urlscan.io logo urlscan.io
SecurityTrails logo

www.cert.pl Open in urlscan Pro
2606:4700:20::681a:d73  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Submission: On September 27 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 9 domains to perform 109 HTTP transactions. The main IP is 2606:4700:20::681a:d73, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cert.pl.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 23rd 2020. Valid for: a year.
This is the only time www.cert.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

73    2606:4700:20::681a:d73 (United States)

ASN13335 (CLOUDFLARENET, US)
www.cert.pl
3    2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.google.com
24    140.82.121.4 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-4-fra.github.com
gist.github.com
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    185.199.111.154 (United States)

ASN54113 (FASTLY, US)
github.githubassets.com
1    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
youtube.com
1    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
2    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
7    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
5    2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)
cdn.syndication.twimg.com
pbs.twimg.com
2    104.244.42.200 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
Domain Requested by
73 www.cert.pl www.cert.pl
24 gist.github.com 12 redirects www.cert.pl
7 platform.twitter.com www.cert.pl
platform.twitter.com
4 pbs.twimg.com www.cert.pl
4 fonts.gstatic.com fonts.googleapis.com
3 maps.google.com www.cert.pl
maps.google.com
2 syndication.twitter.com 1 redirects www.cert.pl
1 maps.googleapis.com maps.google.com
1 cdn.syndication.twimg.com platform.twitter.com
1 www.youtube.com www.cert.pl
1 youtube.com 1 redirects
1 github.githubassets.com gist.github.com
1 fonts.googleapis.com www.cert.pl
109 13
Subject Issuer Validity Valid
cert.pl
Cloudflare Inc ECC CA-3		 2020-05-23 -
2021-05-23		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
*.github.com
DigiCert SHA2 High Assurance Server CA		 2020-06-22 -
2022-08-17		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
*.githubassets.com
DigiCert SHA2 High Assurance Server CA		 2018-10-29 -
2020-11-02		 2 years crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA		 2019-11-12 -
2020-11-18		 a year crt.sh
syndication.twitter.com
DigiCert SHA2 High Assurance Server CA		 2020-03-05 -
2021-03-02		 a year crt.sh

This page contains 5 frames:

Primary Page: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Frame ID: 7F6086412D0B1D7023675E1C33BFCE49
Requests: 101 HTTP requests in this frame

Frame: https://www.youtube.com/embed/NHGJPlEXssg
Frame ID: F64DA937DEFA1CF41F6FC2BA62E58884
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.cert.pl
Frame ID: AF4B6874FFE15E5BC1D0DD48CE8FD69C
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Frame ID: 559897658693EADDA4A0866F7FE13E39
Requests: 10 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: D04FF0B34E054682C329E95B62FEE461
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • script /\/\/maps\.googleapis\.com\/maps\/api\/js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

109
Requests

100 %
HTTPS

77 %
IPv6

9
Domains

13
Subdomains

13
IPs

2
Countries

1721 kB
Transfer

2572 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://gist.github.com/652ef154ff7aa56d5dfaaa52a4a6f9b8.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/652ef154ff7aa56d5dfaaa52a4a6f9b8.js
Request Chain 16
  • https://gist.github.com/82116cbbb35a895605b09b28e11d3c02.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/82116cbbb35a895605b09b28e11d3c02.js
Request Chain 17
  • https://gist.github.com/b50fd39a2d3c5b30d08c8431efc0ddeb.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/b50fd39a2d3c5b30d08c8431efc0ddeb.js
Request Chain 21
  • https://gist.github.com/1fbc413adb5806bf9deba5fb400712ea.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/1fbc413adb5806bf9deba5fb400712ea.js
Request Chain 23
  • https://gist.github.com/6612b8c2584338d7dfe4ad2c7ca0578d.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/6612b8c2584338d7dfe4ad2c7ca0578d.js
Request Chain 24
  • https://gist.github.com/c5f09a104b6ae7d62809b1851e7731c0.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/c5f09a104b6ae7d62809b1851e7731c0.js
Request Chain 30
  • https://gist.github.com/2716d49a1581547a25c712a6a278a166.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/2716d49a1581547a25c712a6a278a166.js
Request Chain 31
  • https://gist.github.com/cbec86044e9699538a1c4c0204409d3b.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/cbec86044e9699538a1c4c0204409d3b.js
Request Chain 32
  • https://gist.github.com/a561be5712f7c4a09ffd873efb7f61fa.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/a561be5712f7c4a09ffd873efb7f61fa.js
Request Chain 33
  • https://gist.github.com/18dc2bbbb66cb482559c74ab18a46268.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/18dc2bbbb66cb482559c74ab18a46268.js
Request Chain 34
  • https://gist.github.com/68bf540bb1d4545bca1d220d4cb18511.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/68bf540bb1d4545bca1d220d4cb18511.js
Request Chain 35
  • https://gist.github.com/31e54e27228b41af8ce4ba00e263631b.js HTTP 302
  • https://gist.github.com/CERT-Polska-Developer/31e54e27228b41af8ce4ba00e263631b.js
Request Chain 64
  • https://youtube.com/embed/NHGJPlEXssg HTTP 301
  • https://www.youtube.com/embed/NHGJPlEXssg
Request Chain 109
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html

109 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.cert.pl/en/news/single/backswap-malware-analysis/ 		49 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af8a5247d2e388d66a0aa4e9c18fa03c0020a624f0cc948de74ddc08ed527e0b

Request headers

:method
GET
:authority
www.cert.pl
:scheme
https
:path
/en/news/single/backswap-malware-analysis/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sun, 27 Sep 2020 22:25:27 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d7a6c2ea3e4b250b1535447c6ae6c1d081601245527; expires=Tue, 27-Oct-20 22:25:27 GMT; path=/; domain=.cert.pl; HttpOnly; SameSite=Lax; Secure _icl_current_language=en; expires=Mon, 28-Sep-2020 22:25:27 GMT; Max-Age=86400; path=/ _icl_current_language=en; expires=Mon, 28-Sep-2020 22:25:27 GMT; Max-Age=86400; path=/
x-pingback
https://www.cert.pl/xmlrpc.php
link
<https://www.cert.pl/en/wp-json/>; rel="https://api.w.org/" <https://www.cert.pl/en/?p=14450>; rel=shortlink
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-request-id
057344d53b0000175a8cbe8200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5d98a401fc5a175a-FRA
content-encoding
br
language-selector.css
www.cert.pl/wp-content/plugins/sitepress-multilingual-cms/res/css/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/sitepress-multilingual-cms/res/css/language-selector.css?v=3.3.3
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d874b4407ec18a37af2e5b06320fd0a8143c054aa65bb07369f646981f378bee

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 13:35:00 GMT
server
cloudflare
age
126
etag
W/"17fb-526630a4d2900-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a4046813175a-FRA
cf-request-id
057344d6c40000175a8cbf2200000001
style.min.css
www.cert.pl/wp-includes/css/dist/block-library/ 		53 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 15 Sep 2020 12:12:33 GMT
server
cloudflare
age
126
etag
W/"d293-5af5910d74a3a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a4046816175a-FRA
cf-request-id
057344d6c40000175a8cbf3200000001
wpa-style.css
www.cert.pl/wp-content/plugins/wp-accessibility/css/ 		3 KB
873 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/wp-accessibility/css/wpa-style.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2878b0331a62abfe17a83b7f7bfcfdaa940aa542eac35eff3f9d19af68bdb9a0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 15 Sep 2020 12:22:17 GMT
server
cloudflare
age
126
etag
W/"a46-5af5933b20861-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a4046818175a-FRA
cf-request-id
057344d6c40000175a8cbf4200000001
bootstrap.css
www.cert.pl/wp-content/themes/cert-theme/css/ 		120 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/css/bootstrap.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 10 Nov 2015 12:44:00 GMT
server
cloudflare
age
126
etag
W/"1deac-5242f105ac400-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a4046819175a-FRA
cf-request-id
057344d6c40000175a8cbf5200000001
style.css
www.cert.pl/wp-content/themes/cert-theme/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/style.css?v=605830
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4a2096a95586acc732a30954a69c8276586280c61de9025cda0b883bd2540da

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 16 Mar 2016 09:48:00 GMT
server
cloudflare
etag
W/"aca-52e2768c69400-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a404681b175a-FRA
cf-request-id
057344d6c40000175a8cbf6200000001
style.css
www.cert.pl/wp-content/themes/cert-theme/css/ 		38 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6df295d3356644acad90718eb9f0d452b64c6b76c40440b79248cc2b7af9ad03

