lab52.io Open in urlscan Pro
185.215.84.11 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
Submission: On June 01 via manual (June 1st 2023, 8:57:18 pm UTC) from US — Scanned from ES

Summary HTTP 51 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 7 domains to perform 51 HTTP transactions. The main IP is 185.215.84.11, located in Spain and belongs to ES-S2GRUPO-ASN, ES. The main domain is lab52.io.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on January 10th 2023. Valid for: a year.

This is the only time lab52.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	185.215.84.11 185.215.84.11	60080 (ES-S2GRUP...) (ES-S2GRUPO-ASN)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
51	10

32 185.215.84.11 (Spain)

ASN60080 (ES-S2GRUPO-ASN, ES)

lab52.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	lab52.io lab52.io	1 MB
7	gstatic.com www.gstatic.com fonts.gstatic.com	558 KB
4	google.com www.google.com — Cisco Umbrella Rank: 3	31 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49 region1.google-analytics.com — Cisco Umbrella Rank: 1866	21 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 249	8 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	130 KB
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 111	341 B
51	7

	Domain	Requested by
32	lab52.io	lab52.io
6	www.gstatic.com	www.google.com www.gstatic.com
4	www.google.com	lab52.io www.gstatic.com www.google.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdnjs.cloudflare.com	lab52.io
2	www.googletagmanager.com	lab52.io www.googletagmanager.com
1	fonts.gstatic.com	www.google.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	region1.google-analytics.com	www.googletagmanager.com
51	9

This site contains links to these domains. Also see Links.

Domain
s2grupo.es
blogs.blackberry.com
github.com
twitter.com
www.winitor.com
marcoramilli.com
www.team-cymru.com
web.archive.org
unit42.paloaltonetworks.com

Subject Issuer	Validity	Valid
lab52.io Go Daddy Secure Certificate Authority - G2	`2023-01-10` - `2024-02-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
Frame ID: 1BC4855173756225B32639E92F63421C
Requests: 42 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf4ZJwUAAAAAN67aD_PPXidoEzI-aIrP47hK41b&co=aHR0cHM6Ly9sYWI1Mi5pbzo0NDM.&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&theme=light&size=normal&cb=5fhvfx68aq8w
Frame ID: 3DD25CB6AA1A72128DB2E7E61F095B92
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6Lf4ZJwUAAAAAN67aD_PPXidoEzI-aIrP47hK41b
Frame ID: 74CC27DF69FD8C0A6D24EB8DA539FB8F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

APT-C-36: from NjRAT to LimeRAT

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

51
Requests

100 %
HTTPS

89 %
IPv6

7
Domains

9
Subdomains

10
IPs

4
Countries

1865 kB
Transfer

2974 kB
Size

4
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://s2grupo.es/en/home/
Title: The threat intelligence division of S2 Grupo

Search URL Search Domain Scan URL

URL: https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia?utm_medium=social&utm_content=cyber
Title: Blackberry report

Search URL Search Domain Scan URL

URL: https://github.com/NYAN-x-CAT/Lime-RAT
Title: LimeRAT

Search URL Search Domain Scan URL

URL: https://twitter.com/DmitriyMelikov/status/1599776513045340161?s=20&t=gxCTU-DXg2mDQ96UR5RSYg
Title: a post on twitter

Search URL Search Domain Scan URL

URL: https://www.winitor.com/download
Title: https://www.winitor.com/download

Search URL Search Domain Scan URL

URL: https://marcoramilli.com/2022/11/21/is-hagga-threat-actor-abusing-fsociety-framework/
Title: https://marcoramilli.com/2022/11/21/is-hagga-threat-actor-abusing-fsociety-framework/

Search URL Search Domain Scan URL

URL: https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor
Title: https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20191207233315/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/
Title: https://web.archive.org/web/20191207233315/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/
Title: https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

51 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/ 104 KB
105 KB 1659ms
1303ms Document
text/html 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 / PHP/7.3.3

