www.secureworks.com Open in urlscan Pro
13.93.233.100 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/
Effective URL:
https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Submission: On December 05 via api (December 5th 2019, 9:45:07 am UTC) from IT

Summary HTTP 103 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 31 IPs in 6 countries across 30 domains to perform 103 HTTP transactions. The main IP is 13.93.233.100, located in San Jose, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is www.secureworks.com.
TLS certificate: Issued by Thawte TLS RSA CA G1 on September 6th 2018. Valid for: 2 years.

This is the only time www.secureworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 5	13.93.233.100 13.93.233.100	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
59	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff18	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
1	206.55.101.161 206.55.101.161	22992 (SECUREWORKS) (SECUREWORKS - SecureWorks Corp)
1	2a00:1450:400... 2a00:1450:4001:81b::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	184.31.90.134 184.31.90.134	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	152.195.132.202 152.195.132.202	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1 2	209.167.231.17 209.167.231.17	7160 (NETDYNAMICS) (NETDYNAMICS - Oracle Corporation)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY - Fastly)
3	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY - Fastly)
1	2a02:26f0:10c... 2a02:26f0:10c:399::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
3	2.19.36.87 2.19.36.87	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.224.196.96 13.224.196.96	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	163.171.132.119 163.171.132.119	54994 (QUANTILNE...) (QUANTILNETWORKS - QUANTIL NETWORKS INC)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
2 2	185.33.223.80 185.33.223.80	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	143.204.101.129 143.204.101.129	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
2	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER - Twitter Inc.)
3	162.247.242.18 162.247.242.18	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
1	2a00:1450:400... 2a00:1450:4001:818::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	143.204.101.109 143.204.101.109	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	52.214.100.213 52.214.100.213	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	13.225.78.109 13.225.78.109	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	206.19.49.24 206.19.49.24	17225 (ATT-CERFN...) (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services)
103	31

5 13.93.233.100 (San Jose, United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

www.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 2a01:4a0:1338:28::c38a:ff18 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

pcdnscwx01-maxyilfdpln5c.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.55.101.161 (Chicago, United States)

ASN22992 (SECUREWORKS - SecureWorks Corp, US)
PTR: portal.secureworks.com

portal.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.31.90.134 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-90-134.deploy.static.akamaitechnologies.com

img.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 152.195.132.202 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.167.231.17 (United States) 1 redirects

ASN7160 (NETDYNAMICS - Oracle Corporation, US)
PTR: e017.en25.com

s1659.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:399::3adf (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: zrh04s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.19.36.87 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-36-87.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.196.96 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-96.fra2.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.80 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.129 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-129.fra50.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.242.18 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.109 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-109.fra50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.214.100.213 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-214-100-213.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.78.109 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-78-109.fra2.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	azureedge.net pcdnscwx01-maxyilfdpln5c.azureedge.net	2 MB
6	secureworks.com 2 redirects www.secureworks.com portal.secureworks.com	85 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	nr-data.net bam.nr-data.net	609 B
3	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	6sc.co j.6sc.co c.6sc.co b.6sc.co	7 KB
3	google-analytics.com www.google-analytics.com	18 KB
3	cookielaw.org cdn.cookielaw.org	24 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	facebook.com www.facebook.com	510 B
2	adnxs.com 2 redirects secure.adnxs.com	2 KB
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	facebook.net connect.facebook.net	111 KB
2	bing.com bat.bing.com	8 KB
2	eloqua.com 1 redirects s1659.t.eloqua.com	883 B
1	google.de www.google.de	110 B
1	google.com www.google.com	122 B
1	t.co t.co	167 B
1	twitter.com analytics.twitter.com	265 B
1	ml-api.io attr.ml-api.io	485 B
1	ml-attr.com 1 redirects s.ml-attr.com	285 B
1	demandbase.com tag.demandbase.com	60 KB
1	googleadservices.com www.googleadservices.com	9 KB
1	bizographics.com sjs.bizographics.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	newrelic.com js-agent.newrelic.com	10 KB
1	jquery.com code.jquery.com	30 KB
1	en25.com img.en25.com	3 KB
1	googletagmanager.com www.googletagmanager.com	33 KB
103	30

