malware.news Open in urlscan Pro
104.26.6.105 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://malware.news/t/qakbot-technical-analysis/52399
Submission: On October 26 via api (October 26th 2021, 10:22:08 am UTC) from US — Scanned from DE

Summary HTTP 42 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 42 HTTP transactions. The main IP is 104.26.6.105, located in United States and belongs to CLOUDFLARENET, US. The main domain is malware.news.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 15th 2021. Valid for: a year.

This is the only time malware.news was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	104.26.6.105 104.26.6.105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.184.206 142.250.184.206	15169 (GOOGLE) (GOOGLE)
7	143.204.98.22 143.204.98.22	16509 (AMAZON-02) (AMAZON-02)
42	4

33 104.26.6.105 (United States)

ASN13335 (CLOUDFLARENET, US)

malware.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 143.204.98.22 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-22.fra50.r.cloudfront.net

media.kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	malware.news malware.news	1 MB
7	kasperskycontenthub.com media.kasperskycontenthub.com	263 KB
2	google-analytics.com www.google-analytics.com	20 KB
42	3

	Domain	Requested by
33	malware.news	malware.news
7	media.kasperskycontenthub.com	malware.news
2	www.google-analytics.com	malware.news www.google-analytics.com
42	3

This site contains links to these domains. Also see Links.

Domain
media.kasperskycontenthub.com
encyclopedia.kaspersky.com
securelist.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-15` - `2022-06-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
media.kasperskycontenthub.com Amazon	`2021-02-01` - `2022-03-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://malware.news/t/qakbot-technical-analysis/52399
Frame ID: 238BDCD3A72F19416A4F42F4948A9BBC
Requests: 43 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

QakBot technical analysis - Malware Analysis - Malware Analysis, News and Indicators

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

42
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

1363 kB
Transfer

5249 kB
Size

3
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/03/30083524/sl_abstract_binary_wave-990x400.jpg
Title: 990×400

Search URL Search Domain Scan URL

URL: https://encyclopedia.kaspersky.com/glossary/osint/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation
Title: OSINT

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145837/Qakbot_technical_analysis_01.png

Search URL Search Domain Scan URL

URL: https://securelist.com/#footnote-1
Title: *

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145926/Qakbot_technical_analysis_02.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151603/Qakbot_technical_analysis_03.png
Title: 1

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151656/Qakbot_technical_analysis_04.png
Title: 1

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151717/Qakbot_technical_analysis_05.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151750/Qakbot_technical_analysis_06.png
Title: 4

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151810/Qakbot_technical_analysis_07.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151829/Qakbot_technical_analysis_08.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151901/Qakbot_technical_analysis_09.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151922/Qakbot_technical_analysis_10.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151946/Qakbot_technical_analysis_11.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01152006/Qakbot_technical_analysis_12.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01152027/Qakbot_technical_analysis_13.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01152050/Qakbot_technical_analysis_14-1.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01152123/Qakbot_technical_analysis_15.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01152147/Qakbot_technical_analysis_16.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01152222/Qakbot_technical_analysis_17.png
Title: 1

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01152242/Qakbot_technical_analysis_18.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01152304/Qakbot_technical_analysis_19.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01155141/01-en-qakbot.png
Title: download

Search URL Search Domain Scan URL

URL: https://securelist.com/qakbot-technical-analysis/103931/
Title: Technical analysis of the QakBot banking Trojan | Securelist 9

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 52399 Show response
malware.news/t/qakbot-technical-analysis/ 144 KB
26 KB 481ms
429ms Document
text/html 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ad7fbc07473d4c53beeb81e5f53fd8ebb179f2aed593f1fe51540bb34f80e69

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; object-src 'none'; script-src https://malware.news/logs/ https://malware.news/sidekiq/ https://malware.news/mini-profiler-resources/ https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/extra-locales/ https://malware.news/highlight-js/ https://malware.news/javascripts/ https://malware.news/plugins/ https://malware.news/theme-javascripts/ https://malware.news/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/javascripts/ https://malware.news/plugins/
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: malware.news
:scheme: https
:path: /t/qakbot-technical-analysis/52399
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
x-discourse-route: topics/show
cache-control: no-cache, no-store
content-security-policy: base-uri 'none'; object-src 'none'; script-src https://malware.news/logs/ https://malware.news/sidekiq/ https://malware.news/mini-profiler-resources/ https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/extra-locales/ https://malware.news/highlight-js/ https://malware.news/javascripts/ https://malware.news/plugins/ https://malware.news/theme-javascripts/ https://malware.news/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/javascripts/ https://malware.news/plugins/
x-discourse-cached: skip
x-request-id: b97976be-372e-4695-86cb-67158546aa92
x-runtime: 0.273349
x-discourse-trackview: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aq7Ywr6Ai6M0fqchczuZMlsJkaVWSZcah6aSQ2U4KZYU%2B%2BteP0JjwH1uQkyQCnKDb3bklDkzkr8VF92cyncNqGLFzkmyFu2Yn8Fx%2B8bVglaUSXBxtbu9pG0K0dLSYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a42f6177a162778-PRG
content-encoding: br

GET
H2 200 browser-detect-115ab5953de1b5bb122bfb26b757f5391dd8d1d2aef2b81baf7b59aee99d9f34.js Show response
malware.news/assets/ 247 B
548 B 25ms
24ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/browser-detect-115ab5953de1b5bb122bfb26b757f5391dd8d1d2aef2b81baf7b59aee99d9f34.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9487cb559d6168d8f29a5684b10a9c253776e7280ea758f332902773d85367e5