Resource Hash

7de161540257effb889bedd659d0313bbfe956272d980a76396ad60fdc49ca31

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 01 Jun 2023 20:57:10 GMT
Keep-Alive: timeout=5, max=100
Link: <https://lab52.io/blog/wp-json/>; rel="https://api.w.org/" <https://lab52.io/blog/wp-json/wp/v2/posts/1678>; rel="alternate"; type="application/json" <https://lab52.io/blog/?p=1678>; rel=shortlink
Server: Lab52
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding,Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY SAMEORIGIN
X-Pingback: https://lab52.io/blog/xmlrpc.php
X-Powered-By: PHP/7.3.3

GET
H/1.1 200
OK all.min.css
lab52.io/blog/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/css/ 46 KB
46 KB 40ms
40ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/css/all.min.css?ver=1598525594

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 10:53:14 GMT
Server: Lab52
ETag: "b752-5add9be395def"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 46930

GET
H/1.1 200
OK style.css
lab52.io/blog/wp-content/themes/genesis-sample-develop/ 32 KB
32 KB 114ms
40ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis-sample-develop/style.css?ver=2.9.2-dev

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

a5be480111c5e08d5b42a4d340295dcf4ad1b49b0527c5d158b7a8a6c706ccf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 30 Sep 2019 11:54:50 GMT
Server: Lab52
ETag: "7f38-593c3e73577a2"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 32568

GET
H/1.1 200
OK style.min.css
lab52.io/blog/wp-includes/css/dist/block-library/ 53 KB
53 KB 119ms
40ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-includes/css/dist/block-library/style.min.css?ver=5.5.12

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 Sep 2020 03:51:33 GMT
Server: Lab52
ETag: "d293-5ae4c8d36f1fe"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 53907

GET
H/1.1 200
OK blocks.style.build.css
lab52.io/blog/wp-content/plugins/atomic-blocks/dist/ 44 KB
44 KB 118ms
39ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/plugins/atomic-blocks/dist/blocks.style.build.css?ver=1598525594

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

df5e9981355c666f6246e1b10b57f9e219b2c2a16a47a8b09726053d1836ea78

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 10:53:14 GMT
Server: Lab52
ETag: "af72-5add9be3a5bd7"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 44914

GET
H/1.1 200
OK dashicons.min.css
lab52.io/blog/wp-includes/css/ 58 KB
58 KB 120ms
40ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-includes/css/dashicons.min.css?ver=5.5.12

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

b7203ef7f18e8e70e9991515982b3bbd43524cf048e9591b7aab1e80db938774

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 03:52:35 GMT
Server: Lab52
ETag: "e687-5bffacb344d45"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 59015

GET
H/1.1 200
OK front-end.css
lab52.io/blog/wp-content/themes/genesis-sample-develop/lib/gutenberg/ 9 KB
9 KB 119ms
40ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis-sample-develop/lib/gutenberg/front-end.css?ver=2.9.2-dev

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

2e3578f944c282c0c578635005c9b3ac95090cf9607dd8821ebea38ab463f259

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 29 Mar 2019 12:24:02 GMT
Server: Lab52
ETag: "23b7-5853abef78225"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9143

GET
H/1.1 200
OK style.css
lab52.io/blog/wp-content/plugins/simple-social-icons/css/ 1 KB
2 KB 156ms
40ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/plugins/simple-social-icons/css/style.css?ver=3.0.2

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

f230538018f9156f925bd667c6ac4f437ae4541b9d421424728592d359b499c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 22 Jun 2020 08:03:12 GMT
Server: Lab52
ETag: "4cc-5a8a7ac9e438b"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1228

GET
H/1.1 200
OK front.min.css
lab52.io/blog/wp-content/plugins/wp-gdpr-compliance/assets/css/ 8 KB
8 KB 155ms
39ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1592813009

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

219222bf1646c16a6f0137ead39b1cf86b23b00533f493a84008d5e19288ad46

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 22 Jun 2020 08:03:29 GMT
Server: Lab52
ETag: "1ec2-5a8a7ada4a07a"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 7874