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 24 Jan 2019 13:52:28 GMT
server
cloudflare
etag
W/"96cd-580348563c83a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a404681e175a-FRA
cf-request-id
057344d6c50000175a8cbf7200000001
slick.css
www.cert.pl/wp-content/themes/cert-theme/css/ 		2 KB
631 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/css/slick.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
893485d48fc8651981b4810fee0d92ebd7fd85baa7f362ad3934a2c652be8dc9

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 10 Nov 2015 12:44:00 GMT
server
cloudflare
age
126
etag
W/"6e7-5242f105ac400-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a4046820175a-FRA
cf-request-id
057344d6c50000175a8cbf8200000001
rwd.css
www.cert.pl/wp-content/themes/cert-theme/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/css/rwd.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d35da6a2cd43ec2d1918f50baef79db8a440e27cae4ab22351ccef196681f3c

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 11 Dec 2015 09:15:00 GMT
server
cloudflare
age
126
etag
W/"1282-5269bc1fe2d00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a4046823175a-FRA
cf-request-id
057344d6c50000175a8cbf9200000001
codecolorer.css
www.cert.pl/wp-content/plugins/codecolorer/ 		18 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/codecolorer/codecolorer.css?ver=0.9.16
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4cba689b8ba104d6fe0527ad437a1458d53586bcef4109e2693c62a8cea7545

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 09 Oct 2018 11:04:09 GMT
server
cloudflare
age
125
etag
W/"46b2-577c9b26a5c40-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a4046826175a-FRA
cf-request-id
057344d6c50000175a8cbfa200000001
jquery.js
www.cert.pl/wp-includes/js/jquery/ 		95 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 03 Jul 2019 12:14:37 GMT
server
cloudflare
age
126
etag
W/"17a69-58cc5ce0db1fd-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a4046828175a-FRA
cf-request-id
057344d6c50000175a8cbfb200000001
jquery.min.js
www.cert.pl/wp-content/themes/cert-theme/js/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/js/jquery.min.js?ver=20120206
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
age
125
etag
W/"176f8-523908c51ff00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a4046829175a-FRA
cf-request-id
057344d6c50000175a8cbfc200000001
js
maps.google.com/maps/api/ 		121 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps/api/js?key=AIzaSyD2T3v-cX61NR0b3u-iTJWZwtWyjYSsYUU&sensor=false&ver=20120206
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
8c946e91ad1c18e74bfdcda6c323d1a1a1c2513f2b9892d8426dcccf00bc75f5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
server-timing
gfet4t7; dur=16
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40897
x-xss-protection
0
expires
Sun, 27 Sep 2020 22:55:27 GMT
logo.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/logo.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dde5645bb8067d85632ec88cf036c885d68e7ba6f02a8a72e4c04ff433c9b7bd

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
age
124
etag
"1660-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579ce175a-FRA
content-length
5728
cf-request-id
057344d76a0000175a8c80d200000001
nask.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/nask.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0d193a6a66bc7cf5717c79c663b4118048b7b07aa4bf139fb77cfcb61b1011c

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
age
125
status
200
content-length
2900
cf-request-id
057344d76a0000175a8c80e200000001
last-modified
Tue, 29 May 2018 12:27:20 GMT
server
cloudflare
etag
"b54-56d575b021a00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579d0175a-FRA
cf-bgj
h2pri
mag.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/mag.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f24935ac01a4adcf13b8ab80d6d8b42bffa83b5280c82cd79ed18cc1d4deaf5a

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
age
124
status
200
content-length
1555
cf-request-id
057344d76a0000175a8c80f200000001
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
etag
"613-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579d3175a-FRA
cf-bgj
h2pri
652ef154ff7aa56d5dfaaa52a4a6f9b8.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/652ef154ff7aa56d5dfaaa52a4a6f9b8.js
  • https://gist.github.com/CERT-Polska-Developer/652ef154ff7aa56d5dfaaa52a4a6f9b8.js
2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/652ef154ff7aa56d5dfaaa52a4a6f9b8.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
79b7a914595952b41ff1dea15d65b0567a437635deda2e69c773dfab6747e17a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
817
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10A:E4B1:AA9AD7C:F8F4904:5F711158
x-frame-options
deny
etag
W/"79b7a914595952b41ff1dea15d65b056"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10A:E4B1:AA9AD65:F8F48EA:5F711157
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/652ef154ff7aa56d5dfaaa52a4a6f9b8.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
82116cbbb35a895605b09b28e11d3c02.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/82116cbbb35a895605b09b28e11d3c02.js
  • https://gist.github.com/CERT-Polska-Developer/82116cbbb35a895605b09b28e11d3c02.js
3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/82116cbbb35a895605b09b28e11d3c02.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
7e47d55f5b55033187d70608202aae964251343b0c989bf3288b9ff02e72c6aa
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
793
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10C:13338:EE38644:15E1D073:5F711158
x-frame-options
deny
etag
W/"7e47d55f5b55033187d70608202aae96"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10C:13338:EE38621:15E1D04D:5F711157
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/82116cbbb35a895605b09b28e11d3c02.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
b50fd39a2d3c5b30d08c8431efc0ddeb.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/b50fd39a2d3c5b30d08c8431efc0ddeb.js
  • https://gist.github.com/CERT-Polska-Developer/b50fd39a2d3c5b30d08c8431efc0ddeb.js
4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/b50fd39a2d3c5b30d08c8431efc0ddeb.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
a01355c606ed960aa2cd17e7a433987bd6b0caa5151ef03c443f529c7e2c9b41
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
917
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C112:FC84:3ED2717:5887D52:5F711158
x-frame-options
deny
etag
W/"a01355c606ed960aa2cd17e7a433987b"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C112:FC84:3ED2714:5887D4D:5F711157
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/b50fd39a2d3c5b30d08c8431efc0ddeb.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
call5.png
www.cert.pl/wp-content/uploads/2018/06/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/call5.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e24eaa6ade4bda23a14bd35de8d1373caf2d23d84844d1230a6df981c8a1db4

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:09 GMT
server
cloudflare
etag
"47fb-56eec76dbb240"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579d5175a-FRA
content-length
18427
cf-request-id
057344d76a0000175a8c810200000001
call_over_string_ida_wtf_ramki.png
www.cert.pl/wp-content/uploads/2018/06/ 		143 KB
143 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/call_over_string_ida_wtf_ramki.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c17b1587fd0f8076aae505b7efccd4a065d721ec2e1436709ff3fdf4431ad5a9

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:10 GMT
server
cloudflare
etag
"23cc7-56eec76eaf480"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579d6175a-FRA
content-length
146631
cf-request-id
057344d76a0000175a8c811200000001
call_over_string_ida_git_ramki.png
www.cert.pl/wp-content/uploads/2018/06/ 		124 KB
124 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/call_over_string_ida_git_ramki.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06bd6246417f62e7cc4ee7ee4da424ff04a776dcc42770195be9a2cac966bad6

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:10 GMT
server
cloudflare
etag
"1ee48-56eec76eaf480"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579d7175a-FRA
content-length
126536
cf-request-id
057344d76a0000175a8c812200000001
1fbc413adb5806bf9deba5fb400712ea.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/1fbc413adb5806bf9deba5fb400712ea.js
  • https://gist.github.com/CERT-Polska-Developer/1fbc413adb5806bf9deba5fb400712ea.js
3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/1fbc413adb5806bf9deba5fb400712ea.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
0b49506b4d3192af5a22860193d1a76a8b4c904615b8d9eac5e2ece8c285fff3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
767
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C110:C86E:F022D64:15E7C96D:5F711158
x-frame-options
deny
etag
W/"0b49506b4d3192af5a22860193d1a76a"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C110:C86E:F022D33:15E7C93F:5F711157
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/1fbc413adb5806bf9deba5fb400712ea.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
peb_traverse_ramki.png
www.cert.pl/wp-content/uploads/2018/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/peb_traverse_ramki.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6820ce29d116ba09669e7c830ad8879a00980859a7f3868ba8c0f93ac80f820

