urlscan.io logo urlscan.io
SecurityTrails logo

www.intezer.com Open in urlscan Pro
3.10.246.145  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.intezer.com/mitigating-emotet-the-most-common-banking-trojan/
Effective URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Submission: On September 22 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 27 IPs in 6 countries across 23 domains to perform 60 HTTP transactions. The main IP is 3.10.246.145, located in London, United Kingdom and belongs to AMAZON-02, US. The main domain is www.intezer.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on December 22nd 2018. Valid for: 2 years.
This is the only time www.intezer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 17 3.10.246.145 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 216.58.210.2 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
5 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.112.157 54113 (FASTLY)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.133 13414 (TWITTER)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 104.244.42.131 13414 (TWITTER)
2 2606:4700::68... 13335 (CLOUDFLAR...)
60 27
17    3.10.246.145 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
www.intezer.com
intezer.com
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
5    2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s07-in-f2.1e100.net
www.googleadservices.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
5    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
www.gstatic.com
3    2a00:1450:4001:81e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
www.googleadservices.com
2    2606:4700:10::ac43:2794 (United States)

ASN13335 (CLOUDFLARENET, US)
static.addtoany.com
1    2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6811:eecc (United States)

ASN13335 (CLOUDFLARENET, US)
js.usemessages.com
1    2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:eacc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
snap.licdn.com
3    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubspot.com
forms.hubspot.com
1    2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
2    2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    2606:4700::6811:d6cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
3    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
1    104.244.42.131 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    2606:4700::6810:b872 (United States)

ASN13335 (CLOUDFLARENET, US)
f.hubspotusercontent30.net
Domain Requested by
16 www.intezer.com 1 redirects www.intezer.com
5 www.google.com www.intezer.com
www.gstatic.com
4 fonts.gstatic.com fonts.googleapis.com
3 track.hubspot.com
3 www.google.de www.intezer.com
2 f.hubspotusercontent30.net js.hsleadflows.net
2 px.ads.linkedin.com 1 redirects www.intezer.com
2 api.hubspot.com js.usemessages.com
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 static.addtoany.com www.intezer.com
static.addtoany.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 connect.facebook.net www.intezer.com
connect.facebook.net
2 www.googleadservices.com www.intezer.com
www.googletagmanager.com
1 forms.hubspot.com js.hsleadflows.net
1 analytics.twitter.com static.ads-twitter.com
1 js.hs-scripts.com js.hs-analytics.net
1 www.linkedin.com 1 redirects
1 t.co www.intezer.com
1 stats.g.doubleclick.net www.google-analytics.com
1 static.ads-twitter.com www.googletagmanager.com
1 js.hsleadflows.net www.intezer.com
1 js.hs-banner.com www.intezer.com
1 js.usemessages.com www.intezer.com
1 js.hs-analytics.net www.intezer.com
1 www.gstatic.com www.google.com
1 www.googletagmanager.com www.intezer.com
1 fonts.googleapis.com www.intezer.com
1 intezer.com 1 redirects
60 29
Subject Issuer Validity Valid
*.intezer.com
Go Daddy Secure Certificate Authority - G2		 2018-12-22 -
2021-02-20		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-09-11 -
2020-12-10		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-05 -
2021-08-05		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.googleadservices.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA		 2020-08-14 -
2021-08-19		 a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
www.google.de
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2020-07-27 -
2021-07-27		 a year crt.sh
t.co
DigiCert SHA2 High Assurance Server CA		 2020-03-05 -
2021-03-02		 a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-08-05 -
2021-02-05		 6 months crt.sh
*.google.de
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA		 2020-01-02 -
2020-12-28		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Frame ID: B256FE43466AB6C2B3E729D3B438F153
Requests: 61 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=yXSLJBpiFoTYkexaPhFknpU7&size=invisible&cb=sd1ik8x87z37
Frame ID: C6A8464FE9BBF6E7DE69D586048F6745
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.intezer.com/mitigating-emotet-the-most-common-banking-trojan/ HTTP 301
    https://intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/ HTTP 301
    https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • script /addtoany\.com\/menu\/page\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

60
Requests

100 %
HTTPS

81 %
IPv6

23
Domains

29
Subdomains

27
IPs

6
Countries

1299 kB
Transfer

3343 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.intezer.com/mitigating-emotet-the-most-common-banking-trojan/ HTTP 301
    https://intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/ HTTP 301
    https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1600815202866&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1327356%26time%3D1600815202866%26url%3Dhttps%253A%252F%252Fwww.intezer.com%252Fblog%252Fresearch%252Fmitigating-emotet-the-most-common-banking-trojan%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1600815202866&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&liSync=true

60 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Redirect Chain
  • https://www.intezer.com/mitigating-emotet-the-most-common-banking-trojan/
  • https://intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
  • https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
78 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 / PHP/7.3.18
Resource Hash
f90e4f5dc272c5949bf4e80a07433b69e30b49d1593276ba5c35d4d1187432dd
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Host
www.intezer.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx/1.18.0
Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.3.18
X-Frame-Options
SAMEORIGIN
Content-Encoding
gzip

