: https://www.securonix.com/
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 1006405515033357800
date: Tue, 25 Jun 2024 06:23:11 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.securonix.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 387

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 136ms
49ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.securonix.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Tue, 25 Jun 2024 06:23:11 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 1671567574122307990

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 153ms
153ms Image
image/gif 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=c61332dd-3c46-40e5-8089-51b5762117f0&session=25bc96d0-c1e3-4675-8b13-08bd6afc66e6&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20(STR)%20team%20has%20identified%20the%20use%20of%20a%20stealthy%20backdoor%20payload%20likely%20targeting%20Pakistani%20victims%20via%20unsolicited%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&pageViewId=926e6d7b-a229-4693-804e-4797c43a6006&v=1.1.21

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 25 Jun 2024 06:23:11 GMT

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 413 KB
83 KB 49ms
45ms Script
text/javascript 2600:9000:2644:8600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:8600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 07b09b318c1d52ee134b788ec7834744cb9e6fd4bc19663988534fc29c3e7b1c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: OGpIu_84T3drKaDERUwfgDZMK.anucOX
Content-Encoding: gzip
Via: 1.1 34f8e9435dea359238debf97e45feb10.cloudfront.net (CloudFront)
Date: Tue, 25 Jun 2024 06:19:33 GMT
Age: 219
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 29 May 2024 19:02:37 GMT
Server: AmazonS3
Etag: W/"5c3eafaf4760f345e170d1d226c98d22"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: hdOeOUomg_lWqSK6ZT-f2ysN9KPtk4GLwbbrcmKb4fvx38_11_0sLg==

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 40ms
39ms Image
image/png 2600:9000:2644:8600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:8600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 24 Jun 2024 17:21:54 GMT
X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Via: 1.1 34f8e9435dea359238debf97e45feb10.cloudfront.net (CloudFront)
Age: 46878
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: JBypAwolUNqp2VLdyXwk04eayc24s604btK6agVtfzF2_MUrY2rebA==

GET
H2 200 core
js.driftt.com/ Frame F0B3 0
0 224ms
145ms Document
text/html 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=r32rm8p2zmht&eId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=8f4208ff-8ad3-4680-8ad2-a5acbeba0bd6&sessionStarted=1719296591.73&campaignRefreshToken=6900f3c1-c4c5-41c7-8ad4-790525af1485&hideController=false&pageLoadStartTime=1719296589572&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1719296700000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 25 Jun 2024 06:23:11 GMT
etag: W/"74a81592f0631c08ef97fa9ab4eb35c0"
last-modified: Fri, 21 Jun 2024 15:56:07 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 6e4ed2b1996ce238462d61d3bfff667a.cloudfront.net (CloudFront)
x-amz-cf-id: nHzrmlujSGtvD4pazpfa_cT_bu4US4UTsxXD7Z4_X_y0WwoZGgxgAA==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: SJ6foYnSjzz7jwTNyrUHCGj6UyWE9zz7
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 21

GET
H2 200 chat
js.driftt.com/core/ Frame EE94 0
0 433ms
356ms Document
text/html 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1719296589572

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1719296700000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 25 Jun 2024 06:23:12 GMT
etag: W/"74a81592f0631c08ef97fa9ab4eb35c0"
last-modified: Fri, 21 Jun 2024 15:56:07 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 6e4ed2b1996ce238462d61d3bfff667a.cloudfront.net (CloudFront)
x-amz-cf-id: vSyGji5z7Rui43LDaxlgFx8KjIdNHjefpBe7nsAwP4MZDI7hNa2dtg==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: SJ6foYnSjzz7jwTNyrUHCGj6UyWE9zz7
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 22

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 209ms
166ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
x-amz-version-id: az1JGSQ.qou05rXeP8ubGTGmlUNWgCp9
via: 1.1 9d372a5e3796d0e47e0033a1ec2335c4.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: BAH53-C1
age: 68019
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Jun 2024 11:29:23 GMT
server: cloudflare
etag: W/"e3c441f75699329acb887bf918f755c9"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8992de12c9df453a-TXL
x-amz-cf-id: k1kwiqdM0URjQBvJ0PUEOCD7Q8uGBFUNVTnaVpDQCKv0jygic0TvRg==