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:12 GMT
server
cloudflare
etag
"3302-56eec77097900"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579d9175a-FRA
content-length
13058
cf-request-id
057344d76a0000175a8c813200000001
6612b8c2584338d7dfe4ad2c7ca0578d.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/6612b8c2584338d7dfe4ad2c7ca0578d.js
  • https://gist.github.com/CERT-Polska-Developer/6612b8c2584338d7dfe4ad2c7ca0578d.js
3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/6612b8c2584338d7dfe4ad2c7ca0578d.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
8b11a12705e979b661aa9bbba4b74a158974a8519b51edd848388fabb12e965e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
772
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C114:F72E:1292233:19C95F6:5F711158
x-frame-options
deny
etag
W/"8b11a12705e979b661aa9bbba4b74a15"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C114:F72E:129222D:19C95F0:5F711157
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/6612b8c2584338d7dfe4ad2c7ca0578d.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
c5f09a104b6ae7d62809b1851e7731c0.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/c5f09a104b6ae7d62809b1851e7731c0.js
  • https://gist.github.com/CERT-Polska-Developer/c5f09a104b6ae7d62809b1851e7731c0.js
4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/c5f09a104b6ae7d62809b1851e7731c0.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
e5a7e35cee7537805a8b56f14d269523ba7b0d9b3a61281a88ecbe15a6af634a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
785
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10E:4843:E6FCF9:1430DFE:5F711158
x-frame-options
deny
etag
W/"e5a7e35cee7537805a8b56f14d269523"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10E:4843:E6FCF7:1430DFA:5F711157
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/c5f09a104b6ae7d62809b1851e7731c0.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
rcxor_ramki.png
www.cert.pl/wp-content/uploads/2018/06/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/rcxor_ramki.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9f2cf82ad31037919cd304b138c9e5595d2c60b0d1cad7b2ab54873683f1a18

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:12 GMT
server
cloudflare
etag
"c104-56eec77097900"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579da175a-FRA
content-length
49412
cf-request-id
057344d76a0000175a8c814200000001
set_clipboard_ramki.png
www.cert.pl/wp-content/uploads/2018/06/ 		175 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/set_clipboard_ramki.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b144d08ce9a7640589ba4311a2dafcce5bc1e4b33a8c31e9711d46aae7279bf

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:14 GMT
server
cloudflare
etag
"2bbf3-56eec7727fd80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579dc175a-FRA
content-length
179187
cf-request-id
057344d76a0000175a8c815200000001
change_opacity_ramki.png
www.cert.pl/wp-content/uploads/2018/06/ 		101 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/change_opacity_ramki.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5007c0c12bf66a01388f66c62bb9041968f7a2b2e7c9002dd7b83856275851e7

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:11 GMT
server
cloudflare
etag
"194b7-56eec76fa36c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579df175a-FRA
content-length
103607
cf-request-id
057344d76a0000175a8c816200000001
send_input_ramki.png
www.cert.pl/wp-content/uploads/2018/06/ 		122 KB
122 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/send_input_ramki.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae030971c757add09455c2fd4a883baf764611b2866babd60ab208854dc5122a

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:13 GMT
server
cloudflare
etag
"1e7f0-56eec7718bb40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579e0175a-FRA
content-length
124912
cf-request-id
057344d76a0000175a8c817200000001
type_in_char_by_char_ramki.png
www.cert.pl/wp-content/uploads/2018/06/ 		111 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2018/06/type_in_char_by_char_ramki.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4637671266dcd64b97f58c4be51c9947fc5f3829b2fceb2726f09bb1ad48b429

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jun 2018 15:46:14 GMT
server
cloudflare
etag
"1bd1c-56eec7727fd80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579e1175a-FRA
content-length
113948
cf-request-id
057344d76a0000175a8c818200000001
2716d49a1581547a25c712a6a278a166.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/2716d49a1581547a25c712a6a278a166.js
  • https://gist.github.com/CERT-Polska-Developer/2716d49a1581547a25c712a6a278a166.js
4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/2716d49a1581547a25c712a6a278a166.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
194f91af37056bb9366a76038b0e6d48f4ee06441b0ebc31c79caf1bd844b400
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
856
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10A:E4B1:AA9ADAD:F8F494A:5F711158
x-frame-options
deny
etag
W/"194f91af37056bb9366a76038b0e6d48"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10C:13338:EE38671:15E1D0BA:5F711158
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/2716d49a1581547a25c712a6a278a166.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
cbec86044e9699538a1c4c0204409d3b.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/cbec86044e9699538a1c4c0204409d3b.js
  • https://gist.github.com/CERT-Polska-Developer/cbec86044e9699538a1c4c0204409d3b.js
10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/cbec86044e9699538a1c4c0204409d3b.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
1d4ec3c4db8354b084d7a2ebbe830244ec85d4ee82ff58e41268ffc86d3165b9
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
1299
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10C:13338:EE38694:15E1D0EA:5F711158
x-frame-options
deny
etag
W/"1d4ec3c4db8354b084d7a2ebbe830244"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10A:E4B1:AA9AD9C:F8F492C:5F711158
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/cbec86044e9699538a1c4c0204409d3b.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
a561be5712f7c4a09ffd873efb7f61fa.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/a561be5712f7c4a09ffd873efb7f61fa.js
  • https://gist.github.com/CERT-Polska-Developer/a561be5712f7c4a09ffd873efb7f61fa.js
3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/a561be5712f7c4a09ffd873efb7f61fa.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
1bed02499131e53c270f58222cdbc22b2b73c93c952a4f5400c881e8f232fef6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
816
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C114:F72E:1292239:19C95FD:5F711158
x-frame-options
deny
etag
W/"1bed02499131e53c270f58222cdbc22b"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C110:C86E:F022D91:15E7C9AD:5F711158
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/a561be5712f7c4a09ffd873efb7f61fa.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
18dc2bbbb66cb482559c74ab18a46268.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/18dc2bbbb66cb482559c74ab18a46268.js
  • https://gist.github.com/CERT-Polska-Developer/18dc2bbbb66cb482559c74ab18a46268.js
2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/18dc2bbbb66cb482559c74ab18a46268.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
91167bda085f834f08904fa0f838f97b60b826b3e2d9ea3dedfafb0ef5c39258
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
717
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C110:C86E:F022DAF:15E7C9DE:5F711158
x-frame-options
deny
etag
W/"91167bda085f834f08904fa0f838f97b"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C114:F72E:1292236:19C95FA:5F711158
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/18dc2bbbb66cb482559c74ab18a46268.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
68bf540bb1d4545bca1d220d4cb18511.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/68bf540bb1d4545bca1d220d4cb18511.js
  • https://gist.github.com/CERT-Polska-Developer/68bf540bb1d4545bca1d220d4cb18511.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/68bf540bb1d4545bca1d220d4cb18511.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
7af67fe19623ef38f5b758f24fceb513cbf8ae61b29447e29190d41d49bb3263
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
1227
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10E:4843:E6FCFC:1430E02:5F711158
x-frame-options
deny
etag
W/"7af67fe19623ef38f5b758f24fceb513"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C10E:4843:E6FCFA:1430DFF:5F711158
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/68bf540bb1d4545bca1d220d4cb18511.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
31e54e27228b41af8ce4ba00e263631b.js
gist.github.com/CERT-Polska-Developer/
Redirect Chain
  • https://gist.github.com/31e54e27228b41af8ce4ba00e263631b.js
  • https://gist.github.com/CERT-Polska-Developer/31e54e27228b41af8ce4ba00e263631b.js
2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gist.github.com/CERT-Polska-Developer/31e54e27228b41af8ce4ba00e263631b.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.4 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-4-fra.github.com
Software
GitHub.com /
Resource Hash
3a81a55d38eea79ba08913477b5861bddce587631b3f560a1d448e1293428654
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cert.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
status
200 OK
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length
806
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C112:FC84:3ED2727:5887D69:5F711158
x-frame-options
deny
etag
W/"3a81a55d38eea79ba08913477b5861bd"
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges
bytes

Redirect headers

date
Sun, 27 Sep 2020 22:25:28 GMT
x-content-type-options
nosniff
status
302 Found
strict-transport-security
max-age=31536000; includeSubdomains; preload
Content-Length
147
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
X-GitHub-Request-Id
C112:FC84:3ED2721:5887D5E:5F711158
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
content-type
text/html; charset=utf-8
location
https://gist.github.com/CERT-Polska-Developer/31e54e27228b41af8ce4ba00e263631b.js
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
twitter.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/twitter.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a00c6ecad47187aa858123743ebe003f6c28457f2826a1f89cde242ebc08328

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
age
123
etag
"e3f-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579e3175a-FRA
content-length
3647
cf-request-id
057344d76a0000175a8c819200000001
fb.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/fb.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4eaad93e8bcf94977b91053bf8ecf0910a07ec22af2106fc816973d546a620ab

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
age
124
status
200
content-length
2979
cf-request-id
057344d76a0000175a8c81a200000001
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
etag
"ba3-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579e5175a-FRA
cf-bgj
h2pri
git.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/git.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
956fcfddb7ae5b576ba76a258ed10eb9f9be2c45ee634acaea0dbf15ebc314be