GET
H/1.1 200
OK jquery.js Show response
lab52.io/blog/wp-includes/js/jquery/ 95 KB
95 KB 196ms
40ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Sep 2019 03:51:24 GMT
Server: Lab52
ETag: "17a69-591c63c44ee04"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 96873

GET
H/1.1 200
OK svgxuse.js Show response
lab52.io/blog/wp-content/plugins/simple-social-icons/ 9 KB
9 KB 199ms
42ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/plugins/simple-social-icons/svgxuse.js?ver=1.1.21

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

860e4b944663ab48a4929f7f995379090822e06521ab6321612490be84de42fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 22 Jun 2020 08:03:12 GMT
Server: Lab52
ETag: "2416-5a8a7ac9e8dc3"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 9238

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 122 KB
48 KB 231ms
77ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-138573737-1

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2da821af4d64fe4f762522b3483605be30c14d9327814e0b71c6a7a2fa1dd87c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 20:57:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 48424
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 01 Jun 2023 20:57:13 GMT

GET
H/1.1 200
OK custom.css
lab52.io/blog/wp-content/themes/genesis-sample-develop/ 13 KB
13 KB 196ms
40ms Stylesheet
text/css 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis-sample-develop/custom.css

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

8e1bc2d74daffb3687807ab076602409ba8f07a31c37340fa947f238655a952c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 12:03:43 GMT
Server: Lab52
ETag: "3293-5addaba4bd758"
X-Frame-Options: DENY
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 12947

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/ 4 KB
2 KB 108ms
39ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79b378e8f3c1fece39a1472a2e7d920ab80eb5881525a1622d9dbaa954aa23c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 20:57:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2078324
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 975
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-fe0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H0zlnCgyu5JmfSklh151M9fTO%2BMJjVMRXbmqJy3Q29ONoodXk0YjHnpa5eB3HTGaimWgK7Ra2Q%2FxTgpVRk%2B%2FwSdmouHup%2BIigSv5CjoGsA1ncyp%2B%2BiYdwqD5jD7MMKpK3o7Dfm8R57Xb%2FwZ0j5dcyzUw"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7d0a5e1e9c2c216b-MAD
expires: Tue, 21 May 2024 20:57:12 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/ 20 KB
6 KB 109ms
40ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb41292903f6bd996333bdfe6fbc58e1dbdb6109074505ee3ea46373bb23be70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 20:57:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 106375
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5978
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-5148"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnIlgnpXHy7DnaKy7jHplGOq2sg3gw%2BeF3yZjzZfY7M9C5wMuahzv48hq5h%2BZfvjicevhkftMfI8QYshGIhRpf99ZIjxxW9MBWJxs6SmPZ%2FT6RZNhvuFY6x5OivenrAkuUZV7%2B7SlysxOzMLFrUof3xD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7d0a5e1e9c2d216b-MAD
expires: Tue, 21 May 2024 20:57:12 GMT

GET
H/1.1 200
OK lab52.png
lab52.io/blog/wp-content/uploads/2019/03/ 2 KB
2 KB 41ms
41ms Image
image/png 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lab52.io/blog/wp-content/uploads/2019/03/lab52.png

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

17148cc6c123b5bdb0f9f77cc570122a4a37c076eddcf1ebbc87bcfe1ab91ef2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 29 Mar 2019 12:24:02 GMT
Server: Lab52
ETag: "75d-5853abef7eb9d"
X-Frame-Options: DENY
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1885

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
lab52.io/blog/wp-includes/js/ 14 KB
14 KB 41ms
41ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-includes/js/wp-emoji-release.min.js?ver=5.5.12

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 03:52:35 GMT
Server: Lab52
ETag: "3795-5bffacb354f15"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 14229

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 913 B
905 B 232ms
76ms Script
text/javascript 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=anr_onloadCallback&render=explicit

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8222c3f12e7f10e39f4347fb564094c6d418536bf191e6764100b458617e1386