Request headers

:path: /assets/browser-detect-115ab5953de1b5bb122bfb26b757f5391dd8d1d2aef2b81baf7b59aee99d9f34.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:24 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ku0iK5TE8g0frUKKWq4uZP%2BRToNVR3%2FarZswu3mKtLDwxmfN2fKMGnVnpaGnGWogEeZ%2BmVMw9pPXlveiWoEEcDo0xtFlfb%2BHCBXxmH8JDZOTifHL03fgpElAyuvbdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a3f412778-PRG
expires: Tue, 25 Oct 2022 05:45:30 GMT

GET
H2 200 en-b4c652e74e1f00d0e6059b6bf4aae63aedc7ef40ec1cd31a2d5494431da11f82.js Show response
malware.news/assets/locales/ 256 KB
75 KB 35ms
34ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/locales/en-b4c652e74e1f00d0e6059b6bf4aae63aedc7ef40ec1cd31a2d5494431da11f82.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b64d6f3b3fafe479610cfa9b4b86fcef473ba7d0dfc5f68c8e9de52ed4774075

Request headers

:path: /assets/locales/en-b4c652e74e1f00d0e6059b6bf4aae63aedc7ef40ec1cd31a2d5494431da11f82.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:35 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2QnZeiafe9Gs4WcrA3Xmdq%2F9dBLqaEnhNmzKMYmLt%2BbLCnHBhj0dsk8T7VhHrqzwnYm%2FliMxSYl%2FNedQWtjjq5p%2FyCMi%2Bu7aWO449AzzMXdSHvss16NxTQQ4fKH3bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a3f422778-PRG
expires: Tue, 25 Oct 2022 03:15:28 GMT

GET
H2 200 color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css
malware.news/stylesheets/ 2 KB
1 KB 27ms
26ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b37d1d5fdce07501dbcf92e59de22bcb3b59cf179c2c4ae85c6b4e53d7a33ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6jTNx1AfHXAjjGnBsqjpzJdvK84YBwUta5j52E1PmFeXlNt9iqRMbmKS7Q4vQ7LbpZWZwTPlGLcFXAGaYHev964%2B8opL56YhP7c4jCAO3D9NhrmsuBfGMwImfAHliw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css"; filename*=UTF-8''color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css
x-xss-protection: 1; mode=block
x-request-id: e330d85b-df83-4298-8aed-adbe7d68bf41
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a3f432778-PRG
content-transfer-encoding: binary

GET
H2 200 desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 372 KB
68 KB 48ms
47ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ac752cf3429ed4d1322aaece17556cb40319d80cef682f0ee5cbb9e1438a0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W48MJC5DEIZWouz%2FZs4PuAdy3Ht6rYPVm1GGgUAlcT0MMVfmaeD5DLnRYMfKGCicHJU8CJkjaKivwZQEz%2FFkWZmh9gXavR4MaiV0Mfg1rvXOjaGHTI%2BTHk%2BTiZkgmw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 5c6085d3-8d1b-46ad-8ff5-5478481a4594
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a3f442778-PRG
content-transfer-encoding: binary

GET
H2 200 discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 1 KB
854 B 26ms
25ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

180110a7a4ac1df81ccd0d022e0929949ba0d85dddf4beb145ea590b86bd9715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=URvAQsV9Prq1pmYoATvCWFj2ZTVqEjpaHpwGnXpYYcygPPCWZqjxO2yP5ncuzcMZ6252tqlp19WdkWg7WRz5ES7lyfb7cke7sKJKUph%2FWrvhev7ZtSwVnXvqSnHVkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: c1cb4c3d-4637-4496-84e2-612ac1cb70be
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a3f452778-PRG
content-transfer-encoding: binary

GET
H2 200 discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 7 KB
2 KB 29ms
28ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ba10e33fc40749d8e0a6e2ab2f0271c2bc89f8aca0c4432000456d2a9912ea9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IJt52tISmmk8QjVsCGocPTlp4U1oWP0FPmOLvbnMoNpXFw4rB2plf2%2BjAR8XqNxBiv67eIMIxoGuiOEb8P6OE0okHJuJ8HZBZqr4Zn511FGl%2B0fL7QhsFU%2FfHCz5Dg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: ed610576-6d27-411f-87c1-429fbbc38b4f
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a3f462778-PRG
content-transfer-encoding: binary

GET
H2 200 discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 153 B
660 B 25ms
24ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

003c3d882b326d441cae76648a6510f6c8404353de5d54e76883a2fb61b6cdd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvPa5EWrnYRbg2F2tUVza6KHAU5ej0hpMKzT1GsyDSAko26wd9u3hPdQPoHRFN1zpGDJaqEHnNeiG7xhGbbNG2%2FaHEf04PN9hph3TIqnsgiiaRHIpIQ4Qaznzs8d7g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 7aef1385-e03e-4850-8343-4007ef7bcd25
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a3f472778-PRG
content-transfer-encoding: binary

GET
H2 200 discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 1 KB
1 KB 28ms
27ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d814ada502cfca69414ee2168f70cc98bdf53153a31b47548c0be6d75c5c046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1iQmXDUgD%2F9dRpb2H1DOfX%2BZ7jgvUcfGnOwQeYb%2Ftb7EHMg0TLxIHPshxS4DHPSlqecKMT8z8IMQaV%2FZAcAWYhWdkABACpWWUGkIOpJzBRHTK1OZZ2%2FKTgI8R510g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 8daf4e78-eb2d-4090-b894-63ed8627de40
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a3f482778-PRG
content-transfer-encoding: binary

GET
H2 200 lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 2 KB
1 KB 29ms
28ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bc63a02041e3cbc9365d2a70224f9c22ca5e31897e72e0b3cb620259250a556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5M2ZXXHOA%2Bmv24GTqaPUiXbSfQ0zFeUosJYXuJum%2FvSE4PU3Fw46uPmFX6X7OGZcjrXkMdLU4ll%2Fj980IrJOWeRoEdCHuOQ%2BzF8qKbo5ju%2BUOFVWMEoGw8nlwWk%2FRw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: d84982b6-bfe2-4580-b541-c38070eb80c1
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a3f492778-PRG
content-transfer-encoding: binary