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
age
123
status
200
content-length
2874
cf-request-id
057344d76a0000175a8c81b200000001
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
etag
"b3a-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579e7175a-FRA
cf-bgj
h2pri
logo_footer.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/logo_footer.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc0b847e470f5f76afe857fd85648bb60650f0a6d9f770e5628f9c379cb184cb

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
age
123
etag
"c6f-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579e8175a-FRA
content-length
3183
cf-request-id
057344d76a0000175a8c81c200000001
footer_1.png
www.cert.pl/wp-content/uploads/2015/11/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2015/11/footer_1.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43c7711cf44d086850c4dacc1427bafef762201878eb6ca54ab4c0f6891e434e

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Tue, 03 Nov 2015 13:02:00 GMT
server
cloudflare
age
123
etag
"ddc-523a27fd6a200"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579e9175a-FRA
content-length
3548
cf-request-id
057344d76a0000175a8c81d200000001
footer_2.png
www.cert.pl/wp-content/uploads/2015/11/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2015/11/footer_2.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63c92b89f27bb45c5db310b20706a37e2a56539a739d8400f5f926f8b3a44293

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
age
123
status
200
content-length
5514
cf-request-id
057344d76a0000175a8c81e200000001
last-modified
Tue, 03 Nov 2015 13:02:00 GMT
server
cloudflare
etag
"158a-523a27fd6a200"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579ea175a-FRA
cf-bgj
h2pri
footer_3.png
www.cert.pl/wp-content/uploads/2015/11/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2015/11/footer_3.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70e5a4057cce9a3cb096fcf95470f8b76aa66d0a25513ddcb3834b12f7abfacd

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Tue, 03 Nov 2015 13:02:00 GMT
server
cloudflare
age
123
etag
"22d2-523a27fd6a200"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579eb175a-FRA
content-length
8914
cf-request-id
057344d76a0000175a8c81f200000001
en_horizontal_cef_logo-1.png
www.cert.pl/wp-content/uploads/2019/02/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/uploads/2019/02/en_horizontal_cef_logo-1.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a88cd5656c40002a2343c31aeab4263e311eb120b5f4c61141043a6837552800

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:28 GMT
cf-cache-status
REVALIDATED
last-modified
Mon, 18 Feb 2019 13:12:53 GMT
server
cloudflare
etag
"7dea-5822ae1e66fa7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579ec175a-FRA
content-length
32234
cf-request-id
057344d76a0000175a8c820200000001
socialshareprivacy.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/ 		567 B
367 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2881200b4a3a31e8b5f433fb27d9235a161486d8c2450430353a24026323c182

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
123
etag
W/"237-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40579b9175a-FRA
cf-request-id
057344d7690000175a8c802200000001
longdesc.button.js
www.cert.pl/wp-content/plugins/wp-accessibility/js/ 		1 KB
501 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/wp-accessibility/js/longdesc.button.js?ver=1.0
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e67a666330e9e3593ced84585ca04a77066360514a2617da5abfb15167d03fd

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 15 Sep 2020 12:22:17 GMT
server
cloudflare
age
123
etag
W/"44b-5af5933b20861-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579ba175a-FRA
cf-request-id
057344d7690000175a8c803200000001
current-menu-item.js
www.cert.pl/wp-content/plugins/wp-accessibility/js/ 		138 B
224 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/wp-accessibility/js/current-menu-item.js?ver=1.0
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b97e05411def19f898ee5b52a8241d47780894133d4176dbafd074fbc9f90af6

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 15 Sep 2020 12:22:17 GMT
server
cloudflare
age
122
etag
W/"8a-5af5933b20861-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579bb175a-FRA
cf-request-id
057344d7690000175a8c804200000001
navigation.js
www.cert.pl/wp-content/themes/cert-theme/js/ 		2 KB
848 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/js/navigation.js?ver=20120206
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 27 Oct 2015 12:51:00 GMT
server
cloudflare
age
122
etag
W/"8e7-52315879c3500-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579bd175a-FRA
cf-request-id
057344d7690000175a8c805200000001
slick.min.js
www.cert.pl/wp-content/themes/cert-theme/js/ 		39 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/js/slick.min.js?ver=20120206
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1346ba855702d564b8dbae71c7d8e9c465d6657bbbff6f3eaa00cedf4f4aa53

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
age
122
etag
W/"9ccf-523908c51ff00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579bf175a-FRA
cf-request-id
057344d76a0000175a8c806200000001
skip-link-focus-fix.js
www.cert.pl/wp-content/themes/cert-theme/js/ 		903 B
524 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/js/skip-link-focus-fix.js?ver=20130115
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2cb1695948a80c7f945fa3bc8805a7ce02bb248e061ece8a34b975a16008e0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 27 Oct 2015 12:51:00 GMT
server
cloudflare
age
122
etag
W/"387-52315879c3500-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579c0175a-FRA
cf-request-id
057344d76a0000175a8c807200000001
gdpr.js
www.cert.pl/wp-content/themes/cert-theme/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/js/gdpr.js?ver=20181024
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b39a392ec8f34f2e7d2b5d60bee6fbf2f89a45dd951fba92eb3eed8da1649311

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 25 Oct 2018 11:09:03 GMT
server
cloudflare
age
122
etag
W/"1480-5790ba16671c0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579c2175a-FRA
cf-request-id
057344d76a0000175a8c808200000001
wp-embed.min.js
www.cert.pl/wp-includes/js/ 		1 KB
797 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-includes/js/wp-embed.min.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 27 May 2020 11:06:14 GMT
server
cloudflare
age
122
etag
W/"59a-5a69f3355e83b-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579c5175a-FRA
cf-request-id
057344d76a0000175a8c809200000001
sitepress.js
www.cert.pl/wp-content/plugins/sitepress-multilingual-cms/res/js/ 		732 B
453 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3341bec0a8f34b5a80b44ece0d34db5d8e064e3e570cd405b031a1bcd4f5daa

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 13:35:00 GMT
server
cloudflare
age
122
etag
W/"2dc-526630a4d2900-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579c6175a-FRA
cf-request-id
057344d76a0000175a8c80a200000001
jquery.socialshareprivacy.min.js
www.cert.pl/wp-content/plugins/ssp/scripts/javascripts/ 		41 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/javascripts/jquery.socialshareprivacy.min.js?ver=1.0.0
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a650f4a755f80b22ceaa03172b9b24a42f53028b82dafb07b4e3e3ced4d2553

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2015 09:49:00 GMT
server
cloudflare
age
122
etag
W/"a415-52673ffe75b00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579c9175a-FRA
cf-request-id
057344d76a0000175a8c80b200000001
autoload.js
www.cert.pl/wp-content/plugins/ssp/scripts/javascripts/ 		153 B
253 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/javascripts/autoload.js?ver=1.0.0
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f5c27611c0671ce3ed55912d6daf2d9f6cb8f78d3901d3a206a646961af05bb

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
age
122
etag
W/"99-52663d9b9bf00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
cf-ray
5d98a40579cb175a-FRA
cf-request-id
057344d76a0000175a8c80c200000001
css
fonts.googleapis.com/ 		8 KB
790 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
150b6afd03574b0db5e6c489ed0aa2758368c92ee6a8ec474a564dd265aa842c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 27 Sep 2020 22:25:27 GMT
server
ESF
date
Sun, 27 Sep 2020 22:25:27 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 27 Sep 2020 22:25:27 GMT
slick-theme.css
www.cert.pl/wp-content/themes/cert-theme/css/ 		3 KB
869 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/css/slick-theme.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f37789f511d3d6abf8ad9b5de3a0ee9cd1ed468b61d1beac7a1765a0279c70b

Request headers

Referer
https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 10 Nov 2015 12:44:00 GMT
server
cloudflare
age
122
etag
W/"bcf-5242f105ac400-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a4052932175a-FRA
cf-request-id
057344d7380000175a8cbff200000001
lightning.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/lightning.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
583647af9450c692b8061fc2b682285ea79480e15a653273bf5d2acf0c155d8a

Request headers

Referer
https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
age
83
etag
"5cf-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579ed175a-FRA
content-length
1487
cf-request-id
057344d76a0000175a8c821200000001
rss_inv.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		490 B
615 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/rss_inv.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/themes/cert-theme/style.css?v=605830
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b091609321962db7030ba1be76add391e910e1e428bc878543a578b94e96eed2

Request headers

Referer
https://www.cert.pl/wp-content/themes/cert-theme/style.css?v=605830
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Wed, 27 Jan 2016 13:35:00 GMT
server
cloudflare
age
83
etag
"1ea-52a50de5de900"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579ef175a-FRA
content-length
490
cf-request-id
057344d76a0000175a8c822200000001
glob_green.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/glob_green.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc2b8082434f8aa2acfc3d96d723bd360b70988e0553e1345b7dc56838bf9f8d