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 20:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 585
x-xss-protection: 1; mode=block
expires: Thu, 01 Jun 2023 20:57:13 GMT

GET
H/1.1 200
OK custom.js Show response
lab52.io/blog/wp-content/themes/genesis-sample-develop/ 4 KB
5 KB 41ms
41ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis-sample-develop/custom.js

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

64322bb7c05a2038a9e0b61973d406e322487eee3dcd370529bd4f631831372a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 17 May 2019 09:32:04 GMT
Server: Lab52
ETag: "117c-589120e3e24a0"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4476

GET
H/1.1 200
OK dismiss.js Show response
lab52.io/blog/wp-content/plugins/atomic-blocks/dist/assets/js/ 923 B
1 KB 40ms
40ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/plugins/atomic-blocks/dist/assets/js/dismiss.js?ver=1598525594

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

91690ac97c038313496895a305a808da41d7702f5568ebc6b34a4c3cdd549961

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 10:53:14 GMT
Server: Lab52
ETag: "39b-5add9be39ee77"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 923

GET
H/1.1 200
OK comment-reply.min.js Show response
lab52.io/blog/wp-includes/js/ 3 KB
3 KB 40ms
39ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-includes/js/comment-reply.min.js?ver=5.5.12

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 03:52:35 GMT
Server: Lab52
ETag: "ba8-5bffacb3533bd"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2984

GET
H/1.1 200
OK hoverIntent.min.js Show response
lab52.io/blog/wp-includes/js/ 1 KB
1 KB 40ms
40ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-includes/js/hoverIntent.min.js?ver=1.8.1

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 03:52:35 GMT
Server: Lab52
ETag: "462-5bffacb353b8d"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1122

GET
H/1.1 200
OK superfish.min.js Show response
lab52.io/blog/wp-content/themes/genesis/lib/js/menu/ 4 KB
5 KB 41ms
39ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis/lib/js/menu/superfish.min.js?ver=1.7.10

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 10:52:33 GMT
Server: Lab52
ETag: "1193-5add9bbcdcc8d"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 4499

GET
H/1.1 200
OK superfish.args.min.js Show response
lab52.io/blog/wp-content/themes/genesis/lib/js/menu/ 132 B
540 B 41ms
40ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis/lib/js/menu/superfish.args.min.js?ver=3.3.3

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 10:52:33 GMT
Server: Lab52
ETag: "84-5add9bbcdc8a5"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 132

GET
H/1.1 200
OK skip-links.min.js Show response
lab52.io/blog/wp-content/themes/genesis/lib/js/ 386 B
795 B 41ms
40ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis/lib/js/skip-links.min.js?ver=3.3.3

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 10:52:33 GMT
Server: Lab52
ETag: "182-5add9bbcde7e5"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 386

GET
H/1.1 200
OK responsive-menus.min.js Show response
lab52.io/blog/wp-content/themes/genesis-sample-develop/js/ 4 KB
4 KB 41ms
40ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis-sample-develop/js/responsive-menus.min.js?ver=2.9.2-dev

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

6fd951519999c4f446db71f347635025addb27c21d3b5915d498732ea1eec927

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 29 Mar 2019 12:24:02 GMT
Server: Lab52
ETag: "e64-5853abef77e3d"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3684

GET
H/1.1 200
OK genesis-sample.js Show response
lab52.io/blog/wp-content/themes/genesis-sample-develop/js/ 1 KB
2 KB 41ms
40ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/themes/genesis-sample-develop/js/genesis-sample.js?ver=2.9.2-dev

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

a1c4a7fc8d5baa9d1b5e4d8c55c3229442dbf98430024e9b008cd3cd99c72fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 29 Mar 2019 12:24:02 GMT
Server: Lab52
ETag: "4e1-5853abef77e3d"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1249

GET
H/1.1 200
OK front.min.js Show response
lab52.io/blog/wp-content/plugins/wp-gdpr-compliance/assets/js/ 7 KB
7 KB 42ms
41ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1592813009