Redirect headers

Server
nginx/1.18.0
Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Location
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
X-Frame-Options
SAMEORIGIN
css
fonts.googleapis.com/ 		26 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1e98a84d201a5ce748c59f64fe3b5341601b863b3fff7d63a045aa6f655edf08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 22 Sep 2020 22:53:22 GMT
server
ESF
date
Tue, 22 Sep 2020 22:53:22 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 22 Sep 2020 22:53:22 GMT
e34f305ab6881e0e7b49d2194215d0eb.css
www.intezer.com/wp-content/cache/min/1/ 		370 KB
74 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
73eeccc3b95ac2a6f8d27f4cd28e01f9c28f2b17b1ffa1d9e650dff0202684b1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Tue, 22 Sep 2020 21:54:34 GMT
Server
nginx/1.18.0
ETag
W/"5f6a729a-5c680"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
gtm.js
www.googletagmanager.com/ 		139 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b7bfd3744f2f585482eeeadd30bcc8c99a594d4f1ba0c4e64a1f1080fa090bcb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46043
x-xss-protection
0
last-modified
Tue, 22 Sep 2020 21:54:11 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 22 Sep 2020 22:53:22 GMT
api.js
www.google.com/recaptcha/ 		884 B
677 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&ver=3.0
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b6df093e982907bfaa83bf10003617fc33805fcff3e4bda8dbcfa704cd8e3ea0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
585
x-xss-protection
1; mode=block
expires
Tue, 22 Sep 2020 22:53:22 GMT
lazyload.min.js
www.intezer.com/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Sun, 06 Sep 2020 13:18:17 GMT
Server
nginx/1.18.0
ETag
W/"5f54e199-1ed2"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
conversion.js
www.googleadservices.com/pagead/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
fd63d6a5ec44215e50612d8bea8eff0a12f5d4981ab6745db8d8479f7c102845
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11416
x-xss-protection
0
server
cafe
etag
7270336119834106254
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 22 Sep 2020 22:53:22 GMT
9c3827532a23364c4bbfa9d0396b43bd.js
www.intezer.com/wp-content/cache/min/1/ 		335 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
be2aa7c4f8d5a5a7a308318b6861b988f302af6013d3e182da1509e4cf797088
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 21 Sep 2020 13:00:20 GMT
Server
nginx/1.18.0
ETag
W/"5f68a3e4-53da8"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
fbevents.js
connect.facebook.net/en_US/ 		135 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
34302
x-xss-protection
0
pragma
public
x-fb-debug
6IFnxGeDVQP7ry351TzwlkGuvjMtmTqFiiPDPyxjLv4nYLCIBSeylznVcJaXHkt7Zjap+1kON0NSN+eAXbglMA==
x-fb-trip-id
2011651281
x-frame-options
DENY
date
Tue, 22 Sep 2020 22:53:22 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
truncated
/ 		64 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f85ac79c895138d22ae66533fae937f77438690723cf1a260903f2dcbf44f68c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
search-ico-black.png
www.intezer.com/wp-content/themes/intezer-v2/images/ 		508 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.intezer.com/wp-content/themes/intezer-v2/images/search-ico-black.png
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
993b54391ed7524e6f321326d0f7bd2ed8f92bcf4e08bb1efc988ca16546807c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Last-Modified
Mon, 06 Jul 2020 16:29:06 GMT
Server
nginx/1.18.0
ETag
"5f035152-1fc"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
508
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.intezer.com
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:23:18 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:28 GMT
server
sffe
age
16204
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9132
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:23:18 GMT
fontawesome-webfont.woff2
www.intezer.com/wp-content/themes/intezer-v2/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/themes/intezer-v2/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://www.intezer.com
Referer
https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Last-Modified
Mon, 06 Jul 2020 16:29:06 GMT
Server
nginx/1.18.0
ETag
"5f035152-12d68"
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff2
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
77160
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.intezer.com
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:23:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:49 GMT
server
sffe
age
16174
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9180
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:23:48 GMT
museo-700-webfont.woff
www.intezer.com/wp-content/themes/intezer-v2/fonts/ 		52 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-700-webfont.woff
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
6bebe6bf7abf43624ab1ed62cabc6a1e1d9d5f1cea38042e516439b5391c1621
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://www.intezer.com
Referer
https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Last-Modified
Mon, 06 Jul 2020 16:29:06 GMT
Server
nginx/1.18.0
ETag
"5f035152-d080"
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
53376
museo-300-webfont.woff
www.intezer.com/wp-content/themes/intezer-v2/fonts/ 		54 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-300-webfont.woff
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
c38df4a2300e1acd22e8547908f1c0815e4232522aed59fd2d45942480b56f4c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://www.intezer.com
Referer
https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Last-Modified
Mon, 06 Jul 2020 16:29:06 GMT
Server
nginx/1.18.0
ETag
"5f035152-d894"
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
55444
museo-500-webfont.woff
www.intezer.com/wp-content/themes/intezer-v2/fonts/ 		55 KB
55 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-500-webfont.woff
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
c6c82452d4595c717df8f740c6f9ff4e6ae5bc1bb9f716584b27f457f18a1d04
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://www.intezer.com
Referer
https://www.intezer.com/wp-content/cache/min/1/e34f305ab6881e0e7b49d2194215d0eb.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Last-Modified
Mon, 06 Jul 2020 16:29:06 GMT
Server
nginx/1.18.0
ETag
"5f035152-dafc"
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
56060
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.intezer.com
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:25:30 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:10:27 GMT
server
sffe
age
16072
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9080
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:25:30 GMT
mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.intezer.com
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:25:30 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:16 GMT
server
sffe
age
16072
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9016
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:25:30 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/yXSLJBpiFoTYkexaPhFknpU7/ 		340 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/yXSLJBpiFoTYkexaPhFknpU7/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&ver=3.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2698f18de870d08f9b84a9e741e1ca17697c8a8ef90703564579bb42ae579d82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.intezer.com
Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1389
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136265
x-xss-protection
0
last-modified
Tue, 22 Sep 2020 00:07:57 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Sep 2021 22:30:13 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/842858921/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842858921/?random=1600815202605&cv=9&fst=1600815202605&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&tiba=Mitigating%20Emotet%2C%20The%20Most%20Common%20Banking%20Trojan%20-%20Intezer&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9156e8c4d5615527f5371b219301adaf19ef4f354b363b9c9d7477146cde343f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1043
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
page.js
static.addtoany.com/menu/ 		82 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85773da1634790be2ad363edf70229ca221eb27e01464a97f2f05d2becb18a74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
via
e3s
x-content-type-options
nosniff
cf-cache-status
HIT
age
147917
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status
200
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
05599e99520000c281e7b49200000001
last-modified
Thu, 20 Aug 2020 05:47:23 GMT
server
cloudflare
etag
W/"146a0-5ad48a780f423"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=172800
cf-ray
5d6f9a088e80c281-FRA
cf-bgj
minify
5492986.js
js.hs-analytics.net/analytics/1600692900000/ 		60 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1600692900000/5492986.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb46a64d7719d73929cc7f5887e04ff8d133deb287738934fcfbfb909733b350