Request headers

Referer
https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
age
83
etag
"71b-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40579f1175a-FRA
content-length
1819
cf-request-id
057344d76a0000175a8c823200000001
before_head.png
www.cert.pl/wp-content/themes/cert-theme/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/themes/cert-theme/img/before_head.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cf684b532cd36c601f1832d0bc2d81100e5c860a30ee944afed762f4bb34ed6

Request headers

Referer
https://www.cert.pl/wp-content/themes/cert-theme/css/style.css?v=761566
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:27 GMT
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2015 15:37:00 GMT
server
cloudflare
age
83
etag
"424-523908c51ff00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40589f4175a-FRA
content-length
1060
cf-request-id
057344d7710000175a8c824200000001
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.cert.pl
Referer
https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:24:58 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:59 GMT
server
sffe
age
446429
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:24:58 GMT
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v17/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.cert.pl
Referer
https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:23:58 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:25 GMT
server
sffe
age
446489
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14176
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:23:58 GMT
gist-embed-fd43f22140a6ad2cc9d0aa1f169a01f3.css
github.githubassets.com/assets/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/gist-embed-fd43f22140a6ad2cc9d0aa1f169a01f3.css
Requested by
Host: gist.github.com
URL: https://gist.github.com/652ef154ff7aa56d5dfaaa52a4a6f9b8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.111.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b3bd69bc73bb780c9b54f936936d5cdc97256b4afc237467d57cf261adb19cab

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
390a974e8d5aada7149f8eecf94bd32032fe67bb
date
Sun, 27 Sep 2020 22:25:28 GMT
content-encoding
gzip
age
4564274
x-cache
MISS, HIT
status
200
access-control-max-age
3600
content-length
4974
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17753-DCA, cache-cdg20756-CDG
last-modified
Thu, 06 Aug 2020 02:32:04 GMT
server
AmazonS3
x-timer
S1601245528.348120,VS0,VE0
etag
"e7855578ffe91726212d9ca6866f06a3"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1422
NHGJPlEXssg
www.youtube.com/embed/ Frame F64D
Redirect Chain
  • https://youtube.com/embed/NHGJPlEXssg
  • https://www.youtube.com/embed/NHGJPlEXssg
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/NHGJPlEXssg
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/NHGJPlEXssg
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/

Response headers

status
200
strict-transport-security
max-age=31536000
cache-control
no-cache
content-type
text/html; charset=utf-8
expires
Tue, 27 Apr 1971 19:44:06 GMT
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding
br
content-length
10895
x-content-type-options
nosniff
date
Sun, 27 Sep 2020 22:25:29 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=Wu_QtZLcb5g; path=/; domain=.youtube.com; secure; expires=Fri, 26-Mar-2021 22:25:29 GMT; httponly; samesite=None VISITOR_INFO1_LIVE=Wu_QtZLcb5g; path=/; domain=.youtube.com; secure; expires=Fri, 26-Mar-2021 22:25:29 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Sun, 27-Sep-2020 22:55:29 GMT YSC=eS_aNFdoFGo; path=/; domain=.youtube.com; secure; httponly; samesite=None
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status
301
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
0
location
https://www.youtube.com/embed/NHGJPlEXssg
date
Sun, 27 Sep 2020 22:25:29 GMT
content-type
text/html
server
YouTube Frontend Proxy
x-xss-protection
0
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
common.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/common.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a05587d82a51aba9e99200cddad3444dc152835148765ae610a533216c28240b

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2015 11:14:00 GMT
server
cloudflare
age
122
etag
W/"180b-526752fe32e00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfb3175a-FRA
cf-request-id
057344dd3a0000175a8c883200000001
buffer.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		302 B
203 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/buffer.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7afd30c360cfe2f506d50d5fef78c975126e545039dc0bd5b6f7c888cf62cfa

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"12e-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfb6175a-FRA
cf-request-id
057344dd3a0000175a8c884200000001
delicious.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		4 KB
956 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/delicious.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4acef9ad64b0512414f2c8e9c8b596c02f2551266eaca863fa475aa099e47b81

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"1038-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfb7175a-FRA
cf-request-id
057344dd3a0000175a8c885200000001
disqus.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		4 KB
949 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/disqus.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd1a9f41d8b7ed46ceb36adc7671f6392ec1bd1cdba114c8ca39e8eaf9d4bc59

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"111e-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfb8175a-FRA
cf-request-id
057344dd3a0000175a8c886200000001
facebook.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		255 B
221 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/facebook.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b69538e34603e6ec2341218be21ee500aa57f4b0deded467f012a0f155e65ce

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"ff-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfb9175a-FRA
cf-request-id
057344dd3a0000175a8c887200000001
flattr.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		667 B
273 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/flattr.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42af2f9eaf30cf9fe06f1c59f9cf9a1098e6d4664411453ea4bfb6c2958b2028

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"29b-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfba175a-FRA
cf-request-id
057344dd3a0000175a8c888200000001
gplus.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		324 B
252 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/gplus.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4c79b2b4a368f73349943f073ae04d64a7b3804ab0dbcc2866c0fa8e209b0bc

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2015 11:20:00 GMT
server
cloudflare
age
122
etag
W/"144-5267545585800-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfbb175a-FRA
cf-request-id
057344dd3b0000175a8c889200000001
hackernews.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		3 KB
794 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/hackernews.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
717e30446ea6f8f04edca3caf502837207ead9f369f102084f0bc4d51da3f3bb

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2015 11:23:00 GMT
server
cloudflare
age
122
etag
W/"d6e-526755012ed00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfbe175a-FRA
cf-request-id
057344dd3b0000175a8c88a200000001
linkedin.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		386 B
263 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/linkedin.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3ddd53f499536c0e8eb0a3a1a5e75316f7f959907d12fc123e01d26ad334775

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2015 11:26:00 GMT
server
cloudflare
age
122
etag
W/"182-526755acd8200-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfc0175a-FRA
cf-request-id
057344dd3b0000175a8c88b200000001
mail.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		222 B
205 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/mail.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a38147f41609a72ecee1b3bd11737a1128efb4a69e65eb27f5188787524cd90

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"de-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfc2175a-FRA
cf-request-id
057344dd3b0000175a8c88c200000001
pinterest.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		396 B
349 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/pinterest.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
354005cfd2c57b546ae96f1f63b1e2e0b2d8ed975285c136b4dadd1260b96646

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2015 11:27:00 GMT
server
cloudflare
age
122
etag
W/"18c-526755e610900-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfc4175a-FRA
cf-request-id
057344dd3b0000175a8c88d200000001
reddit.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		160 B
185 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/reddit.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3406333c8328eb764a54935592e8bc4e1e16c2ae653f9926a50423fcab117781

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"a0-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfc5175a-FRA
cf-request-id
057344dd3b0000175a8c88e200000001
stumbleupon.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		268 B
261 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/stumbleupon.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e590c41a365a5cfcb48fc12a7a34591e21e38e920b4381d487dc60c9c1e6f0ef

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"10c-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfc6175a-FRA
cf-request-id
057344dd3b0000175a8c88f200000001
tumblr.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		226 B
207 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/tumblr.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3f772c78d73c3418d35694703f2548ef5d0fe3a5e903d09bdbe3bf61503ff78

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"e2-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfc7175a-FRA
cf-request-id
057344dd3b0000175a8c890200000001
twitter.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		226 B
176 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/twitter.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e0667abb5334f7bbe5eae5df7d697a7cc261820a0dce101df5025de1b9ec92d

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"e2-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfc8175a-FRA
cf-request-id
057344dd3b0000175a8c891200000001
xing.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/ 		368 B
233 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/modules/xing.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
568668326055b517ae8fb9dbe18cd6d4da2bfd80cc28ae58e732d0fcdabdd2df