GET
H2 200 poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 6 KB
2 KB 30ms
29ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dc2f3f0b6682457b113ec4e3641049d51488e18deaa8185831f4973cb57f97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZPtDKbyqcC6r0%2BaiBwEKWOB3QYhtB9BMDA61j1mSvkiQyEhC6ToZYA7ZV3H9hSiKvIv5b1ermqjGDzl63Uq2pDq6xLbwQtuyBRMBflju2gYXoj1pDnbdrjJPBmtNA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 16108eea-0e05-457a-8318-a8b3ec2e33fd
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a3f4b2778-PRG
content-transfer-encoding: binary

GET
H2 200 poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 2 KB
1 KB 59ms
58ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

430ac06a9912729cedf0e6c618b7ad7d8c1a7623b380b60312dd17b0037f36ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j08gsnV7IBisyyTQs69m7O0WyfufxJ57kBy0Vm0F5Qtk0yoWMR44TMsG6YCb1K8cPLPyCMWUfXIp2zc55eK%2F%2FEcEltyUR1yOs3%2Fv%2B6vY4IXQE%2BG466aPzQ72NdeS5A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: ee4c0a56-f0bf-4cc4-bb01-f1cd6a1c779e
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a5f962778-PRG
content-transfer-encoding: binary

GET
H2 200 desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css
malware.news/stylesheets/ 90 B
547 B 47ms
47ms Stylesheet
text/css 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70295e23173942999f6560f098b372fb27ad0de5bc1a1e195c6ef5af18dfc856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 103244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AGVL%2BXPzRb5nHAic3l%2FePwKpyWzJVUGMur8XUX0QIJH30l%2BJDiSehhVGHwHROE5a9t8EjDzUcCEsEqluw2LTba83yY7gP8z028WOCkNcLZtEgdGmcjAJvsXJUOuJ8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css"; filename*=UTF-8''desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css
x-xss-protection: 1; mode=block
x-request-id: 001367c3-e3c8-4b04-89ef-a227fe8934f9
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61a5f992778-PRG
content-transfer-encoding: binary

GET
H2 200 ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js Show response
malware.news/assets/ 557 KB
157 KB 62ms
62ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ab3d376b5d18228e95af2f61f4ea5ee12a4200177969694c347048fb41c9b7c

Request headers

:path: /assets/ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:37 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZHxF56tLOPCGr0EVCAHd%2FreRC3hbs7Ed9w2BM1epxReAE4JevHMBTJ%2Ft%2B9EqxtfxjqDOAerpP%2BuOeLqK9tvSH97S7OBKbTIpg6%2BBip88dVHgHsSb9p5N5uPV1okwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5f9b2778-PRG
expires: Tue, 25 Oct 2022 05:45:30 GMT

GET
H2 200 vendor-72ed7d3a2757503f5d4b387ef519a6f371137f63e3b8f1ff29544b54c1d8450f.js Show response
malware.news/assets/ 173 KB
60 KB 58ms
58ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/vendor-72ed7d3a2757503f5d4b387ef519a6f371137f63e3b8f1ff29544b54c1d8450f.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f25487aa53b51b4c355c8c8dcfe481294a929e8e6c8ab3f4c1b0d84115803fb5

Request headers

:path: /assets/vendor-72ed7d3a2757503f5d4b387ef519a6f371137f63e3b8f1ff29544b54c1d8450f.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:15 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DpRabvDjfKL4c%2F0l%2B%2Bg41zGp73QPBhQvfniMsaArANDbaylYtB%2FPl1SZ4VpIbED4RgB63HA1Hw5dzClVfHE6mQqGXC4sRSxW4pF7Y%2FuHPFhtlqJlma8I7DclB1ITgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5f9d2778-PRG
expires: Tue, 25 Oct 2022 03:28:32 GMT

GET
H2 200 pretty-text-bundle-0651e2a797c3ce2e7029301b15f1e2d11ab1286bea425eaf70aac53d80e226ee.js Show response
malware.news/assets/ 150 KB
44 KB 58ms
58ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/pretty-text-bundle-0651e2a797c3ce2e7029301b15f1e2d11ab1286bea425eaf70aac53d80e226ee.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa7aadbd1349c23ab2ab4bfecc563e091b07aad49739b21fa4a2ed2047fa57c1

Request headers

:path: /assets/pretty-text-bundle-0651e2a797c3ce2e7029301b15f1e2d11ab1286bea425eaf70aac53d80e226ee.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:41 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Yk4cvgZNVTz8hWxIBV2OUw4Kgr0D6HEtvKPTCzDbj9aplVsVP8nKFY3eE0G5tut6eRFG%2FZZDakpoPxVfeeewdVotrKpyFYuYPAC4EssAfAH84imt928Fi%2FFcyz3Eg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5f9e2778-PRG
expires: Tue, 25 Oct 2022 03:10:13 GMT

GET
H2 200 application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js Show response
malware.news/assets/ 3 MB
506 KB 62ms
62ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbf6e5a1bdcf7981e49d952fc5e62e36715904a838584c9c7da9a49c62290baf

Request headers

:path: /assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:30:03 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RXqo2avt6ESR1iklM5ehtDqWSQCIxQEHKfR8FEJf8GpJOsq2%2BJEoe2b8ORRcfXl%2Be6ORsK5XIm%2Bi5eSZk1%2BKJIUSCMHfQRle%2Fvy2t%2FaS%2FJ0Hz1qqcmwwlzqz8ADWpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5f9f2778-PRG
expires: Tue, 25 Oct 2022 03:10:13 GMT