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-guploader-uploadid
ABg5-UzIRkYCzJ7J4sZcQPKXBhOrfOhUhh1kqpIjBRZa6JFgeqw1IhW-Qv6Dc94FN6WTfw5bngWKgiihs-uGLOASPMbnhYcwIg
x-goog-storage-class
REGIONAL
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/javascript
cf-request-id
05599e995c0000c2723e8e1200000001
last-modified
Tue, 25 Aug 2020 22:20:42 GMT
server
cloudflare
etag
W/"31055e5bc807af89b26842f7019efa07"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=qaynDg==, md5=MQVeW8gHr4myaEL3AZ76Bw==
x-goog-generation
1598394042047902
cache-control
max-age=300, public
access-control-allow-credentials
false
x-goog-stored-content-length
60976
cf-ray
5d6f9a089d19c272-FRA
expires
Tue, 22 Sep 2020 22:58:22 GMT
conversations-embed.js
js.usemessages.com/ 		75 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.usemessages.com/conversations-embed.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:eecc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
676529fd5b7dd3241964ef9540dfab2e2c230899bf2903b64d8d1cb197ba0074

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
via
1.1 4abbc8dea2f611b4eb50afc252d13327.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
40
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
cf-request-id
05599e995c00003237d53a5200000001
last-modified
Mon, 21 Sep 2020 12:49:07 UTC
server
cloudflare
etag
W/"cd04a8e6e78cd06f9e18fe4f4a7508e0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
fy03yr8NI03EwMS4QLQju9a6DG6KOofc
cache-control
max-age=600
x-amz-cf-pop
IAD66-C2
cf-ray
5d6f9a089f7d3237-FRA
x-amz-cf-id
oBWXcedrZ3Cb3OUQxpoIiTcVevvbaxTn1OdRBgW7FUDLjVVm2J4yLg==
5492986.js
js.hs-banner.com/ 		46 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/5492986.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4e06ee4fd12c662ac336960b37e3de3af770598c2991796dfe70c1e2f832130

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash
crc32c=Eb5Hpg==, md5=CHV67h/5bMAdo0d6YLB94g==
date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-guploader-uploadid
ABg5-Uw775eGYGyfyOzk5lj13LV4xPtWy8kUMQj9n-TZdJqrFH-3aZc4m6OjIblICyHkUkth5vZitwsEHFiCBjTz93QuS3sDEA
x-goog-storage-class
STANDARD
status
200
access-control-max-age
604800
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/javascript
cf-request-id
05599e995c0000d6c1c6af0200000001
timing-allow-origin
*
last-modified
Wed, 09 Sep 2020 15:51:18 GMT
server
cloudflare
etag
W/"08757aee1ff96cc01da3477a60b07de2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-goog-generation
1599666678884469
access-control-allow-origin
https://www.google.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
x-goog-stored-content-length
47494
cf-ray
5d6f9a089e53d6c1-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Tue, 22 Sep 2020 22:58:22 GMT
leadflows.js
js.hsleadflows.net/ 		411 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:eacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0df7e73cbc0768c0bedff98c883e3d5d1423e9805646c094670e9366a129d14