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/socialshareprivacy.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Dec 2015 14:34:00 GMT
server
cloudflare
age
122
etag
W/"170-52663dd4d4600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7200
cf-ray
5d98a40ecfca175a-FRA
cf-request-id
057344dd3b0000175a8c892200000001
S6uyw4BMUTPHjxAwXiWtFCfQ7A.woff2
fonts.gstatic.com/s/lato/v17/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjxAwXiWtFCfQ7A.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3dec2ba3a35b2d878329a4687f5061f4a62030ad69bd0ebb2ca61c4fda102f38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.cert.pl
Referer
https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:27:21 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:51 GMT
server
sffe
age
446288
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2888
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:27:21 GMT
widgets.js
platform.twitter.com/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4198) /
Resource Hash
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Sep 2020 22:25:29 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Age
1479
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length
28881
x-tw-cdn
VZ
Last-Modified
Tue, 01 Sep 2020 20:40:54 GMT
Server
ECS (fcn/4198)
Etag
"a58136137a93f33c1d165df7d4d973f8+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v17/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.cert.pl
Referer
https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin,latin-ext
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:31:46 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:59 GMT
server
sffe
age
446023
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14864
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:31:46 GMT
jquery.socialshareprivacy.min.css
www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/jquery.socialshareprivacy.min.css
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/themes/cert-theme/js/jquery.min.js?ver=20120206
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:31 GMT
content-encoding
br
cf-cache-status
EXPIRED
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
404
cache-control
max-age=7200, must-revalidate
cf-ray
5d98a40f78df175a-FRA
link
<https://www.cert.pl/wp-json/>; rel="https://api.w.org/"
cf-request-id
057344dda80000175a8c89e200000001
expires
Wed, 11 Jan 1984 05:00:00 GMT
fbshare.png
www.cert.pl/wp-content/plugins/ssp/scripts/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/images/fbshare.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eddbbe68c5bfa062a75f4c4db4151d12b036a5c0a96547980186c36a78597563

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:30 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
etag
"43d-52663d9b9bf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40f78f8175a-FRA
content-length
1085
cf-request-id
057344ddaf0000175a8c8a6200000001
dummy_gplus.png
www.cert.pl/wp-content/plugins/ssp/scripts/images/ 		661 B
763 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/images/dummy_gplus.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b0873c0a4b4c2c8e80b8e83eacbbf0f01d190776fdb7bdc545ff33a19abf878

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:30 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
etag
"295-52663d9b9bf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40f78fa175a-FRA
content-length
661
cf-request-id
057344ddaf0000175a8c8a7200000001
dummy_hackernews.png
www.cert.pl/wp-content/plugins/ssp/scripts/images/ 		343 B
515 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/images/dummy_hackernews.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90c4d22fc011476dbd969f4aecdbf2d3d97c21dc973cd6cf0d3263102d24f996

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:30 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
etag
"157-52663d9b9bf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40f78fc175a-FRA
content-length
343
cf-request-id
057344ddaf0000175a8c8a8200000001
cf-bgj
h2pri
dummy_linkedin.png
www.cert.pl/wp-content/plugins/ssp/scripts/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/images/dummy_linkedin.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e99df0000e30c75b9295ebbd3c1f114cfcbc0e178c1691d1b61d9132317328a7

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:31 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
etag
"4fd-52663d9b9bf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40f78fd175a-FRA
content-length
1277
cf-request-id
057344ddaf0000175a8c8a9200000001
dummy_pinterest.png
www.cert.pl/wp-content/plugins/ssp/scripts/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/images/dummy_pinterest.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e38cd1277f5e55739801de6218612d84e6c7cd87c3840ddcc08ae2ed6af2a5f

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:31 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
etag
"479-52663d9b9bf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40f78ff175a-FRA
content-length
1145
cf-request-id
057344ddaf0000175a8c8aa200000001
dummy_reddit.png
www.cert.pl/wp-content/plugins/ssp/scripts/images/ 		1018 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/images/dummy_reddit.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7275150f338d6dc83b49b9cd0cfd33438c6afc81c520cf548b3f733ec7cd85d7

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:31 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
etag
"3fa-52663d9b9bf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40f7900175a-FRA
content-length
1018
cf-request-id
057344ddaf0000175a8c8ab200000001
cf-bgj
h2pri
dummy_twitter.png
www.cert.pl/wp-content/plugins/ssp/scripts/images/ 		965 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/images/dummy_twitter.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dabfc19ef465889bf77fb3a7347ea1c0f0c08d3d4ad4fd9370fc109d043a1a84

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:30 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
etag
"3c5-52663d9b9bf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40f7902175a-FRA
content-length
965
cf-request-id
057344ddaf0000175a8c8ac200000001
socialshareprivacy_on_off.png
www.cert.pl/wp-content/plugins/ssp/scripts/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cert.pl/wp-content/plugins/ssp/scripts/images/socialshareprivacy_on_off.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/common.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bccd2cd032055d053f39bff100c17c2b165952ab55e7479f2aa4ca3f287efd69

Request headers

Referer
https://www.cert.pl/wp-content/plugins/ssp/scripts/stylesheets/common.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:31 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 08 Dec 2015 14:33:00 GMT
server
cloudflare
etag
"515-52663d9b9bf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=7200
accept-ranges
bytes
cf-ray
5d98a40f7904175a-FRA
content-length
1301
cf-request-id
057344ddaf0000175a8c8ad200000001
widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame AF4B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.cert.pl
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4187) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1038316
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Sun, 27 Sep 2020 22:25:29 GMT
Etag
"9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified
Tue, 01 Sep 2020 17:58:17 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/4187)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
5825
moment~timeline~tweet.2e5232162202896d50461b242819754e.js
platform.twitter.com/js/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/moment~timeline~tweet.2e5232162202896d50461b242819754e.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4186) /
Resource Hash
357eac5a1ab8249b3fc4569040b13d64795f5aa945ae3570f782d979015bef56

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Sep 2020 22:25:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 01 Sep 2020 17:58:08 GMT
Server
ECS (fcn/4186)
Age
1038316
Etag
"cce4698c56d0a54ba3f908b953e403c1+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
7651
timeline.610564c46865d0bb1eccdd42c0dc6ea7.js
platform.twitter.com/js/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/timeline.610564c46865d0bb1eccdd42c0dc6ea7.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4198) /
Resource Hash
ca782cbdd8cee7ccccef6983f6566c9c29e1aa5da753a81e65250fad30bb6359