GET
H2 200 discourse-details-9be9806ef2338ede8e5c567dfd5b521aaad27d01694f01c604516118466d2120.js Show response
malware.news/assets/plugins/ 1 KB
1 KB 47ms
46ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-details-9be9806ef2338ede8e5c567dfd5b521aaad27d01694f01c604516118466d2120.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7eedbeb43c93c8d82301cb78609a457a55cec956398be4b7dd6d12f0fac1d516

Request headers

:path: /assets/plugins/discourse-details-9be9806ef2338ede8e5c567dfd5b521aaad27d01694f01c604516118466d2120.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:39 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N4GA65X102Oj4FULiEKIKJPTl5WYQ8ECtQRM8zgGg93cSsUBeq9iUs97hfX1JdqdrfOOvrjTb51Uasa0wumpM%2FLAZilp2kjC4aKOADzT945Ts7r0I2b0w0YcymqSxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5fa02778-PRG
expires: Tue, 25 Oct 2022 03:07:36 GMT

GET
H2 200 discourse-local-dates-fb84b6e975839c2af6c7ffe54ef3f37631eb79d1ca4c032e3232c522b202b185.js Show response
malware.news/assets/plugins/ 32 KB
9 KB 56ms
56ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-local-dates-fb84b6e975839c2af6c7ffe54ef3f37631eb79d1ca4c032e3232c522b202b185.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70f1cbf2697ee3da0fce545369f9ff2394d5a67afb1920b1433dabd5d299c436

Request headers

:path: /assets/plugins/discourse-local-dates-fb84b6e975839c2af6c7ffe54ef3f37631eb79d1ca4c032e3232c522b202b185.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:40 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AdWWkD%2Byd75Xi2WRAXj0lHhelbnDrNf4mgG8oGKZKW8M7mCSAODBiC1OVRskmVOWqX5a8sxEi3Z1Kcl%2F%2F2Vzk6Bnap4TxTLvwTSn9aGLLvdVXChKY4jb%2Bdy2V4j1cg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5fa32778-PRG
expires: Tue, 25 Oct 2022 03:14:09 GMT

GET
H2 200 discourse-narrative-bot-0b1e40d099d739cee23bbad45c2fb5eac1dcaaba028fdc9fa21b9e32930ec40b.js Show response
malware.news/assets/plugins/ 1 KB
1 KB 46ms
45ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-narrative-bot-0b1e40d099d739cee23bbad45c2fb5eac1dcaaba028fdc9fa21b9e32930ec40b.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6915794955aa02a862c6286b6ae26b9ad45b49d9a095ecd1c9d1b7f8b498778

Request headers

:path: /assets/plugins/discourse-narrative-bot-0b1e40d099d739cee23bbad45c2fb5eac1dcaaba028fdc9fa21b9e32930ec40b.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:40 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOCXXwzUQikholtgIyo%2FjaJIJfIkCjxZzlETenwWGjyB1ExjM43WZu0O63xaGsdsdUY6DHz1yKro2n3SUi5%2F9LMfd3diIbV8gH1CChnGC0xM2uZLrIWvhO1tQbfPOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5fa42778-PRG
expires: Tue, 25 Oct 2022 03:24:37 GMT

GET
H2 200 discourse-presence-b6fbd1a4370db8cbe9a6026b149f4c857b4f4a71b0f72eefda4a295d0ed6a56a.js Show response
malware.news/assets/plugins/ 13 KB
4 KB 47ms
46ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-presence-b6fbd1a4370db8cbe9a6026b149f4c857b4f4a71b0f72eefda4a295d0ed6a56a.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ccf20c77e2159876f53e2e7903140447691cd93ea5fdf38142a34cc37c0a1fa

Request headers

:path: /assets/plugins/discourse-presence-b6fbd1a4370db8cbe9a6026b149f4c857b4f4a71b0f72eefda4a295d0ed6a56a.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:41 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i7HiByBwhDEU38lHJp99Ftuz4P0WigZNfR7B5r%2FWMX8r4zGr9%2BxGh6U7dQ1W6LMSFoQuU2QhihYykreivGnCnrjPAGMYscAKwHWvg80ovmxj%2Fu3xhtVMcaFI21VQ5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5fa52778-PRG
expires: Tue, 25 Oct 2022 03:10:14 GMT

GET
H2 200 docker_manager-ad177f91e75af171560e0d79a81bd5ce7b5b01c80c9055a24d75e9370c9de28b.js Show response
malware.news/assets/plugins/ 2 KB
964 B 57ms
56ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/docker_manager-ad177f91e75af171560e0d79a81bd5ce7b5b01c80c9055a24d75e9370c9de28b.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1daf903ee846f106e08e2a131f4800ffbf8837d227192192e1f00d6fb0a6027f

Request headers

:path: /assets/plugins/docker_manager-ad177f91e75af171560e0d79a81bd5ce7b5b01c80c9055a24d75e9370c9de28b.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:41 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tXDOTFxzUaFoIWGWgsx80vSAmoosKjhN%2B%2F62k%2FQof06%2BS2zmdinUf0s4fhbx4ewfirgOOCvcldSca1RtuJG%2FEb5lgc77Xq6W7bqzFuaDjMCGq1NuLsAuK7TXmkHa3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5fa62778-PRG
expires: Tue, 25 Oct 2022 03:08:55 GMT

GET
H2 200 lazy-yt-9db193c8caacf2e3b3a24ed4c63699ad497c210f668f467d95380efd00982345.js Show response
malware.news/assets/plugins/ 4 KB
2 KB 56ms
56ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/lazy-yt-9db193c8caacf2e3b3a24ed4c63699ad497c210f668f467d95380efd00982345.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40526df990780061385831eb7143db974cf389583c704c0f986284d2d8d3a0d3