Request headers

Origin
https://www.intezer.com
Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
via
1.1 91541e88a15c80bced2ffb950f407c1e.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
age
42814
x-amz-server-side-encryption
AES256
cf-ray
5d6f9a089ec2dfeb-FRA
x-cache
Miss from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
05599e995c0000dfeb5a2c7200000001
last-modified
Thu, 03 Sep 2020 09:11:52 UTC
server
cloudflare
etag
W/"d6d87f6b69c9c3436cb524ac7790e207"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
P1C37XS8PnAD4aj9b8nHaKJeVCmooB.3
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
kxaNakxnQLab76MLyimaP-NTRI72VLhvx-ECPO2Zo-IAC_q43BChJQ==
128260767783916
connect.facebook.net/signals/config/ 		524 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/128260767783916?v=2.9.24&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c32b189c24ea78e20750d7194b8491d12bf63f99c94f279bfda8453ef419e91a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
cWPd50536KkpIdFmwiQRzU0jHUGOVbTwIiHFwWXCkFYlBwsiCoSyJbBouIwSlTrv2bAg5PDwaWrQ9SCB8CSRqQ==
x-fb-trip-id
2011651281
x-frame-options
DENY
date
Tue, 22 Sep 2020 22:53:22 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
refill
www.intezer.com/wp-json/contact-form-7/v1/contact-forms/468/ 		2 B
685 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-json/contact-form-7/v1/contact-forms/468/refill
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 / PHP/7.3.18
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx/1.18.0
Link
<https://www.intezer.com/wp-json/>; rel="https://api.w.org/"
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/7.3.18
Allow
GET
Content-Type
application/json; charset=UTF-8
Vary
Accept-Encoding, Origin
Transfer-Encoding
chunked
Connection
keep-alive
X-Robots-Tag
noindex
Access-Control-Allow-Headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Access-Control-Expose-Headers
X-WP-Total, X-WP-TotalPages, Link
style.css
www.intezer.com/wp-content/plugins/simple-lightbox/themes/baseline/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/plugins/simple-lightbox/themes/baseline/css/style.css
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
6ce40d9a8cffef73732d5e2fe59a7c591d5ff42a1dd0bf5c778e33f6cc2636cd
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 06 Jul 2020 16:29:06 GMT
Server
nginx/1.18.0
ETag
W/"5f035152-c29"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
style.css
www.intezer.com/wp-content/plugins/simple-lightbox/themes/default/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.intezer.com/wp-content/plugins/simple-lightbox/themes/default/css/style.css
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/wp-content/cache/min/1/9c3827532a23364c4bbfa9d0396b43bd.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
48446357cf9c75846a7c3053f653f7973a1e5291b0a349e89c435f9e6d939bc3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 06 Jul 2020 16:29:06 GMT
Server
nginx/1.18.0
ETag
W/"5f035152-1236"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
intezer-logo-n.png
www.intezer.com/wp-content/uploads/2020/05/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.intezer.com/wp-content/uploads/2020/05/intezer-logo-n.png
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e85052e09a7415a2ab775cc198a96dc956d9de42b90541a5cdc9c5c176725745
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Last-Modified
Mon, 06 Jul 2020 16:29:08 GMT
Server
nginx/1.18.0
ETag
"5f035154-dc5"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3525
Copy-of-itai-60x60.jpg
www.intezer.com/wp-content/uploads/2017/07/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.intezer.com/wp-content/uploads/2017/07/Copy-of-itai-60x60.jpg
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
23f5ff9034b5c94dcc236adf9671a4695bb8c180b8b4916c4dac4da20ed4c196
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Last-Modified
Mon, 06 Jul 2020 16:29:06 GMT
Server
nginx/1.18.0
ETag
"5f035152-70d"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1805
shutterstock_248596786-1000x475.jpg
www.intezer.com/wp-content/uploads/2018/07/ 		121 KB
121 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.intezer.com/wp-content/uploads/2018/07/shutterstock_248596786-1000x475.jpg
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.10.246.145 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-246-145.eu-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
a35daa353dc2dd7be7d4daea21bc79209eba51a3aa0dcd14977269a44695352f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Last-Modified
Mon, 06 Jul 2020 16:29:07 GMT
Server
nginx/1.18.0
ETag
"5f035153-1e32d"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
123693
anchor
www.google.com/recaptcha/api2/ Frame C6A8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=yXSLJBpiFoTYkexaPhFknpU7&size=invisible&cb=sd1ik8x87z37
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yXSLJBpiFoTYkexaPhFknpU7/recaptcha__en.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-p2ylAjW0rifH8wQCjYR37A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=yXSLJBpiFoTYkexaPhFknpU7&size=invisible&cb=sd1ik8x87z37
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 22 Sep 2020 22:53:22 GMT
content-security-policy
script-src 'report-sample' 'nonce-p2ylAjW0rifH8wQCjYR37A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
9815
server
GSE
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
conversion_async.js
www.googleadservices.com/pagead/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11311
x-xss-protection
0
server
cafe
etag
12833363978352728442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 22 Sep 2020 22:53:22 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
5862
date
Tue, 22 Sep 2020 21:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Tue, 22 Sep 2020 23:15:40 GMT
uwt.js
static.ads-twitter.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
gzip
age
4862
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1958
x-served-by
cache-hhn4043-HHN
last-modified
Mon, 10 Aug 2020 18:10:59 GMT
x-timer
S1600815203.833384,VS0,VE0
etag
"a4cc3f907681b24a3efd540acd5d2996+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
insight.min.js
snap.licdn.com/li.lms-analytics/ 		965 B
761 B 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=83335
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
448
/
www.google.com/pagead/1p-user-list/842858921/ 		42 B
538 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/842858921/?random=1600815202605&cv=9&fst=1600812000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&tiba=Mitigating%20Emotet%2C%20The%20Most%20Common%20Banking%20Trojan%20-%20Intezer&fmt=3&is_vtc=1&random=1673699049&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/842858921/ 		42 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/842858921/?random=1600815202605&cv=9&fst=1600812000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&tiba=Mitigating%20Emotet%2C%20The%20Most%20Common%20Banking%20Trojan%20-%20Intezer&fmt=3&is_vtc=1&random=1673699049&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ 		34 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
public
api.hubspot.com/livechat-public/v1/message/ 		321 B
581 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubspot.com/livechat-public/v1/message/public?portalId=5492986&conversations-embed=static-1.7458&mobile=false&messagesUtk=ca7c200bfe0f467d85d041541e410c77&traceId=ca7c200bfe0f467d85d041541e410c77
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c11242758efe3ec73850edec8aa0130167930b3c7b14e405430d3e8a13ade37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