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Sep 2020 22:25:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 01 Sep 2020 17:58:08 GMT
Server
ECS (fcn/4198)
Age
1038313
Etag
"c556b2c56f55b3b2458cc2f84945663d+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
6647
profile
cdn.syndication.twimg.com/timeline/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_CERT_Polska_old&dnt=false&domain=www.cert.pl&lang=pl&screen_name=CERT_Polska&suppress_response_codes=true&t=1779161&tweet_limit=2&tz=GMT%2B0200&with_replies=false
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D60) /
Resource Hash
01e1c1b37b67d686ac7fb0fc3c7f213a37a205d15a96ce9494cb5697955d9903
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
225
x-cache
HIT
status
200
content-disposition
attachment; filename=jsonp.jsonp
access-control-allow-methods
GET
vary
Accept-Encoding
content-length
3365
x-xss-protection
0
x-response-time
134
last-modified
Sun, 27 Sep 2020 22:21:44 GMT
server
ECS (lcy/1D60)
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
application/javascript;charset=utf-8
expires
Sun, 27 Sep 2020 22:30:29 GMT
cache-control
must-revalidate, max-age=300
x-connection-hash
0943a3b4c8f3876311a4ee2a6adfef43
accept-ranges
bytes
timing-allow-origin
*
x-transaction
00b3908a0014f731
access-contol-allow-origin
platform.twitter.com
timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ Frame 5598 		53 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4195) /
Resource Hash
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Sep 2020 22:25:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 01 Sep 2020 17:58:05 GMT
Server
ECS (fcn/4195)
Age
1038316
Etag
"fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
text/css; charset=utf-8
Content-Length
12144
timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4195) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Sep 2020 22:25:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 01 Sep 2020 17:58:05 GMT
Server
ECS (fcn/4195)
Age
1038316
Etag
"fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
text/css; charset=utf-8
Content-Length
12144
K0lej22I_normal.png
pbs.twimg.com/profile_images/1308686926933905408/ Frame 5598 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/1308686926933905408/K0lej22I_normal.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40D0) /
Resource Hash
1b80cd14156fc8c24175b7cfb8c6396d6f46b9bee03c0ba14964fdef4717e110
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
x-content-type-options
nosniff
age
395264
x-cache
HIT
status
200
content-length
3023
x-response-time
132
surrogate-key
profile_images profile_images/bucket/0 profile_images/1308686926933905408
last-modified
Wed, 23 Sep 2020 08:35:32 GMT
server
ECS (fcn/40D0)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
6f59cf59c01458e77348a64639cabfea
accept-ranges
bytes
ZNVCXa8E_normal.png
pbs.twimg.com/profile_images/458887776423776256/ Frame 5598 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/458887776423776256/ZNVCXa8E_normal.png
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40D1) /
Resource Hash
f7d46e828bf23ed4df69b4c932c8c92f24375070768be9c2a25077fe654c0175
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
x-content-type-options
nosniff
age
225473
x-cache
HIT
status
200
content-length
2339
x-response-time
122
surrogate-key
profile_images profile_images/bucket/0 profile_images/458887776423776256
last-modified
Wed, 23 Apr 2014 08:37:06 GMT
server
ECS (fcn/40D1)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
9a49112bfc357b25cad7c49336624357
accept-ranges
bytes
Eilj4Z0WAAAjMAW
pbs.twimg.com/media/ Frame 5598 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/Eilj4Z0WAAAjMAW?format=jpg&name=small
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41B0) /
Resource Hash
242623b15746f0784904ae4a8eaf84e3aaa918b8a4d732e804a44143183212e2
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
x-content-type-options
nosniff
age
394995
x-cache
HIT
status
200
content-length
18421
x-response-time
136
surrogate-key
media media/bucket/2 media/1308686987382095872
last-modified
Wed, 23 Sep 2020 08:35:46 GMT
server
ECS (fcn/41B0)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
1c8c5419b59715cec7c5bbad2cdc5119
accept-ranges
bytes
Eiqmm9cX0AIYSSp
pbs.twimg.com/media/ Frame 5598 		278 KB
278 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/Eiqmm9cX0AIYSSp?format=png&name=small
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40D6) /
Resource Hash
5f8d14586669eb6b16d7d1e81df7e96e90822c625b750248c290858a0f47749b
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:29 GMT
x-content-type-options
nosniff
age
310646
x-cache
HIT
status
200
content-length
284838
x-response-time
129
surrogate-key
media media/bucket/3 media/1309041829963354114
last-modified
Thu, 24 Sep 2020 08:05:47 GMT
server
ECS (fcn/40D6)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
d8da74bafaa75adb25213bb8e7b5e29b
accept-ranges
bytes
truncated
/ Frame 5598 		512 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eddfb285df91d818926b2f8ec64c71be82e0ea4f21ca9f63f5b0bc5dbcd75b0b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ Frame 5598 		825 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ Frame 5598 		739 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ Frame 5598 		572 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ Frame 5598 		644 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
jot
syndication.twitter.com/i/ 		43 B
383 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.cert.pl%2Fen%2Fnews%2Fsingle%2Fbackswap-malware-analysis%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_data_source%22%3A%22profile%3ACERT_Polska%22%2C%22query%22%3Anull%2C%22profile_id%22%3Anull%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1601245529957%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22219d021%3A1598982042171%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22element%22%3A%22notice%22%2C%22section%22%3A%22header%22%2C%22action%22%3A%22seen%22%7D%7D&notice_seen=true
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Sep 2020 22:25:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
113
pragma
no-cache
last-modified
Sun, 27 Sep 2020 22:25:30 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
ce70c292059238018b5343feb8496dce
x-transaction
00f911e900f119cb
expires
Tue, 31 Mar 1981 05:00:00 GMT
jot.html
platform.twitter.com/ Frame D04F
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/jot.html
Requested by
Host: www.cert.pl
URL: https://www.cert.pl/en/news/single/backswap-malware-analysis/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40E1) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
Origin
https://www.cert.pl
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1038316
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Sun, 27 Sep 2020 22:25:30 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Tue, 01 Sep 2020 20:40:53 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40E1)
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
80

Redirect headers

status
302 302 Found
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length
0
content-type
text/html;charset=utf-8
date
Sun, 27 Sep 2020 22:25:30 GMT
expires
Tue, 31 Mar 1981 05:00:00 GMT
last-modified
Sun, 27 Sep 2020 22:25:30 GMT
location
https://platform.twitter.com/jot.html
pragma
no-cache
server
tsa_o
strict-transport-security
max-age=631138519
x-connection-hash
ce70c292059238018b5343feb8496dce
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-response-time
116
x-transaction
00c51a770041adcc
x-tsa-request-body-time
0
x-twitter-response-tags
BouncerCompliant
x-xss-protection
0
common.js
maps.google.com/maps-api-v3/api/js/42/6/ 		78 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/42/6/common.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyD2T3v-cX61NR0b3u-iTJWZwtWyjYSsYUU&sensor=false&ver=20120206
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d32ed082c61887cf5f95d4cb2fcc3d2961b621068df3099e55f44879e2ccc76
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 19:02:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Sep 2020 16:42:26 GMT
server
sffe
age
357809
vary
Accept-Encoding, Origin
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29247
x-xss-protection
0
expires
Thu, 23 Sep 2021 19:02:03 GMT
util.js
maps.google.com/maps-api-v3/api/js/42/6/ 		146 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/42/6/util.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyD2T3v-cX61NR0b3u-iTJWZwtWyjYSsYUU&sensor=false&ver=20120206
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a01a4d1cd1ab2741a453ddad95ece257194b476b8ac84c42268b0bf33cd0bad8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 19:02:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Sep 2020 16:42:26 GMT
server
sffe
age
357809
vary
Accept-Encoding, Origin
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55140
x-xss-protection
0
expires
Thu, 23 Sep 2021 19:02:03 GMT
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ 		62 B
207 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.cert.pl%2Fen%2Fnews%2Fsingle%2Fbackswap-malware-analysis%2F&4sAIzaSyD2T3v-cX61NR0b3u-iTJWZwtWyjYSsYUU&callback=_xdc_._7r1cey&key=AIzaSyD2T3v-cX61NR0b3u-iTJWZwtWyjYSsYUU&token=104281
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps-api-v3/api/js/42/6/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
68fb5a4f5d6662367eab3798e46f51df907a268cf6af2d42a9cf8427b973968d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.cert.pl/en/news/single/backswap-malware-analysis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 27 Sep 2020 22:25:32 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment
server-timing
gfet4t7; dur=25
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView function| CookiesPopup object| wp object| icl_vars function| addLoadEvent function| icl_retry_mtr string| icl_lang string| icl_home object| twttr object| _paq function| embedTrackingCode object| cookiesBanner object| __twttrll object| __twttr object| _xdc_

4 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: eS_aNFdoFGo
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: Wu_QtZLcb5g
www.cert.pl/ Name: _icl_current_language
Value: en
.cert.pl/ Name: __cfduid
Value: d7a6c2ea3e4b250b1535447c6ae6c1d081601245527

2 Console Messages

Source Level URL
Text
console-api info URL: https://platform.twitter.com/widgets.js(Line 1)
Message:
You may have been affected by an update to settings in embedded timelines. See https://twittercommunity.com/t/deprecating-widget-settings/102295. [object HTMLAnchorElement]
console-api warning URL: https://maps.google.com/maps-api-v3/api/js/42/6/util.js(Line 233)
Message:
Google Maps JavaScript API warning: SensorNotRequired https://developers.google.com/maps/documentation/javascript/error-messages#sensor-not-required