GET
H3 200 Securonix-EON-Data-Sheet-Featured-Image.jpg
www.securonix.com/wp-content/uploads/2024/04/ 72 KB
72 KB 51ms
51ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Securonix-EON-Data-Sheet-Featured-Image.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

515af980f6f9699ff77fa791ebab1eb62c21a31e37ed0acb10fc5da61e131824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 100585
cf-polished: origSize=73758
alt-svc: h3=":443"; ma=86400
content-length: 73750
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 May 2024 16:59:00 GMT
server: cloudflare
etag: "6633c654-1201e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de12ba0c2681-TXL

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 421ms
386ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: Z6RMkibbvHcES8w=
cf-cache-status: DYNAMIC
cf-ray: 8992de141e266a77-TXL
date: Tue, 25 Jun 2024 06:23:12 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 9d372a5e3796d0e47e0033a1ec2335c4.cloudfront.net (CloudFront)
x-amz-cf-id: PDYzQZ3Fs1CYDZXMlaSrRx9V1OEHwFMI3UPza7-jFJK6bFVL-WIxVA==
x-amz-cf-pop: BAH53-C1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 199 B
551 B 824ms
823ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 83eb9598a21c37345071fb88017adf502c030c0b2ca0c4a69383cab218416968

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer 3e8e82dad11669757953
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.securonix.com/
visited_url: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/

Response headers

date: Tue, 25 Jun 2024 06:23:13 GMT
via: 1.1 077f087379cd5651868a7502cf7c3876.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: BAH53-C1
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: Z6RMtiaaPHcESGA=
server: cloudflare
etag: W/"c7-EGdIBRbkv8qtcL73S0WaemRBhcE"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 8992de167b5e6a77-TXL
x-amz-cf-id: 5D1EvEOu7FT46eG_9mwzHANtXFXp2Uw3Zi6Q20SAy6SY29GHjGwTxQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 137ms
137ms Image
image/gif 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=c61332dd-3c46-40e5-8089-51b5762117f0&session=25bc96d0-c1e3-4675-8b13-08bd6afc66e6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A10%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%221004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20(STR)%20team%20has%20identified%20the%20use%20of%20a%20stealthy%20backdoor%20payload%20likely%20targeting%20Pakistani%20victims%20via%20unsolicited%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&pageViewId=926e6d7b-a229-4693-804e-4797c43a6006&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 25 Jun 2024 06:23:12 GMT

GET
H3 200 cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.png
www.securonix.com/wp-content/uploads/2021/12/ 676 B
1 KB 50ms
50ms Other
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/2021/12/cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.png

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d381f3799814c3df53d341b475363a0c9116fb644fdd96b953d93950a6c1155b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 141808
cf-polished: origFmt=png, origSize=836
content-disposition: inline; filename="cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.webp"
alt-svc: h3=":443"; ma=86400
content-length: 676
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 May 2024 08:01:35 GMT
server: cloudflare
etag: "6633485f-344"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 8992de16da512681-TXL

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 138ms
138ms Image
image/gif 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=c61332dd-3c46-40e5-8089-51b5762117f0&session=25bc96d0-c1e3-4675-8b13-08bd6afc66e6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A11%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20(STR)%20team%20has%20identified%20the%20use%20of%20a%20stealthy%20backdoor%20payload%20likely%20targeting%20Pakistani%20victims%20via%20unsolicited%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&pageViewId=926e6d7b-a229-4693-804e-4797c43a6006&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:13 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 25 Jun 2024 06:23:13 GMT