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

af57165e63b7efba5117220d832d16a5919b941d646b9e23bb7d455e0f343218

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 22 Jun 2020 08:03:29 GMT
Server: Lab52
ETag: "1a1d-5a8a7ada4b01a"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 6685

GET
H/1.1 200
OK wp-embed.min.js Show response
lab52.io/blog/wp-includes/js/ 1 KB
2 KB 40ms
40ms Script
application/javascript 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-includes/js/wp-embed.min.js?ver=5.5.12

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 May 2023 03:52:03 GMT
Server: Lab52
ETag: "5c6-5fbdb9c5bd5a2"
X-Frame-Options: DENY
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1478

GET
H/1.1 200
OK fa-solid-900.woff2
lab52.io/blog/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/webfonts/ 61 KB
61 KB 50ms
41ms Font
text/plain 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lab52.io/blog/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/webfonts/fa-solid-900.woff2

Requested by

Host: lab52.io
URL: https://lab52.io/blog/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/css/all.min.css?ver=1598525594

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

7870d922d17f76035c5327c14bf08d12898b35cbb2a303f4194a1b9935c13f8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://lab52.io/blog/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/css/all.min.css?ver=1598525594
Origin: https://lab52.io
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 10:53:14 GMT
Server: Lab52
ETag: "f408-5add9be39ded7"
X-Frame-Options: DENY
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 62472

GET
H/1.1 200
OK campanas-2.png
lab52.io/blog/wp-content/uploads/2023/03/ 14 KB
14 KB 43ms
42ms Image
image/png 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lab52.io/blog/wp-content/uploads/2023/03/campanas-2.png

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

bdb1ad95aa5f7db1b6e1d78c99e2e1a90f2038ffec5b1eb753d239e8cc4dc4f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 16 Mar 2023 00:13:23 GMT
Server: Lab52
ETag: "36cc-5f6f95430b91f"
X-Frame-Options: DENY
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 14028

GET
H/1.1 200
OK 01-Apariencia-documento-malicioso-1024x519.png
lab52.io/blog/wp-content/uploads/2023/03/ 285 KB
285 KB 44ms
43ms Image
image/png 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lab52.io/blog/wp-content/uploads/2023/03/01-Apariencia-documento-malicioso-1024x519.png

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

6e9ada0c98fe1f4ded84642ff1897e1811d3fbe730b0cd467d5c693ff39760b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Mar 2023 21:31:57 GMT
Server: Lab52
ETag: "4722c-5f6f712e2e45e"
X-Frame-Options: DENY
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 291372

GET
H/1.1 200
OK 02-Objeto-OLE-sospechoso.png
lab52.io/blog/wp-content/uploads/2023/03/ 21 KB
22 KB 44ms
43ms Image
image/png 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lab52.io/blog/wp-content/uploads/2023/03/02-Objeto-OLE-sospechoso.png

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

66bb94cb2a7bc38cb2077a2021aefc8bf4b096d380f7d625a5ef8b99c0b8d989

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Mar 2023 21:33:15 GMT
Server: Lab52
ETag: "54a3-5f6f7178ba039"
X-Frame-Options: DENY
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 21667

GET
H/1.1 200
OK 03-Flujo-de-actividad-analizado.png
lab52.io/blog/wp-content/uploads/2023/03/ 131 KB
132 KB 43ms
43ms Image
image/png 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lab52.io/blog/wp-content/uploads/2023/03/03-Flujo-de-actividad-analizado.png

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

2f06a36428ed198d2454a2ab9d28f2353ed3b046fcceb4e6304c2fa3a65df4b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Mar 2023 21:34:45 GMT
Server: Lab52
ETag: "20cf4-5f6f71cdd425d"
X-Frame-Options: DENY
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 134388

GET
H/1.1 200
OK 04-Propiedades-Objeto-OLE.png
lab52.io/blog/wp-content/uploads/2023/03/ 34 KB
34 KB 40ms
39ms Image
image/png 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lab52.io/blog/wp-content/uploads/2023/03/04-Propiedades-Objeto-OLE.png