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.syndication.twimg.com
fonts.googleapis.com
fonts.gstatic.com
gist.github.com
github.githubassets.com
maps.google.com
maps.googleapis.com
pbs.twimg.com
platform.twitter.com
syndication.twitter.com
www.cert.pl
www.youtube.com
youtube.com
104.244.42.200
140.82.121.4
185.199.111.154
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::681a:d73
2a00:1450:4001:802::200a
2a00:1450:4001:802::200e
2a00:1450:4001:803::200e
2a00:1450:4001:809::200e
2a00:1450:4001:814::200a
2a00:1450:4001:81c::2003
2a00:1450:4001:825::2003
01e1c1b37b67d686ac7fb0fc3c7f213a37a205d15a96ce9494cb5697955d9903
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
06bd6246417f62e7cc4ee7ee4da424ff04a776dcc42770195be9a2cac966bad6
0a650f4a755f80b22ceaa03172b9b24a42f53028b82dafb07b4e3e3ced4d2553
0b49506b4d3192af5a22860193d1a76a8b4c904615b8d9eac5e2ece8c285fff3
0e38cd1277f5e55739801de6218612d84e6c7cd87c3840ddcc08ae2ed6af2a5f
150b6afd03574b0db5e6c489ed0aa2758368c92ee6a8ec474a564dd265aa842c
194f91af37056bb9366a76038b0e6d48f4ee06441b0ebc31c79caf1bd844b400
195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8
1b80cd14156fc8c24175b7cfb8c6396d6f46b9bee03c0ba14964fdef4717e110
1bed02499131e53c270f58222cdbc22b2b73c93c952a4f5400c881e8f232fef6
1d4ec3c4db8354b084d7a2ebbe830244ec85d4ee82ff58e41268ffc86d3165b9
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e24eaa6ade4bda23a14bd35de8d1373caf2d23d84844d1230a6df981c8a1db4
242623b15746f0784904ae4a8eaf84e3aaa918b8a4d732e804a44143183212e2
2878b0331a62abfe17a83b7f7bfcfdaa940aa542eac35eff3f9d19af68bdb9a0
2881200b4a3a31e8b5f433fb27d9235a161486d8c2450430353a24026323c182
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
3406333c8328eb764a54935592e8bc4e1e16c2ae653f9926a50423fcab117781
354005cfd2c57b546ae96f1f63b1e2e0b2d8ed975285c136b4dadd1260b96646
357eac5a1ab8249b3fc4569040b13d64795f5aa945ae3570f782d979015bef56
3a00c6ecad47187aa858123743ebe003f6c28457f2826a1f89cde242ebc08328
3a81a55d38eea79ba08913477b5861bddce587631b3f560a1d448e1293428654
3d35da6a2cd43ec2d1918f50baef79db8a440e27cae4ab22351ccef196681f3c
3dec2ba3a35b2d878329a4687f5061f4a62030ad69bd0ebb2ca61c4fda102f38
3e67a666330e9e3593ced84585ca04a77066360514a2617da5abfb15167d03fd
42af2f9eaf30cf9fe06f1c59f9cf9a1098e6d4664411453ea4bfb6c2958b2028
42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859
43c7711cf44d086850c4dacc1427bafef762201878eb6ca54ab4c0f6891e434e
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
4637671266dcd64b97f58c4be51c9947fc5f3829b2fceb2726f09bb1ad48b429
4acef9ad64b0512414f2c8e9c8b596c02f2551266eaca863fa475aa099e47b81
4eaad93e8bcf94977b91053bf8ecf0910a07ec22af2106fc816973d546a620ab
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
5007c0c12bf66a01388f66c62bb9041968f7a2b2e7c9002dd7b83856275851e7
568668326055b517ae8fb9dbe18cd6d4da2bfd80cc28ae58e732d0fcdabdd2df
583647af9450c692b8061fc2b682285ea79480e15a653273bf5d2acf0c155d8a
5cf684b532cd36c601f1832d0bc2d81100e5c860a30ee944afed762f4bb34ed6
5f8d14586669eb6b16d7d1e81df7e96e90822c625b750248c290858a0f47749b
63c92b89f27bb45c5db310b20706a37e2a56539a739d8400f5f926f8b3a44293
68fb5a4f5d6662367eab3798e46f51df907a268cf6af2d42a9cf8427b973968d
6df295d3356644acad90718eb9f0d452b64c6b76c40440b79248cc2b7af9ad03
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
6f37789f511d3d6abf8ad9b5de3a0ee9cd1ed468b61d1beac7a1765a0279c70b
70e5a4057cce9a3cb096fcf95470f8b76aa66d0a25513ddcb3834b12f7abfacd
717e30446ea6f8f04edca3caf502837207ead9f369f102084f0bc4d51da3f3bb
7275150f338d6dc83b49b9cd0cfd33438c6afc81c520cf548b3f733ec7cd85d7
79b7a914595952b41ff1dea15d65b0567a437635deda2e69c773dfab6747e17a
7a38147f41609a72ecee1b3bd11737a1128efb4a69e65eb27f5188787524cd90
7af67fe19623ef38f5b758f24fceb513cbf8ae61b29447e29190d41d49bb3263
7b0873c0a4b4c2c8e80b8e83eacbbf0f01d190776fdb7bdc545ff33a19abf878
7e0667abb5334f7bbe5eae5df7d697a7cc261820a0dce101df5025de1b9ec92d
7e47d55f5b55033187d70608202aae964251343b0c989bf3288b9ff02e72c6aa
893485d48fc8651981b4810fee0d92ebd7fd85baa7f362ad3934a2c652be8dc9
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
8b11a12705e979b661aa9bbba4b74a158974a8519b51edd848388fabb12e965e
8b144d08ce9a7640589ba4311a2dafcce5bc1e4b33a8c31e9711d46aae7279bf
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8c946e91ad1c18e74bfdcda6c323d1a1a1c2513f2b9892d8426dcccf00bc75f5
8d32ed082c61887cf5f95d4cb2fcc3d2961b621068df3099e55f44879e2ccc76
90c4d22fc011476dbd969f4aecdbf2d3d97c21dc973cd6cf0d3263102d24f996
91167bda085f834f08904fa0f838f97b60b826b3e2d9ea3dedfafb0ef5c39258
956fcfddb7ae5b576ba76a258ed10eb9f9be2c45ee634acaea0dbf15ebc314be
9b69538e34603e6ec2341218be21ee500aa57f4b0deded467f012a0f155e65ce
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9f5c27611c0671ce3ed55912d6daf2d9f6cb8f78d3901d3a206a646961af05bb
a01355c606ed960aa2cd17e7a433987bd6b0caa5151ef03c443f529c7e2c9b41
a01a4d1cd1ab2741a453ddad95ece257194b476b8ac84c42268b0bf33cd0bad8
a05587d82a51aba9e99200cddad3444dc152835148765ae610a533216c28240b
a3ddd53f499536c0e8eb0a3a1a5e75316f7f959907d12fc123e01d26ad334775
a3f772c78d73c3418d35694703f2548ef5d0fe3a5e903d09bdbe3bf61503ff78
a6820ce29d116ba09669e7c830ad8879a00980859a7f3868ba8c0f93ac80f820
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
a88cd5656c40002a2343c31aeab4263e311eb120b5f4c61141043a6837552800
a9f2cf82ad31037919cd304b138c9e5595d2c60b0d1cad7b2ab54873683f1a18
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae030971c757add09455c2fd4a883baf764611b2866babd60ab208854dc5122a
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
af8a5247d2e388d66a0aa4e9c18fa03c0020a624f0cc948de74ddc08ed527e0b
b091609321962db7030ba1be76add391e910e1e428bc878543a578b94e96eed2
b3341bec0a8f34b5a80b44ece0d34db5d8e064e3e570cd405b031a1bcd4f5daa
b39a392ec8f34f2e7d2b5d60bee6fbf2f89a45dd951fba92eb3eed8da1649311
b3bd69bc73bb780c9b54f936936d5cdc97256b4afc237467d57cf261adb19cab
b7afd30c360cfe2f506d50d5fef78c975126e545039dc0bd5b6f7c888cf62cfa
b97e05411def19f898ee5b52a8241d47780894133d4176dbafd074fbc9f90af6
bccd2cd032055d053f39bff100c17c2b165952ab55e7479f2aa4ca3f287efd69
bf2cb1695948a80c7f945fa3bc8805a7ce02bb248e061ece8a34b975a16008e0
c17b1587fd0f8076aae505b7efccd4a065d721ec2e1436709ff3fdf4431ad5a9
c4cba689b8ba104d6fe0527ad437a1458d53586bcef4109e2693c62a8cea7545
ca782cbdd8cee7ccccef6983f6566c9c29e1aa5da753a81e65250fad30bb6359
cc0b847e470f5f76afe857fd85648bb60650f0a6d9f770e5628f9c379cb184cb
d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500
d874b4407ec18a37af2e5b06320fd0a8143c054aa65bb07369f646981f378bee
dabfc19ef465889bf77fb3a7347ea1c0f0c08d3d4ad4fd9370fc109d043a1a84
dd1a9f41d8b7ed46ceb36adc7671f6392ec1bd1cdba114c8ca39e8eaf9d4bc59
dde5645bb8067d85632ec88cf036c885d68e7ba6f02a8a72e4c04ff433c9b7bd
e0d193a6a66bc7cf5717c79c663b4118048b7b07aa4bf139fb77cfcb61b1011c
e1346ba855702d564b8dbae71c7d8e9c465d6657bbbff6f3eaa00cedf4f4aa53
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a2096a95586acc732a30954a69c8276586280c61de9025cda0b883bd2540da
e590c41a365a5cfcb48fc12a7a34591e21e38e920b4381d487dc60c9c1e6f0ef
e5a7e35cee7537805a8b56f14d269523ba7b0d9b3a61281a88ecbe15a6af634a
e99df0000e30c75b9295ebbd3c1f114cfcbc0e178c1691d1b61d9132317328a7
eddbbe68c5bfa062a75f4c4db4151d12b036a5c0a96547980186c36a78597563
eddfb285df91d818926b2f8ec64c71be82e0ea4f21ca9f63f5b0bc5dbcd75b0b
f24935ac01a4adcf13b8ab80d6d8b42bffa83b5280c82cd79ed18cc1d4deaf5a
f4c79b2b4a368f73349943f073ae04d64a7b3804ab0dbcc2866c0fa8e209b0bc
f7d46e828bf23ed4df69b4c932c8c92f24375070768be9c2a25077fe654c0175
fc2b8082434f8aa2acfc3d96d723bd360b70988e0553e1345b7dc56838bf9f8d
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382