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 268ms
81ms Script
application/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 1500
x-guploader-uploadid: ACJd0Nos9j3_b7cDC1BdxF37tj_If30NegKLktPizOlKFXL7bwUs2eLTsTFRr8MN0X4moajfP6TKy2cZvw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 8992de1cd948bbb2-WAW
expires: Tue, 25 Jun 2024 06:58:13 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/62ffe38de2e537008ecb115f/ 3 KB
2 KB 335ms
284ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62ffe38de2e537008ecb115f/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d5f880fcb55ff6c9a67fbc0cfa85e5078c778147c80c3b585ac4f9079ff00c6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
Referer: https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/
_vtok: ODAuMjU1LjcuMTA0
_zitok: 7adf2a9110348cc347561719296593
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.securonix.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 8992de1e7dfcc3bb-WAW

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/62ffe38de2e537008ecb115f/ Frame 0
0 391ms
209ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62ffe38de2e537008ecb115f/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.securonix.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8992de1cdce2bbae-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 25 Jun 2024 06:23:13 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 320 B
616 B 223ms
223ms Fetch
application/json 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

def1ad6278532b1e7ae1b77b4964f48a12b5acc33872eab663855483997b718e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: bearer f0ddbd6ba8265551bbe95c25bdf2a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.securonix.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 06:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"140-/3+OW/4aU4/AnqAmyrwCzrd9buM"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.securonix.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 8992de1eee77c3bb-WAW

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 195ms
194ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.securonix.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8992de1dbe5cbbae-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 25 Jun 2024 06:23:13 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
BLOB 200
OK 8c9025e5-11e0-414e-a9b9-614c95063499 Show response
https://www.securonix.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.securonix.com/8c9025e5-11e0-414e-a9b9-614c95063499
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5f880fcb55ff6c9a67fbc0cfa85e5078c778147c80c3b585ac4f9079ff00c6e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 2932
Content-Type: text/javascript

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 139ms
138ms Image
image/gif 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=c61332dd-3c46-40e5-8089-51b5762117f0&session=25bc96d0-c1e3-4675-8b13-08bd6afc66e6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A12%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20(STR)%20team%20has%20identified%20the%20use%20of%20a%20stealthy%20backdoor%20payload%20likely%20targeting%20Pakistani%20victims%20via%20unsolicited%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&pageViewId=926e6d7b-a229-4693-804e-4797c43a6006&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:14 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 25 Jun 2024 06:23:14 GMT

GET
H2 200 3.ee35dea2.chunk.js Show response
js.driftt.com/conductor/assets/ 158 B
853 B 45ms
42ms Script
application/javascript 18.245.86.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/3.ee35dea2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1719296700000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-87.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 23 Jul 2023 23:38:44 GMT
x-amz-version-id: pMohofQYEF1dohPHFcPmV3oeRzVr6CuK
via: 1.1 6d96f6742a3e24fad8577272b38c550a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P6
age: 29141070
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 158
last-modified: Fri, 21 Jul 2023 20:53:14 GMT
server: istio-envoy
etag: "e6714addd36102488fb27a980401fd36"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n_Ns5juAOgjHXdsU3GV2zJoLwogRx9Hgt-EBes2LcP4O1wTTr6xXqQ==

GET
H2 206 notification.5f7c6014.mp3
js.driftt.com/conductor/assets/media/ 8 KB
8 KB 42ms
41ms Media
audio/mpeg 18.245.86.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/media/notification.5f7c6014.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-87.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://www.securonix.com/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 20 Sep 2023 11:20:11 GMT
x-amz-version-id: AJ3ftWhvW2h954Q3Lc0BJKBcX87AS953
via: 1.1 6d96f6742a3e24fad8577272b38c550a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P6
age: 24087783
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
Content-Range: bytes 0-7754/7755
x-envoy-upstream-service-time: 16
Content-Length: 7755
last-modified: Mon, 18 Sep 2023 19:58:12 GMT
server: istio-envoy
etag: "5f7c6014cf73831f91963a668b71fbb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XEvRggR6O4rgOCU8NKpITp2C6pF_pVidW4ZsaYiWdn3ZrBxDTbuWEg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 139ms
139ms Image
image/gif 23.53.43.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=c61332dd-3c46-40e5-8089-51b5762117f0&session=25bc96d0-c1e3-4675-8b13-08bd6afc66e6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2025%20Jun%202024%2006%3A23%3A13%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20(STR)%20team%20has%20identified%20the%20use%20of%20a%20stealthy%20backdoor%20payload%20likely%20targeting%20Pakistani%20victims%20via%20unsolicited%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20PHANTOM%23SPIKE%3A%20Attackers%20Leveraging%20CHM%20Files%20to%20Run%20Custom%20CSharp%20Backdoors%20Likely%20Targeting%20Victims%20Associated%20with%20Pakistan%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan%2F&pageViewId=926e6d7b-a229-4693-804e-4797c43a6006&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 25 Jun 2024 06:23:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 25 Jun 2024 06:23:15 GMT