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

8fa71ecd8ee8d7171edcd5d4fca0ee7f53e3764d519488bf809a80c9c0f8d307

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Mar 2023 21:41:29 GMT
Server: Lab52
ETag: "883e-5f6f734f818cc"
X-Frame-Options: DENY
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 34878

GET
H/1.1 200
OK 05-Detalle-Objeto-OLE.png
lab52.io/blog/wp-content/uploads/2023/03/ 46 KB
46 KB 40ms
40ms Image
image/png 185.215.84.11
ES-S2GRUPO-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lab52.io/blog/wp-content/uploads/2023/03/05-Detalle-Objeto-OLE.png

Requested by

Host: lab52.io
URL: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.215.84.11 , Spain, ASN60080 (ES-S2GRUPO-ASN, ES),

Reverse DNS

Software

Lab52 /

Resource Hash

cc7c17ac8c384eefe9f4b0f8f23952ad7a7f1f28345670aaf28b29243ee638c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Thu, 01 Jun 2023 20:57:12 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Mar 2023 21:42:57 GMT
Server: Lab52
ETag: "b7c1-5f6f73a2e0147"
X-Frame-Options: DENY
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 47041

GET
H2 200 recaptcha__es.js Show response
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ 410 KB
164 KB 219ms
70ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=anr_onloadCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d15a4d5801e592b72c28d0c8ad1595330d16f201feb89ef978d63233f6942c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lab52.io/
Origin: https://lab52.io
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Tue, 30 May 2023 02:41:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238548
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 167717
x-xss-protection: 0
last-modified: Mon, 22 May 2023 20:58:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 May 2024 02:41:25 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 239 KB
82 KB 82ms
81ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-95M8JQNZBF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-138573737-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b9dfff23e0218ab79b4dbace25a823a0356e59bfc3ca09c4e13293f2f409d61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 20:57:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84266
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 01 Jun 2023 20:57:13 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 196ms
63ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-138573737-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 01 Jun 2023 20:35:34 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 1299
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Thu, 01 Jun 2023 22:35:34 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
249 B 143ms
55ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-95M8JQNZBF&gtm=45je35v0&_p=1160290083&cid=189072882.1685653033&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1685653033&sct=1&seg=0&dl=https%3A%2F%2Flab52.io%2Fblog%2Fapt-c-36-from-njrat-to-apt-c-36%2F&dt=APT-C-36%3A%20from%20NjRAT%20to%20LimeRAT&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-95M8JQNZBF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://lab52.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jun 2023 20:57:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://lab52.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
202 B 71ms
70ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1160290083&t=pageview&_s=1&dl=https%3A%2F%2Flab52.io%2Fblog%2Fapt-c-36-from-njrat-to-apt-c-36%2F&ul=en-us&de=UTF-8&dt=APT-C-36%3A%20from%20NjRAT%20to%20LimeRAT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=806133241&gjid=910291231&cid=189072882.1685653033&tid=UA-138573737-1&_gid=93913148.1685653034&_r=1&gtm=457e35v0&jsscut=1&z=337166337

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://lab52.io/
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 01 Jun 2023 20:57:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://lab52.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 3DD2 51 KB
28 KB 91ms
90ms Document
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf4ZJwUAAAAAN67aD_PPXidoEzI-aIrP47hK41b&co=aHR0cHM6Ly9sYWI1Mi5pbzo0NDM.&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&theme=light&size=normal&cb=5fhvfx68aq8w

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0c4ad24064c99f3e752661dce6415292b8dc5ea2e6430bcf5102299cf83872e1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G7heC_wTZbNQzWotSNJCCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://lab52.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 28577
content-security-policy: script-src 'report-sample' 'nonce-G7heC_wTZbNQzWotSNJCCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 01 Jun 2023 20:57:13 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
341 B 156ms
52ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-138573737-1&cid=189072882.1685653033&jid=806133241&gjid=910291231&_gid=93913148.1685653034&_u=YADAAUAAAAAAACAAI~&z=529577523