Request headers

:path: /assets/plugins/lazy-yt-9db193c8caacf2e3b3a24ed4c63699ad497c210f668f467d95380efd00982345.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:42 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOmnEHBfk3syAqSBxTuqq%2FrhxiVV9zUqTky%2B%2FqwEUs4LYpzsG4vVn54yLi3h%2BsMae5ssJ3jRPx8ommTmc0K5XQ5PbjoyeB%2B7l%2FQQeixaPtqf9piYjlSQf2BTIchEdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5fa72778-PRG
expires: Tue, 25 Oct 2022 05:45:30 GMT

GET
H2 200 poll-4ece327052472a4245ca79c494a4bc3ad9b1f49d921e2df8b00a2299303f04bd.js Show response
malware.news/assets/plugins/ 59 KB
16 KB 61ms
61ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/poll-4ece327052472a4245ca79c494a4bc3ad9b1f49d921e2df8b00a2299303f04bd.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 093714378e2e61720fdd442517e5ac12580f7e7231aff8b07fa99cb1a925353d

Request headers

:path: /assets/plugins/poll-4ece327052472a4245ca79c494a4bc3ad9b1f49d921e2df8b00a2299303f04bd.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:43 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJVCjQvAeledYfz4VhX%2BPgTohBbfXc0Mr6MTdxQVMtRnZTNP2ruuFxAwRPARM0dx0a0xCVBLy8OL9inW3PDdwcqdqabliQGYoy%2FaDdeE7umF94M8M5yBhCx3uoY3%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5fa82778-PRG
expires: Tue, 25 Oct 2022 03:10:14 GMT

GET
H2 200 google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js Show response
malware.news/assets/ 725 B
808 B 60ms
60ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19089746082c9d1ae6b7fb6e3218eafa4411abffe26412d4d823cb304683c045

Request headers

:path: /assets/google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:54 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=19EgFMt20CaHbWIj7Z76hWIsdejep5U0o0q%2FP%2B7h3uKjw4sfmGLsLsP0m6A2Mxyrabo2trdWtsSu%2FVQdGsG82oSeOFSfAZa7NM4whF6GEM9rG299TPvL7ww9nBONOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a5fa92778-PRG
expires: Tue, 25 Oct 2022 03:06:18 GMT

GET
H2 200 start-discourse-efa4e5abfbd1b50b5152ffbe64d5dcea9f7c33f766dcc6387e2711f0f2112148.js Show response
malware.news/assets/ 135 B
383 B 32ms
32ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/start-discourse-efa4e5abfbd1b50b5152ffbe64d5dcea9f7c33f766dcc6387e2711f0f2112148.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36e56ff433d1e7c0017688ed51d42dea37fc7a90431b54d4568df80746ed349b

Request headers

:path: /assets/start-discourse-efa4e5abfbd1b50b5152ffbe64d5dcea9f7c33f766dcc6387e2711f0f2112148.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:54 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=drSRF8vrG10Lmf1DHnD0hLMT09FCJjJEx%2BEyIudnEP76vVr30uallTm7BE2knM26%2FKu4tEGsbSTEIV7vJq8heP0IArFxHpDm0ohkzJtU8D02T62Itkf1hlhxoQCGUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a6fc42778-PRG
expires: Tue, 25 Oct 2022 03:08:55 GMT

GET
H2 200 browser-update-eec13eb6f8386f18f10b5dd6ebb7a3598d28421bb796e539b91a7e4a4c5d4c08.js Show response
malware.news/assets/ 2 KB
1 KB 32ms
32ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/browser-update-eec13eb6f8386f18f10b5dd6ebb7a3598d28421bb796e539b91a7e4a4c5d4c08.js
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a933fa87d48ac7c2f381036d364fa92767c5dae738491b16aa668671abc23442

Request headers

:path: /assets/browser-update-eec13eb6f8386f18f10b5dd6ebb7a3598d28421bb796e539b91a7e4a4c5d4c08.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:24 GMT
server: cloudflare
age: 102993
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6bLI1ccn9TuHoZetdA%2BpAcK9wYJWwwobZNfy7mP7bGzGOWrFPNlalDf55aJQvIFX1irCKoZVMAm2bQC955GB45r%2BgFgUVXltXVSby%2BGdo7JCsFUGivS6zBhlrmiAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61a6fc52778-PRG
expires: Tue, 25 Oct 2022 05:45:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 49ms
13ms Script
text/javascript 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: malware.news
URL: https://malware.news/assets/google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Oct 2021 16:47:48 GMT
server: Golfe2
age: 1258
date: Tue, 26 Oct 2021 10:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19887
expires: Tue, 26 Oct 2021 12:01:06 GMT

GET
H2 200 svg-2-9b0d85c163090ed00004e0abb5db8bd226e57ab5.js Show response
malware.news/svg-sprite/malware.news/ 114 KB
37 KB 37ms
37ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/svg-sprite/malware.news/svg-2-9b0d85c163090ed00004e0abb5db8bd226e57ab5.js

Requested by

Host: malware.news
URL: https://malware.news/assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd8eb5f29381950bd2d56653f3a9aeb82ca7b0bcbadc5903d48f335d1a0f0fa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /svg-sprite/malware.news/svg-2-9b0d85c163090ed00004e0abb5db8bd226e57ab5.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 102994
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tz5uYYWOctPBUfWgnADWOhZuy%2B5v%2BFDaLlp5U9S8vln5R1BZnILD7eFNZp3OObxQMwRpu9%2BknBCU%2B9E4MFHdEhp1h%2Frt3fNdBpfi1DETMHnr9BkbI3rVShSqANmCbw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: svg_sprite/show
x-xss-protection: 1; mode=block
x-request-id: 70d8a993-725c-496e-bbb0-31e3649c84ac
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 05 May 2011 19:32:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept
x-download-options: noopen
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61bfa582778-PRG