X-HubSpot-Messages-Uri
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/

Response headers

date
Tue, 22 Sep 2020 22:53:23 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
DYNAMIC
status
200
content-length
246
cf-request-id
05599e9a6e00002b890833c200000001
server
cloudflare
x-trace
2BCC7E4585D242A042ACE19084A5B97F2CC1D7E893000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.intezer.com
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
cf-ray
5d6f9a0a4d032b89-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
public
api.hubspot.com/livechat-public/v1/message/ Frame 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://api.hubspot.com/livechat-public/v1/message/public?portalId=5492986&conversations-embed=static-1.7458&mobile=false&messagesUtk=ca7c200bfe0f467d85d041541e410c77&traceId=ca7c200bfe0f467d85d041541e410c77
Protocol
H2
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-hubspot-messages-uri
Origin
https://www.intezer.com
Sec-Fetch-Mode
cors

Response headers

status
200
date
Tue, 22 Sep 2020 22:53:22 GMT
content-type
text/plain; charset=utf-8
content-length
18
x-trace
2B7C91913737187AE2EE28E18718B6AC13F829A439000000000000000000
allow
HEAD,GET,OPTIONS
vary
Accept-Encoding
access-control-allow-credentials
false
access-control-allow-origin
https://www.intezer.com
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
cf-cache-status
DYNAMIC
cf-request-id
05599e99fd00002b8908337200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
cloudflare
cf-ray
5d6f9a099ba82b89-FRA
icons.29.svg.js
static.addtoany.com/menu/svg/ 		78 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/svg/icons.29.svg.js
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:22 GMT
via
e3s
x-content-type-options
nosniff
cf-cache-status
HIT
age
2514872
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status
200
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
05599e9a050000c281e7b4d200000001
last-modified
Mon, 31 Dec 2018 23:29:11 GMT
server
cloudflare
etag
W/"13937-57e59c7b88bd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
max-age=315360000, immutable
cf-ray
5d6f9a09af71c281-FRA
cf-bgj
minify
collect
www.google-analytics.com/j/ 		2 B
67 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1994540836&t=pageview&_s=1&dl=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&ul=en-us&de=UTF-8&dt=Mitigating%20Emotet%2C%20The%20Most%20Common%20Banking%20Trojan%20-%20Intezer&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1570561851&gjid=428474982&cid=1549323542.1600815203&tid=UA-97741055-1&_gid=948066574.1600815203&_r=1&gtm=2wg990KC95766&z=1161832037
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://www.intezer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/725468766/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/725468766/?random=1600815202847&cv=9&fst=1600815202847&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg990&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&tiba=Mitigating%20Emotet%2C%20The%20Most%20Common%20Banking%20Trojan%20-%20Intezer&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0c8039edac641706720898cd1f92000b66bb42710ec13655120ad8d79831baee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1059
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
insight.beta.min.js
snap.licdn.com/li.lms-analytics/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 22 Sep 2020 22:53:22 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 Sep 2020 18:39:56 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=14179
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1799
collect
stats.g.doubleclick.net/j/ 		4 B
87 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-97741055-1&cid=1549323542.1600815203&jid=1570561851&gjid=428474982&_gid=948066574.1600815203&_u=YEBAAEAAAAAAAC~&z=42843277
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 22 Sep 2020 22:53:22 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.intezer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/i/ 		43 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nzi1c&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
125
pragma
no-cache
last-modified
Tue, 22 Sep 2020 22:53:22 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
b222094616487e7f04f3df9ba3a736b9
x-transaction
003fc12900e9495c
expires
Tue, 31 Mar 1981 05:00:00 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1600815202866&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1327356%26time%3D1600815202866%26url%3Dhttps%253A%252F%252Fwww.intezer.com%252Fbl...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1600815202866&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&liSync=true
0
80 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1600815202866&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&liSync=true
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:23 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
0
x-li-uuid
PGmvH/I8NxagoyFsmCsAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
i6n5GvI8NxaAK/U3XisAAA==
pragma
no-cache
x-li-pop
afd-prod-edc2
x-msedge-ref
Ref A: A77F100BC46B4089867046597A064EB2 Ref B: FRAEDGE1116 Ref C: 2020-09-22T22:53:23Z
x-frame-options
sameorigin
date
Tue, 22 Sep 2020 22:53:22 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1600815202866&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-97741055-1&cid=1549323542.1600815203&jid=1570561851&_u=YEBAAEAAAAAAAC~&z=345240095
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
491 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-97741055-1&cid=1549323542.1600815203&jid=1570561851&_u=YEBAAEAAAAAAAC~&z=345240095
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/725468766/ 		42 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/725468766/?random=1600815202847&cv=9&fst=1600812000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg990&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&tiba=Mitigating%20Emotet%2C%20The%20Most%20Common%20Banking%20Trojan%20-%20Intezer&async=1&fmt=3&is_vtc=1&random=1621166457&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/725468766/ 		42 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/725468766/?random=1600815202847&cv=9&fst=1600812000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg990&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&tiba=Mitigating%20Emotet%2C%20The%20Most%20Common%20Banking%20Trojan%20-%20Intezer&async=1&fmt=3&is_vtc=1&random=1621166457&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.intezer.com
URL: https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Sep 2020 22:53:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
5492986.js
js.hs-scripts.com/ 		2 KB
952 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/5492986.js
Requested by
Host: js.hs-analytics.net
URL: https://js.hs-analytics.net/analytics/1600692900000/5492986.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:d6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec57b3020089e379d2a266451b696194dc6fa5e1804d2d12564eb6cb1b93209d