Verdicts & Comments Add Verdict or Comment

117 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.securonix.com/	1970-01-20 23:44:32	Name: _gcl_au Value: 1.1.258247761.1719296591
.securonix.com/	1970-01-21 07:10:56	Name: attr_first Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20set)%22%2C%22content%22%3A%22(not%20set)%22%2C%22source_platform%22%3A%22(not%20set)%22%2C%22marketing_tactic%22%3A%22(not%20set)%22%2C%22creative_format%22%3A%22(not%20set)%22%2C%22adgroup%22%3A%22(not%20set)%22%2C%22id%22%3A%22(not%20set)%22%7D
.securonix.com/	1970-01-20 21:34:58	Name: attr_last Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20set)%22%2C%22content%22%3A%22(not%20set)%22%2C%22source_platform%22%3A%22(not%20set)%22%2C%22marketing_tactic%22%3A%22(not%20set)%22%2C%22creative_format%22%3A%22(not%20set)%22%2C%22adgroup%22%3A%22(not%20set)%22%2C%22id%22%3A%22(not%20set)%22%7D
.securonix.com/	1970-01-21 07:10:56	Name: _ga Value: GA1.1.1334179632.1719296591
www.securonix.com/	1970-01-21 07:10:56	Name: _gd_visitor Value: c61332dd-3c46-40e5-8089-51b5762117f0
www.securonix.com/	1970-01-20 21:35:10	Name: _gd_session Value: 25bc96d0-c1e3-4675-8b13-08bd6afc66e6
.securonix.com/	1970-01-20 21:36:22	Name: _uetsid Value: 6532f44032bb11ef90b1b5f1b11bb808
.securonix.com/	1970-01-21 06:56:32	Name: _uetvid Value: 653305b032bb11ef94bbb1bb1a3293e9
.bing.com/	1970-01-21 06:56:32	Name: MUID Value: 200FB73A69AA66D11494A39368216752
.bat.bing.com/	1970-01-20 21:45:01	Name: MR Value: 0
.linkedin.com/	1970-01-20 23:44:32	Name: li_sugr Value: 3ebd49aa-7875-4976-b4f5-374d2d0426f2
.linkedin.com/	1970-01-21 06:20:32	Name: bcookie Value: "v=2&c802010a-fd6c-4876-8c47-7e13a7cfa9ac"
.linkedin.com/	1970-01-20 21:36:22	Name: lidc Value: "b=VGST05:s=V:r=V:a=V:p=V:g=3132:u=1:x=1:i=1719296591:t=1719382991:v=2:sig=AQHIw7LfLNFr_tUo2VgMVRRoI0eq8kcd"
.linkedin.com/	1970-01-21 01:54:08	Name: li_gc Value: MTswOzE3MTkyOTY1OTE7MjswMjEzuIqCJe8Lgu9PssC0+0S2hAg8rwM/Lk7TfMf7IYsY+w==
www.securonix.com/	1970-01-20 21:34:58	Name: drift_campaign_refresh Value: 6900f3c1-c4c5-41c7-8ad4-790525af1485
www.securonix.com/	1970-01-21 07:10:56	Name: drift_aid Value: 1f726df4-cb7f-4fdc-8e21-5b7b06e84e44
www.securonix.com/	1970-01-21 07:10:56	Name: driftt_aid Value: 1f726df4-cb7f-4fdc-8e21-5b7b06e84e44
.www.securonix.com/	1970-01-21 06:20:32	Name: _zitok Value: 7adf2a9110348cc347561719296593
.zoominfo.com/	1970-01-20 21:34:58	Name: __cf_bm Value: Yh.DGD9.Wq87_s0Jd2fu5rQpgCG9SiAtQrnQBNEeyiU-1719296593-1.0.1.1-nkZ1Cv43yIussp0X_j9lWsQgwUAmv9pPpmlQY39c6GDmuq3xsxdBZt9_Xifm4wmHA5N9qrRDrLOkIoA0gv8iiQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: LNtXOLoUY3bfuOos70BVkJhJiid.48YCqSwRGI57I.8-1719296593450-0.0.1.1-604800000
.securonix.com/	1970-01-21 07:10:56	Name: _ga_JPYDLXGD3Q Value: GS1.1.1719296590.1.0.1719296594.56.0.0