GET
H2 200 jquery.magnific-popup.min.js Show response
malware.news/javascripts/magnific-popup/1.1.0/ 20 KB
8 KB 25ms
25ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/javascripts/magnific-popup/1.1.0/jquery.magnific-popup.min.js
Requested by: Host: malware.news
URL: https://malware.news/assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Request headers

:path: /javascripts/magnific-popup/1.1.0/jquery.magnific-popup.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:25:04 GMT
server: cloudflare
age: 1977
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6yCmMXb9KgfVp98VA94VmHNw24HFathMHLGgrpYbsSs29WvdeMKLzFSXRGDeIgxcvWK4AOqwkpf8QO1Y5X37Ciy9aCmmi3ul5xx5N86bCweJK%2BYkXEwaQH6P1B5YA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a42f61cfbcf2778-PRG
expires: Wed, 27 Oct 2021 09:49:07 GMT

GET
H2 200 cdefff4af52a8d2d43094b5d57ebca1fc7613a63.js Show response
malware.news/highlight-js/malware.news/ 202 KB
39 KB 29ms
29ms Script
application/javascript 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/highlight-js/malware.news/cdefff4af52a8d2d43094b5d57ebca1fc7613a63.js

Requested by

Host: malware.news
URL: https://malware.news/assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

439310fe70c9254ca886a5848ab84ece7a2d0b9f1d7eb654e35ee1af86b1d0d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /highlight-js/malware.news/cdefff4af52a8d2d43094b5d57ebca1fc7613a63.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 102993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i0vVQHpixzwBu7HyADS9CeuokeESmJEytW%2Bgci0tASppwuAqVHnsVorjflqIm8L3%2FqVxSq5NR6WRlXWV5P4%2FQn5OzS0CFgdpGIQtv8eDYVlyGTcg%2BqWBm0o3qWHkaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: highlight_js/show
x-xss-protection: 1; mode=block
x-request-id: 0b32e47e-9584-4ad5-a1bc-fb98ddf65145
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 13 Aug 2011 11:48:50 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept
x-download-options: noopen
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31556952, immutable
cf-ray: 6a42f61cfbd02778-PRG

GET
H2 200 ba8ee0a927a69022c651441ac23d01bcdbc09785.png
malware.news/uploads/default/original/3X/b/a/ 9 KB
9 KB 26ms
26ms Image
image/png 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://malware.news/uploads/default/original/3X/b/a/ba8ee0a927a69022c651441ac23d01bcdbc09785.png
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3

Request headers

:path: /uploads/default/original/3X/b/a/ba8ee0a927a69022c651441ac23d01bcdbc09785.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 103244
content-length: 8758
last-modified: Sat, 22 Dec 2018 04:38:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iaN%2BOGnjsqaJxekT5UIA0z8CZ5LSxPcHYdk4P%2FEAIsjwHhXdmZRjDcpsUbG78q%2FCQecuPPVM4lf3ijZGkBsZ2XU5vbOPjGKarldqBMhakAfceONVyf90iEK1tILajQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6a42f61d6c632778-PRG
expires: Tue, 25 Oct 2022 05:41:19 GMT

GET
H2 200 24_2.png
malware.news/user_avatar/malware.news/malbot/45/ 4 KB
5 KB 25ms
24ms Image
image/jpeg 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malware.news/user_avatar/malware.news/malbot/45/24_2.png

Requested by

Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6dbcb4fa67139ef1bfb019ef153f21b130a1f68f7d5bbe3c15033c14342ff7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /user_avatar/malware.news/malbot/45/24_2.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/qakbot-technical-analysis/52399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:22:04 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 102993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6whv7ffka9TjwX%2FyGza7RjR9xL82DAb00nJUQ4O2zpBFdpwWrPvmVHG80sqnT%2FdDsI5AV0H%2BAc2Y8uqDigsBaw0i9HlraXDl6J6PzhxX7L7skiqTDkXWLR97fXfZGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: user_avatars/show
content-length: 4324
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:25:09 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: image/jpeg
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
cf-ray: 6a42f61d6c662778-PRG
content-transfer-encoding: binary
cf-bgj: h2pri

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 Qakbot_technical_analysis_02.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145926/ 4 KB
4 KB 51ms
10ms Image
image/png 143.204.98.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145926/Qakbot_technical_analysis_02.png
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-22.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 92229df29a090ec2792749556e41deeeaec5d1167056f4f0bbfb9deaa2397235

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 07:31:10 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Sep 2021 14:59:28 GMT
server: AmazonS3
age: 1911055
etag: "23e01a903441ff005546a34f4e04b70e"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 4006
x-amz-cf-id: ZN_zwpqQHViGhOPFnibgilFuAG6nG7Qz07jFgN0EyEztwtu1vsMbiA==
expires: Thu, 01 Sep 2022 14:59:26 GMT

GET
H2 200 Qakbot_technical_analysis_04.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151656/ 4 KB
4 KB 51ms
10ms Image
image/png 143.204.98.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151656/Qakbot_technical_analysis_04.png
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-22.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 46b9cee37dcb843ffd1954731ea194ff6690cb591481015de367901eaec8df9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 15:17:01 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Sep 2021 15:16:57 GMT
server: AmazonS3
age: 4734304
etag: "c4510e80120b26582ef16ad8422f15f1"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3676
x-amz-cf-id: IaV1YlXVXsU1T_oQLTzHOcnCgzP_6gegZPxntbS71SV4DRsCZ5DYhw==
expires: Thu, 01 Sep 2022 15:16:56 GMT

GET
H2 200 Qakbot_technical_analysis_05.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151717/ 5 KB
5 KB 52ms
11ms Image
image/png 143.204.98.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151717/Qakbot_technical_analysis_05.png
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-22.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d2750757e1fe13b6523dafa5f06363ade310cb51b53a7da9fd9d9253fc859850