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:23 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
status
200
cf-request-id
05599e9be70000074a88232200000001
server
cloudflare
x-trace
2B43FD41F118E161931AF14B3EF97A10286D128E7E000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.intezer.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
5d6f9a0cac0e074a-FRA
expires
Tue, 22 Sep 2020 22:54:23 GMT
__ptq.gif
track.hubspot.com/ 		45 B
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=5492986&ct=blog-post&rcu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&pu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&t=Mitigating+Emotet%2C+The+Most+Common+Banking+Trojan+-+Intezer&cts=1600815203282&vi=b64dbb87db886bd40f2fc6e4698d8db1&nc=true&u=193884914.b64dbb87db886bd40f2fc6e4698d8db1.1600815203277.1600815203277.1600815203277.1&b=193884914.1.1600815203278&pt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5d6f9a0ca8321f55-FRA
date
Tue, 22 Sep 2020 22:53:23 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
05599e9be900001f5594223200000001
x-robots-tag
none
adsct
analytics.twitter.com/i/ 		31 B
651 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nzi1c&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
121
pragma
no-cache
last-modified
Tue, 22 Sep 2020 22:53:23 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
290d768cbd1efce1d2ce29cfaa6e5d97
x-transaction
0001569e00eccca0
expires
Tue, 31 Mar 1981 05:00:00 GMT
json
forms.hubspot.com/lead-flows-config/v1/config/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=5492986&utk=b64dbb87db886bd40f2fc6e4698d8db1&__hstc=193884914.b64dbb87db886bd40f2fc6e4698d8db1.1600815203277.1600815203277.1600815203277.1&__hssc=193884914.1.1600815203278&currentUrl=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f2d3f7c35178e69ea1ec0c0b46f21261a523715b7cfb61f0e6f6eede8e4cc5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 22:53:23 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-request-id
05599e9bed00002b8908347200000001
x-robots-tag
none
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.intezer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
cf-ray
5d6f9a0ca88e2b89-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
__ptq.gif
track.hubspot.com/ 		45 B
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=3f80a30d-7221-4e8d-a43f-81e68238a058&lfi=889171&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=5492986&ct=blog-post&rcu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&pu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&t=Mitigating+Emotet%2C+The+Most+Common+Banking+Trojan+-+Intezer&cts=1600815203453&vi=b64dbb87db886bd40f2fc6e4698d8db1&nc=true&u=193884914.b64dbb87db886bd40f2fc6e4698d8db1.1600815203277.1600815203277.1600815203277.1&b=193884914.1.1600815203278&pt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5d6f9a0d99651f55-FRA
date
Tue, 22 Sep 2020 22:53:23 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
05599e9c8200001f5594227200000001
x-robots-tag
none
popup-2.jpg
f.hubspotusercontent30.net/hubfs/5492986/ 		79 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://f.hubspotusercontent30.net/hubfs/5492986/popup-2.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b872 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e13d6128e860671ef4118c3a90f13a91da28756d753b19d1257bbe6ef0f502bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id
05599ea0880000dfeb6933a200000001
x-amz-meta-cache-tag
F-34945798289,P-5492986,FLS-ALL
x-amz-request-id
EM2Q6G6NBM5SEHBJ
x-amz-server-side-encryption
AES256
edge-cache-tag
F-34945798289,P-5492986,FLS-ALL
status
200
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
etag
"9075c41aa4fdbb484900bfc08479bd4f"
vary
Accept-Encoding
x-amz-meta-created-unix-time-millis
1600157868429
content-type
image/jpeg
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
date
Tue, 22 Sep 2020 22:53:25 GMT
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
none
content-length
80651
x-amz-id-2
blB0Ogq8oQSGps+IxbFf3ogOZR9u4pQ2zKIggbql5U/ZZUp42cUylo7F9c4Sv6COm0gZnyBWPRw=
last-modified
Tue, 15 Sep 2020 08:17:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-version-id
gvE0H4frP843_Z1THwHmUI8SU_tTarCZ
accept-ranges
bytes
cf-ray
5d6f9a140f01dfeb-FRA
x-amz-cf-id
5rb68M31UWppUN0OrwZXwUfu0QVpZjSRi2yDqjLs2uRMP9lu2zEq_w==
popup-2.jpg
f.hubspotusercontent30.net/hubfs/5492986/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://f.hubspotusercontent30.net/hubfs/5492986/popup-2.jpg
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b872 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2f2b47b63ba98b25928937ee23d8dde0f0e3ec9d5eca9ca88245508c153b3eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id
05599eb7e40000dfeb69019200000001
x-amz-meta-cache-tag
F-34945798289,P-5492986,FLS-ALL
age
5
x-amz-server-side-encryption
AES256
edge-cache-tag
F-34945798289,P-5492986,FLS-ALL
status
200
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="popup-2.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
x-amz-request-id
EM2Q6G6NBM5SEHBJ
cf-bgj
imgq:85,h2pri
etag
"9075c41aa4fdbb484900bfc08479bd4f"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1600157868429
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
date
Tue, 22 Sep 2020 22:53:30 GMT
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=80651
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
none
content-length
29394
x-amz-id-2
blB0Ogq8oQSGps+IxbFf3ogOZR9u4pQ2zKIggbql5U/ZZUp42cUylo7F9c4Sv6COm0gZnyBWPRw=
last-modified
Tue, 15 Sep 2020 08:17:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-version-id
gvE0H4frP843_Z1THwHmUI8SU_tTarCZ
accept-ranges
bytes
cf-ray
5d6f9a396f9edfeb-FRA
x-amz-cf-id
5rb68M31UWppUN0OrwZXwUfu0QVpZjSRi2yDqjLs2uRMP9lu2zEq_w==
__ptq.gif
track.hubspot.com/ 		45 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=3f80a30d-7221-4e8d-a43f-81e68238a058&lfi=889171&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=5492986&ct=blog-post&rcu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&pu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fmitigating-emotet-the-most-common-banking-trojan%2F&t=Mitigating+Emotet%2C+The+Most+Common+Banking+Trojan+-+Intezer&cts=1600815210469&vi=b64dbb87db886bd40f2fc6e4698d8db1&nc=true&pt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intezer.com/blog/research/mitigating-emotet-the-most-common-banking-trojan/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5d6f9a397b2c1f55-FRA
date
Tue, 22 Sep 2020 22:53:30 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
05599eb7e900001f559437a200000001
x-robots-tag
none