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lab52.io/
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Jun 2023 20:57:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://lab52.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ Frame 3DD2 55 KB
24 KB 174ms
59ms Stylesheet
text/css 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf4ZJwUAAAAAN67aD_PPXidoEzI-aIrP47hK41b&co=aHR0cHM6Ly9sYWI1Mi5pbzo0NDM.&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&theme=light&size=normal&cb=5fhvfx68aq8w

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 14:18:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 22 May 2023 20:58:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 May 2024 14:18:18 GMT

GET
H3 200 recaptcha__es.js Show response
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ Frame 3DD2 410 KB
164 KB 204ms
89ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d15a4d5801e592b72c28d0c8ad1595330d16f201feb89ef978d63233f6942c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Tue, 30 May 2023 02:41:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238548
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 167717
x-xss-protection: 0
last-modified: Mon, 22 May 2023 20:58:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 May 2024 02:41:25 GMT

GET
DATA 200
OK truncated
/ Frame 3DD2 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3DD2 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 3DD2 2 KB
2 KB 60ms
59ms Image
image/png 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Tue, 30 May 2023 14:33:37 GMT
x-content-type-options: nosniff
age: 195817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 06 Jun 2023 14:33:37 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 3DD2 15 KB
16 KB 189ms
61ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Wed, 31 May 2023 19:03:49 GMT
x-content-type-options: nosniff
age: 93205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 May 2024 19:03:49 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 3DD2 102 B
134 B 69ms
68ms Other
text/javascript 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c75e67f068191438501de6d2c57b35ef1e017788df8fed93c23b7144c9bbf12f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf4ZJwUAAAAAN67aD_PPXidoEzI-aIrP47hK41b&co=aHR0cHM6Ly9sYWI1Mi5pbzo0NDM.&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&theme=light&size=normal&cb=5fhvfx68aq8w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 20:57:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 01 Jun 2023 20:57:14 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 74CC 7 KB
1 KB 76ms
76ms Document
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6Lf4ZJwUAAAAAN67aD_PPXidoEzI-aIrP47hK41b

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8b72d14f7d0aec584f169624b772cd8349bed18c55dbdd1f30f43e129a767bec

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5nAzen2ywOLaH9i31-3Shw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://lab52.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1150
content-security-policy: script-src 'report-sample' 'nonce-5nAzen2ywOLaH9i31-3Shw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 01 Jun 2023 20:57:14 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ Frame 74CC 55 KB
24 KB 60ms
59ms Stylesheet
text/css 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6Lf4ZJwUAAAAAN67aD_PPXidoEzI-aIrP47hK41b

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 14:18:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 22 May 2023 20:58:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 May 2024 14:18:18 GMT

GET
H3 200 recaptcha__es.js Show response
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ Frame 74CC 410 KB
164 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6Lf4ZJwUAAAAAN67aD_PPXidoEzI-aIrP47hK41b

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d15a4d5801e592b72c28d0c8ad1595330d16f201feb89ef978d63233f6942c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Tue, 30 May 2023 02:41:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 167717
x-xss-protection: 0
last-modified: Mon, 22 May 2023 20:58:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 May 2024 02:41:25 GMT