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 15:17:22 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Sep 2021 15:17:18 GMT
server: AmazonS3
age: 4734283
etag: "7c375c4dddb0e1b5f75400c05bebdbcd"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 5072
x-amz-cf-id: fVwVNX-aXjAKxn415aTWS14yM1UwPyXiwZ2EHA5MrveM42yTUl19Hw==
expires: Thu, 01 Sep 2022 15:17:17 GMT

GET
H2 200 Qakbot_technical_analysis_08.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151829/ 9 KB
10 KB 60ms
19ms Image
image/png 143.204.98.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151829/Qakbot_technical_analysis_08.png
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-22.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 038cfdb78afdfb5feb4e5dbd924e2f7a87c90f3a0a5314ba2ec23c6b26172a1d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 15:18:35 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Sep 2021 15:18:30 GMT
server: AmazonS3
age: 4734210
etag: "d3ae34bb621b7daf14e5f831a1c4f4e3"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 9523
x-amz-cf-id: 25cQjJ5XTNOUBEUAB9WQMSixQcl5Fw844q7HA7Y9upQ59LjUNcsiCQ==
expires: Thu, 01 Sep 2022 15:18:29 GMT

GET
H2 200 Qakbot_technical_analysis_11.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151946/ 12 KB
12 KB 71ms
31ms Image
image/png 143.204.98.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151946/Qakbot_technical_analysis_11.png
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-22.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf5e9c54650bf4326d3a8caa3bcf484b5785dfff38f9cc52a5d3e5ec5daeb2f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 15:19:51 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Sep 2021 15:19:47 GMT
server: AmazonS3
age: 4734134
etag: "773e8b4c3f8af50a38a9a0fcbb0fec44"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 12289
x-amz-cf-id: 9kDKw1cKHjwO7zU6mLMUlDsgk9_zyfcsxq1dmPJI3m-duQtPYgvplQ==
expires: Thu, 01 Sep 2022 15:19:46 GMT

GET
H2 200 sl_abstract_binary_wave-990x400.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/03/30083524/ 60 KB
61 KB 50ms
13ms Image
image/jpeg 143.204.98.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/03/30083524/sl_abstract_binary_wave-990x400.jpg
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-22.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 40eceea96af900b9d1b73d8859a9919d9e3bc2a16916072701ea98e3d4642ba6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 12:50:19 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified: Tue, 30 Mar 2021 08:35:31 GMT
server: AmazonS3
age: 1114306
etag: "fa0b865466d0bde2049fde2f5f611432"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 61859
x-amz-cf-id: xfU8a3WLi16YHNJVHfKy72_SvyrRb39NW5gQ0Cw1b_ePa-XVvFA_Pg==
expires: Wed, 30 Mar 2022 08:35:30 GMT

GET
H2 200 Qakbot_technical_analysis_01-1024x350.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145837/ 166 KB
166 KB 15ms
13ms Image
image/png 143.204.98.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145837/Qakbot_technical_analysis_01-1024x350.png
Requested by: Host: malware.news
URL: https://malware.news/t/qakbot-technical-analysis/52399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-22.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c2726a744cb41e1f88bf2cc8365389ebbaa6f5beef6d55241fd685c2bd6b3fa5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 14:58:45 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Sep 2021 14:58:39 GMT
server: AmazonS3
age: 4735400
etag: "15e5738e90d1617dbb193c4f7fb0e6f1"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 169525
x-amz-cf-id: v38_4stAm6kBdNPOn0ZQ7Y5llcNldfj3MHsGGq-vzv0h6MTpmGmnxQ==
expires: Thu, 01 Sep 2022 14:58:38 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
205 B 21ms
20ms XHR
text/plain 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j94&a=557966048&t=pageview&_s=1&dl=https%3A%2F%2Fmalware.news%2Ft%2Fqakbot-technical-analysis%2F52399&dp=%2Ft%2Fqakbot-technical-analysis%2F52399&ul=en-us&de=UTF-8&dt=QakBot%20technical%20analysis%20-%20Malware%20Analysis%20-%20Malware%20Analysis%2C%20News%20and%20Indicators&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1973618071&gjid=1031646675&cid=1605960722.1635243724&tid=UA-79191654-1&_gid=285321649.1635243724&_r=1&_slc=1&z=1453019639

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://malware.news/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 10:22:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://malware.news
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 poll
malware.news/message-bus/92f79336aea04fd799592fbc6a86e209/ 266 B
0 487ms
486ms XHR
text/plain 104.26.6.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/message-bus/92f79336aea04fd799592fbc6a86e209/poll

Requested by

Host: malware.news
URL: https://malware.news/assets/ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://malware.news
accept-encoding: gzip, deflate, br
x-csrf-token: undefined
accept-language: de-DE,de;q=0.9
x-silence-logger: true
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: _ga=GA1.2.1605960722.1635243724; _gid=GA1.2.285321649.1635243724; _gat=1
content-length: 234
:path: /message-bus/92f79336aea04fd799592fbc6a86e209/poll
pragma: no-cache
discourse-present: true
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: text/plain, */*; q=0.01
cache-control: no-cache
:authority: malware.news
referer: https://malware.news/t/qakbot-technical-analysis/52399
:scheme: https
sec-fetch-site: same-origin
:method: POST
Discourse-Present: true
X-CSRF-Token: undefined
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-SILENCE-LOGGER: true
Accept: text/plain, */*; q=0.01
Referer: https://malware.news/t/qakbot-technical-analysis/52399
X-Requested-With: XMLHttpRequest