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.securonix.com/wp-content/themes/punch/styles/css/bootstrap.min.css?ver=3.3.2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.securonix.com/wp-content/themes/punch/js/bootstrap.min.js?ver=3.3.2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.securonix.com/wp-content/themes/punch/js/library.js?ver=6.5.3 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.securonix.com/wp-content/themes/punch/styles/css/style.css?ver=6.5.3 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.securonix.com/wp-content/themes/punch/js/global.js?ver=6.5.3 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://js.driftt.com/include/1719296700000/r32rm8p2zmht.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.jsdelivr.net
cdnjs.cloudflare.com
d.adroll.com
embed.formhq.net
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.zi-scripts.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
snap.licdn.com
static.addtoany.com
stats.g.doubleclick.net
unpkg.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.google.de
www.googletagmanager.com
www.securonix.com
104.16.117.43
104.17.24.14
104.18.37.212
13.107.42.14
13.248.142.121
141.193.213.21
142.250.186.67
172.67.39.148
18.245.86.73
18.245.86.87
2001:4860:4802:34::36
23.53.43.58
2600:9000:2644:8600:6:9280:1080:93a1
2606:4700:3108::ac42:283b
2606:4700::6811:f6cb
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:808::2003
2a00:1450:4001:810::200a
2a00:1450:4001:828::200a
2a00:1450:4001:831::2008
2a00:1450:400c:c07::9a
2a02:26f0:3500:10::210:a98
2a02:26f0:7100::210:172
2a04:4e42::485
2a05:d018:cc3:fe04:a82:1bf5:3077:5557
0230904fa157dff50d8ecc1a80a203635fa812479f4432a69c3779986ab560e6
07b09b318c1d52ee134b788ec7834744cb9e6fd4bc19663988534fc29c3e7b1c
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09ba5df6e121c4577cac7addaca7ab9f189e8c1afd745652396b05f8e45baf0a
09bfea7e712355726b2d97bf0a13a80f8f8e5e5834a13d666d1cea2bd3ab31a9
195ead3f2c695bbc2891e27e0f4fb3d31f08097370ed4fc66abfe75b07fc238b
1b38f9b4fe5ecc46a0be195e0835bd2e8bd062a78ce6a389c4abff31f2cf66e8
1c93626ad32b3449b19ebd9c7e5dfa53947c8ed99ede81a422b146ac6da791fc
2037c0cffae2688b5332df106c910e1532df3643c28b9023ff746645acda3f70
27e54854af25b175f482f4acc3c32a5dfd363ae62292e66b9212764d323af2db
2aff1f5d95a9640c8d121475df26498656ef67a186edc4bbcb9f8b8b963b7577
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2bf92d09ea70e1745242a22e86adb8088bc17c61a744c2f3d984601f6bd4e423
3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636
3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b
32f274178facd20384d11f4cf5d6cb7aa0d72c1a544da5d66a441d703030b518
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
3fcc408630bdf993595abbcc2a7ace8a55058dd7a3107236a68cd76a690e1ae9
435c1051149272e940e0bfbda1b4e09662f4408e658aa0ee899177819c9b8008
437769d39ee25c4087f419599b8a84d2caa38d3299fa25be021ff96195453561
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44fe36f267735fedc846090b255f109da041d2d02c0a6c5d9b218e493e8521ca
47ab43b8cce1a8386622ce4a17a31045ca93e6dfa323bb6f5b69bd1963fee032
4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49
4ba0dc4a2c348e233bb9d06d948ac25172b3dafbe04aac1692e925742fcf095a