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lab52.io/	1970-01-20 21:50:13	Name: _ga_95M8JQNZBF Value: GS1.1.1685653033.1.0.1685653033.0.0.0
.lab52.io/	1970-01-20 21:50:13	Name: _ga Value: GA1.2.189072882.1685653033
.lab52.io/	1970-01-20 12:15:39	Name: _gid Value: GA1.2.93913148.1685653034
.lab52.io/	1970-01-20 12:14:13	Name: _gat_gtag_UA_138573737_1 Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
fonts.gstatic.com
lab52.io
region1.google-analytics.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
185.215.84.11
2001:4860:4802:34::36
2606:4700::6811:180e
2a00:1450:4001:806::2003
2a00:1450:4001:80b::2004
2a00:1450:4001:810::200e
2a00:1450:4001:828::2003
2a00:1450:4001:82b::2008
2a00:1450:400c:c07::9d
07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0c4ad24064c99f3e752661dce6415292b8dc5ea2e6430bcf5102299cf83872e1
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
17148cc6c123b5bdb0f9f77cc570122a4a37c076eddcf1ebbc87bcfe1ab91ef2
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5
219222bf1646c16a6f0137ead39b1cf86b23b00533f493a84008d5e19288ad46
2da821af4d64fe4f762522b3483605be30c14d9327814e0b71c6a7a2fa1dd87c
2e3578f944c282c0c578635005c9b3ac95090cf9607dd8821ebea38ab463f259
2f06a36428ed198d2454a2ab9d28f2353ed3b046fcceb4e6304c2fa3a65df4b2
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4
64322bb7c05a2038a9e0b61973d406e322487eee3dcd370529bd4f631831372a
66bb94cb2a7bc38cb2077a2021aefc8bf4b096d380f7d625a5ef8b99c0b8d989
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e9ada0c98fe1f4ded84642ff1897e1811d3fbe730b0cd467d5c693ff39760b7
6fd951519999c4f446db71f347635025addb27c21d3b5915d498732ea1eec927
7870d922d17f76035c5327c14bf08d12898b35cbb2a303f4194a1b9935c13f8e
79b378e8f3c1fece39a1472a2e7d920ab80eb5881525a1622d9dbaa954aa23c3
7d15a4d5801e592b72c28d0c8ad1595330d16f201feb89ef978d63233f6942c1
7de161540257effb889bedd659d0313bbfe956272d980a76396ad60fdc49ca31
8222c3f12e7f10e39f4347fb564094c6d418536bf191e6764100b458617e1386
860e4b944663ab48a4929f7f995379090822e06521ab6321612490be84de42fd
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
8b72d14f7d0aec584f169624b772cd8349bed18c55dbdd1f30f43e129a767bec
8b9dfff23e0218ab79b4dbace25a823a0356e59bfc3ca09c4e13293f2f409d61
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8e1bc2d74daffb3687807ab076602409ba8f07a31c37340fa947f238655a952c
8fa71ecd8ee8d7171edcd5d4fca0ee7f53e3764d519488bf809a80c9c0f8d307
91690ac97c038313496895a305a808da41d7702f5568ebc6b34a4c3cdd549961
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
a1c4a7fc8d5baa9d1b5e4d8c55c3229442dbf98430024e9b008cd3cd99c72fbb
a5be480111c5e08d5b42a4d340295dcf4ad1b49b0527c5d158b7a8a6c706ccf6
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb
af57165e63b7efba5117220d832d16a5919b941d646b9e23bb7d455e0f343218
b7203ef7f18e8e70e9991515982b3bbd43524cf048e9591b7aab1e80db938774
bdb1ad95aa5f7db1b6e1d78c99e2e1a90f2038ffec5b1eb753d239e8cc4dc4f0
c75e67f068191438501de6d2c57b35ef1e017788df8fed93c23b7144c9bbf12f
cb41292903f6bd996333bdfe6fbc58e1dbdb6109074505ee3ea46373bb23be70
cc7c17ac8c384eefe9f4b0f8f23952ad7a7f1f28345670aaf28b29243ee638c6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df5e9981355c666f6246e1b10b57f9e219b2c2a16a47a8b09726053d1836ea78
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327
f230538018f9156f925bd667c6ac4f437ae4541b9d421424728592d359b499c8

lab52.io Open in urlscan Pro 185.215.84.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

51 Requests

100 %HTTPS

89 %IPv6

7 Domains

9 Subdomains

10 IPs

4 Countries

1865 kBTransfer

2974 kBSize

4 Cookies

9 Outgoing links

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

lab52.io Open in urlscan Pro
185.215.84.11 Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

100 %
HTTPS

89 %
IPv6

7
Domains

9
Subdomains

10
IPs

4
Countries

1865 kB
Transfer

2974 kB
Size

4
Cookies

51 HTTP transactions
2 data transactions