Verdicts & Comments Add Verdict or Comment

128 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| dataLayer function| fbq function| _fbq function| hbsptReady object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| lazyLoadOptions object| google_conversion_id object| google_custom_params object| google_remarketing_only function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_tag_data object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| _hsq object| wpcf7 object| leadin_wordpress object| wpcf7_recaptcha string| currentActiveTitle object| wpcf7cf_global_settings function| $ function| jQuery function| wpfront_notification_bar object| a2a_config function| Tether object| regeneratorRuntime object| wpcf7cf_dom object| wpcf7cf object| SLB function| LazyLoad object| google_tag_manager object| images boolean| is_image object| iframes boolean| is_iframe object| rocket_lazy object| recaptcha object| closure_lm_697333 string| GoogleAnalyticsObject function| ga function| twq string| _linkedin_data_partner_id object| a2a function| a2a_show_dropdown function| a2a_miniLeaveDelay function| a2a_init number| a2apage_init boolean| hubspot_live_messages_running object| HubSpotConversations function| bindToWindowOnError function| defineProperties object| globalRoot undefined| hns object| leadflows object| hubspot function| OutpostErrorReporter boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| hubspot_mailcheck undefined| Pikaday undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| _hsp boolean| _hspb_loaded object| gaplugins object| gaGlobal object| gaData function| google_trackConversion object| GooglebQhCsO object| _paq boolean| _hstc_loaded object| icons string| svg_tag_open string| svg_tag_close object| twttr function| lintrk boolean| _already_called_lintrk boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| e boolean| LEAD_FLOW_DOCUMENT_READY_RAN