Response headers

date: Tue, 26 Oct 2021 10:22:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUtYrJPSaccP6FVEF3%2FGcgZMB%2Bn9UfbzD9HIWSroxzc%2B1%2BjDUUz55WOeFvmvMd8FfWLHxltfIepXU1Tlox%2BSL78%2FvC1UZ8Q8Ez6bGnpnmkNcCTFMYTR9BTdKdbSFEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://malware.news
cache-control: must-revalidate, private, max-age=0
cf-ray: 6a42f61f2f1a2778-PRG
access-control-allow-headers: X-SILENCE-LOGGER, X-Shared-Session-Key, Dont-Chunk, Discourse-Present
expires: 0

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.malware.news/	1970-01-20 15:45:15	Name: _ga Value: GA1.2.1605960722.1635243724
.malware.news/	1970-01-19 22:15:30	Name: _gid Value: GA1.2.285321649.1635243724
.malware.news/	1970-01-19 22:14:03	Name: _gat Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'none'; object-src 'none'; script-src https://malware.news/logs/ https://malware.news/sidekiq/ https://malware.news/mini-profiler-resources/ https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/extra-locales/ https://malware.news/highlight-js/ https://malware.news/javascripts/ https://malware.news/plugins/ https://malware.news/theme-javascripts/ https://malware.news/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/javascripts/ https://malware.news/plugins/
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

malware.news
media.kasperskycontenthub.com
www.google-analytics.com
104.26.6.105
142.250.184.206
143.204.98.22
003c3d882b326d441cae76648a6510f6c8404353de5d54e76883a2fb61b6cdd1
038cfdb78afdfb5feb4e5dbd924e2f7a87c90f3a0a5314ba2ec23c6b26172a1d
041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3
093714378e2e61720fdd442517e5ac12580f7e7231aff8b07fa99cb1a925353d
0b37d1d5fdce07501dbcf92e59de22bcb3b59cf179c2c4ae85c6b4e53d7a33ac
180110a7a4ac1df81ccd0d022e0929949ba0d85dddf4beb145ea590b86bd9715
19089746082c9d1ae6b7fb6e3218eafa4411abffe26412d4d823cb304683c045
1ab3d376b5d18228e95af2f61f4ea5ee12a4200177969694c347048fb41c9b7c
1daf903ee846f106e08e2a131f4800ffbf8837d227192192e1f00d6fb0a6027f
36e56ff433d1e7c0017688ed51d42dea37fc7a90431b54d4568df80746ed349b
3ad7fbc07473d4c53beeb81e5f53fd8ebb179f2aed593f1fe51540bb34f80e69
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
40526df990780061385831eb7143db974cf389583c704c0f986284d2d8d3a0d3
40eceea96af900b9d1b73d8859a9919d9e3bc2a16916072701ea98e3d4642ba6
430ac06a9912729cedf0e6c618b7ad7d8c1a7623b380b60312dd17b0037f36ce
439310fe70c9254ca886a5848ab84ece7a2d0b9f1d7eb654e35ee1af86b1d0d9
46b9cee37dcb843ffd1954731ea194ff6690cb591481015de367901eaec8df9d
5ccf20c77e2159876f53e2e7903140447691cd93ea5fdf38142a34cc37c0a1fa
5dc2f3f0b6682457b113ec4e3641049d51488e18deaa8185831f4973cb57f97e
6ba10e33fc40749d8e0a6e2ab2f0271c2bc89f8aca0c4432000456d2a9912ea9
70295e23173942999f6560f098b372fb27ad0de5bc1a1e195c6ef5af18dfc856
70f1cbf2697ee3da0fce545369f9ff2394d5a67afb1920b1433dabd5d299c436
7e6dbcb4fa67139ef1bfb019ef153f21b130a1f68f7d5bbe3c15033c14342ff7
7eedbeb43c93c8d82301cb78609a457a55cec956398be4b7dd6d12f0fac1d516
8ac752cf3429ed4d1322aaece17556cb40319d80cef682f0ee5cbb9e1438a0fa
8d814ada502cfca69414ee2168f70cc98bdf53153a31b47548c0be6d75c5c046
92229df29a090ec2792749556e41deeeaec5d1167056f4f0bbfb9deaa2397235
9487cb559d6168d8f29a5684b10a9c253776e7280ea758f332902773d85367e5
9bc63a02041e3cbc9365d2a70224f9c22ca5e31897e72e0b3cb620259250a556
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a6915794955aa02a862c6286b6ae26b9ad45b49d9a095ecd1c9d1b7f8b498778
a933fa87d48ac7c2f381036d364fa92767c5dae738491b16aa668671abc23442
aa7aadbd1349c23ab2ab4bfecc563e091b07aad49739b21fa4a2ed2047fa57c1
b64d6f3b3fafe479610cfa9b4b86fcef473ba7d0dfc5f68c8e9de52ed4774075
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c2726a744cb41e1f88bf2cc8365389ebbaa6f5beef6d55241fd685c2bd6b3fa5
cf5e9c54650bf4326d3a8caa3bcf484b5785dfff38f9cc52a5d3e5ec5daeb2f8
d2750757e1fe13b6523dafa5f06363ade310cb51b53a7da9fd9d9253fc859850
dbf6e5a1bdcf7981e49d952fc5e62e36715904a838584c9c7da9a49c62290baf
dd8eb5f29381950bd2d56653f3a9aeb82ca7b0bcbadc5903d48f335d1a0f0fa7
f25487aa53b51b4c355c8c8dcfe481294a929e8e6c8ab3f4c1b0d84115803fb5
fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

malware.news Open in urlscan Pro 104.26.6.105 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

42 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

1363 kBTransfer

5249 kBSize

3 Cookies

24 Outgoing links

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

malware.news Open in urlscan Pro
104.26.6.105 Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

1363 kB
Transfer

5249 kB
Size

3
Cookies

42 HTTP transactions
1 data transactions