4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
515af980f6f9699ff77fa791ebab1eb62c21a31e37ed0acb10fc5da61e131824
55a87f3988c2d2dc254d7fcf23779d87635baace698dda2ff0c1472a37a04599
585855ece0f56ae59cf584f5068fc0b2f0742d9e55d6b1ef79b6e54916afbe5e
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5bdcc9e3e427ad3a787ec7efe46d8c305e880eb44402c0000ff52f17ef6b0cdb
5ebb2ce2e9e5c77cc2c4081b2d88c1f10d471b0f9b440e672465d276f507273a
6912f7388531e949bd5406b5668cd6b55fea4cc7e2d123dbaed489054dd98438
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3
6e67d703e0c13b20be535d048fac3610238856ddda14cfb9cb5aa8c4a77486b1
737405abbe0c84f2c860f7b00b2cb0377df0f12d4c8d76c8f2d5749d2e7f64d3
7ebc7dabb4cf440fd8f4e9832b469819a40dc9358202ecba211402a3b03bb35e
80b41604ed76eb37787a40ba315a3af3a5c83b3bce68e39037deb9202582abc8
814189be4de21d42597f62ffcc0ee1d28b6326d795bbad2e922952cad4dabab1
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8321a254c4b6dc250dfe26dc3d662009d354218fc4313a6acf52994c8da02ae1
83eb9598a21c37345071fb88017adf502c030c0b2ca0c4a69383cab218416968
8737f50e2aa546ff4baeb4492fdd334a75dfc93e292aba2ab7a45a8c3a73e4c4
8c10bfd761676feda6e280e0d31794b1a8d21279f437ddb817a708d6fe0b72db
907f4395f54e25a1da1181672f1a498e98b26f7bfc6dcb6c209a737472451e49
91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
9a7616157191cea33870e61c8f37b9842c4a63088c5821eeee34e570679e904f
a40f09f6818df49545be73dde2d84fc10bdcc4845164dade87398272467e952f
a55a1504046635db1567af44c96b2a820151041a3d384726e32dad566684d899
a63ff7480429d33426dc89e9233838e2e54b46f59d5bac184d907d32def48f97
adf7f9b0dd938575c72ff1592ea18e7ab9bc53ff8838a38c8484c10f5d9be7fd
b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8
b866f204d2a5b0fa88df426bfef64de132a4a2ef9cbb03bd42b46853b5f6747a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
cd374bea8f2cce1e9514e9f9a7af6cd7efbb566a5eea5cda53affc1391ada818
ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727
d137bc7b7127aaf5d686f13af5fefc562b4bf4d92cb4b0365171530fdfa9465c
d381f3799814c3df53d341b475363a0c9116fb644fdd96b953d93950a6c1155b
d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453
d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98
d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f
d5f880fcb55ff6c9a67fbc0cfa85e5078c778147c80c3b585ac4f9079ff00c6e
d7495655518a178afcfca8f950660f990e6169eb01960dd2bc8c9a19fd533557
d9b5ffe638ef96f1fa31f00dd9d7fcf49c53d509f472ac2f12f37e9cab4a9103
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
def1ad6278532b1e7ae1b77b4964f48a12b5acc33872eab663855483997b718e
e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb3ca2cc9fc24486f0af968dd0fcf78b7f81ae4ed162ce4bf98e6df60158636
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.securonix.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

102 Requests

95 %HTTPS

58 %IPv6

21 Domains

28 Subdomains

27 IPs

5 Countries

5547 kBTransfer

7297 kBSize

21 Cookies

10 Outgoing links

Redirected requests

102 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.securonix.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

102
Requests

95 %
HTTPS

58 %
IPv6

21
Domains

28
Subdomains

27
IPs

5
Countries

5547 kB
Transfer

7297 kB
Size

21
Cookies

102 HTTP transactions
1 data transactions