7 Cookies

Domain/Path Name / Value
.intezer.com/ Name: hubspotutk
Value: b64dbb87db886bd40f2fc6e4698d8db1
.intezer.com/ Name: __hssc
Value: 193884914.1.1600815203278
.intezer.com/ Name: __hssrc
Value: 1
.intezer.com/ Name: __hstc
Value: 193884914.b64dbb87db886bd40f2fc6e4698d8db1.1600815203277.1600815203277.1600815203277.1
.intezer.com/ Name: _ga
Value: GA1.2.1549323542.1600815203
.intezer.com/ Name: _gat_UA-97741055-1
Value: 1
.intezer.com/ Name: _gid
Value: GA1.2.948066574.1600815203

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.hubspot.com
connect.facebook.net
f.hubspotusercontent30.net
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
intezer.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
js.usemessages.com
px.ads.linkedin.com
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
track.hubspot.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.intezer.com
www.linkedin.com
104.244.42.131
104.244.42.133
151.101.112.157
216.58.210.2
2606:4700:10::ac43:2794
2606:4700::6810:b872
2606:4700::6811:44b0
2606:4700::6811:d6cc
2606:4700::6811:eacc
2606:4700::6811:eecc
2606:4700::6812:14bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:802::200a
2a00:1450:4001:809::2003
2a00:1450:4001:809::2008
2a00:1450:4001:819::2004
2a00:1450:4001:81e::2002
2a00:1450:4001:820::200e
2a00:1450:4001:821::200e
2a00:1450:4001:825::2003
2a00:1450:400c:c07::9d
2a02:26f0:6c00:28c::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a05:f500:10:101::b93f:9105
3.10.246.145
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
0c8039edac641706720898cd1f92000b66bb42710ec13655120ad8d79831baee
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1e98a84d201a5ce748c59f64fe3b5341601b863b3fff7d63a045aa6f655edf08
23f5ff9034b5c94dcc236adf9671a4695bb8c180b8b4916c4dac4da20ed4c196
2698f18de870d08f9b84a9e741e1ca17697c8a8ef90703564579bb42ae579d82
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c11242758efe3ec73850edec8aa0130167930b3c7b14e405430d3e8a13ade37
48446357cf9c75846a7c3053f653f7973a1e5291b0a349e89c435f9e6d939bc3
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
676529fd5b7dd3241964ef9540dfab2e2c230899bf2903b64d8d1cb197ba0074
6bebe6bf7abf43624ab1ed62cabc6a1e1d9d5f1cea38042e516439b5391c1621
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
6ce40d9a8cffef73732d5e2fe59a7c591d5ff42a1dd0bf5c778e33f6cc2636cd
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
73eeccc3b95ac2a6f8d27f4cd28e01f9c28f2b17b1ffa1d9e650dff0202684b1
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85773da1634790be2ad363edf70229ca221eb27e01464a97f2f05d2becb18a74
8f2d3f7c35178e69ea1ec0c0b46f21261a523715b7cfb61f0e6f6eede8e4cc5d
9156e8c4d5615527f5371b219301adaf19ef4f354b363b9c9d7477146cde343f
993b54391ed7524e6f321326d0f7bd2ed8f92bcf4e08bb1efc988ca16546807c
a35daa353dc2dd7be7d4daea21bc79209eba51a3aa0dcd14977269a44695352f
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b6df093e982907bfaa83bf10003617fc33805fcff3e4bda8dbcfa704cd8e3ea0
b7bfd3744f2f585482eeeadd30bcc8c99a594d4f1ba0c4e64a1f1080fa090bcb
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
be2aa7c4f8d5a5a7a308318b6861b988f302af6013d3e182da1509e4cf797088
c32b189c24ea78e20750d7194b8491d12bf63f99c94f279bfda8453ef419e91a
c38df4a2300e1acd22e8547908f1c0815e4232522aed59fd2d45942480b56f4c
c4e06ee4fd12c662ac336960b37e3de3af770598c2991796dfe70c1e2f832130
c6c82452d4595c717df8f740c6f9ff4e6ae5bc1bb9f716584b27f457f18a1d04
cb46a64d7719d73929cc7f5887e04ff8d133deb287738934fcfbfb909733b350
d0df7e73cbc0768c0bedff98c883e3d5d1423e9805646c094670e9366a129d14
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e13d6128e860671ef4118c3a90f13a91da28756d753b19d1257bbe6ef0f502bd
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e85052e09a7415a2ab775cc198a96dc956d9de42b90541a5cdc9c5c176725745
ec57b3020089e379d2a266451b696194dc6fa5e1804d2d12564eb6cb1b93209d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f2f2b47b63ba98b25928937ee23d8dde0f0e3ec9d5eca9ca88245508c153b3eb
f85ac79c895138d22ae66533fae937f77438690723cf1a260903f2dcbf44f68c
f90e4f5dc272c5949bf4e80a07433b69e30b49d1593276ba5c35d4d1187432dd
fd63d6a5ec44215e50612d8bea8eff0a12f5d4981ab6745db8d8479f7c102845