	Domain	Requested by
59	pcdnscwx01-maxyilfdpln5c.azureedge.net	www.secureworks.com
5	www.secureworks.com	2 redirects www.secureworks.com
3	bam.nr-data.net	js-agent.newrelic.com www.secureworks.com
3	www.google-analytics.com	www.googletagmanager.com
3	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
2	segments.company-target.com	1 redirects
2	match.prod.bidr.io	2 redirects
2	www.facebook.com
2	stats.g.doubleclick.net
2	px.ads.linkedin.com	1 redirects
2	secure.adnxs.com	2 redirects
2	connect.facebook.net	www.secureworks.com connect.facebook.net
2	bat.bing.com	www.googletagmanager.com
2	s1659.t.eloqua.com	1 redirects www.secureworks.com
1	b.6sc.co
1	c.6sc.co	www.secureworks.com
1	apt.techtarget.com
1	api.company-target.com	www.secureworks.com
1	www.google.de
1	www.google.com
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.linkedin.com	1 redirects
1	attr.ml-api.io
1	s.ml-attr.com	1 redirects
1	trk.techtarget.com	www.secureworks.com
1	tag.demandbase.com	www.secureworks.com
1	j.6sc.co	www.secureworks.com
1	www.googleadservices.com	www.googletagmanager.com
1	sjs.bizographics.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	js-agent.newrelic.com	www.secureworks.com
1	code.jquery.com	cdn.cookielaw.org
1	img.en25.com	www.secureworks.com
1	www.googletagmanager.com	www.secureworks.com
1	portal.secureworks.com	www.secureworks.com
103	37

This site contains links to these domains. Also see Links.

Domain
cookiepedia.co.uk
onetrust.com
portal.secureworks.com
investors.secureworks.com
twitter.com
www.linkedin.com
www.facebook.com
www.gartner.com
en.wikipedia.org
dean.edwards.name
web.nvd.nist.gov
www.dni.gov
github.com
pcdnscwx01-maxyilfdpln5c.azureedge.net
www.delltechnologies.com
www.secureworks.jp

Subject Issuer	Validity	Valid
secureworks.com Thawte TLS RSA CA G1	`2018-09-06` - `2020-09-05`	2 years	crt.sh
*.azureedge.net Microsoft IT TLS CA 5	`2019-01-24` - `2021-01-24`	2 years	crt.sh
portal.secureworks.com Thawte EV RSA CA 2018	`2018-03-02` - `2020-03-01`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.en25.com DigiCert SHA2 Secure Server CA	`2019-06-21` - `2020-08-19`	a year	crt.sh
sa437gl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2018-05-17` - `2020-08-19`	2 years	crt.sh
*.t.eloqua.com DigiCert SHA2 Secure Server CA	`2019-01-14` - `2020-03-14`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-04-10` - `2020-03-21`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2018-04-13` - `2020-04-17`	2 years	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-11-06` - `2020-02-04`	3 months	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2018-10-22` - `2020-01-21`	a year	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-02-15` - `2020-02-15`	a year	crt.sh
*.ml-api.io Amazon	`2019-02-22` - `2020-03-22`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
*.nr-data.net GeoTrust RSA CA 2018	`2018-01-11` - `2020-03-17`	2 years	crt.sh
www.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Frame ID: F68AD328E21F784AB0E426E43144C934
Requests: 103 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Threat Group-3390 Targets Organizations for Cyberespionage | Secureworks

Page URL History Show full URLs

http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-fo... HTTP 307
https://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-fo... HTTP 301
https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

103
Requests

100 %
HTTPS

40 %
IPv6

30
Domains

37
Subdomains

31
IPs

6
Countries

2011 kB
Transfer

3512 kB
Size

4
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More Information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://portal.secureworks.com/portal/loginIDP
Title: Login

Search URL Search Domain Scan URL

URL: https://investors.secureworks.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage&text=Threat%20Group%203390%20Cyberespionage&via=Secureworks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage&source=Secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Search URL Search Domain Scan URL

URL: https://www.gartner.com/doc/2487216/definition-threat-intelligence
Title: threat intelligence

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/Internet_Information_Services
Title: Internet Information Services

Search URL Search Domain Scan URL

URL: http://dean.edwards.name/download/#packer
Title: packed

Search URL Search Domain Scan URL

URL: http://dean.edwards.name/unpacker/
Title: unpacked

Search URL Search Domain Scan URL

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3544
Title: CVE-2011-3544

Search URL Search Domain Scan URL

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0738
Title: CVE-2010-0738

Search URL Search Domain Scan URL

URL: http://www.dni.gov/files/documents/Newsroom/Press%20Releases/2007%20Press%20Releases/20071203_release.pdf
Title: published

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/secureworks
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/secureworks
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/secureworks
Title:

Search URL Search Domain Scan URL

URL: https://github.com/secureworks
Title:

Search URL Search Domain Scan URL

URL: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Files/Corporate/ModernSlaveryStatement.ashx?modified=20190207212855
Title: Supply Chain Transparency

Search URL Search Domain Scan URL

URL: https://www.delltechnologies.com/
Title: Dell Technologies

Search URL Search Domain Scan URL

URL: https://www.secureworks.jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fwww.secureworks.com%2fresearch%2fthreat-group-3390-targets-organizations-for-cyberespionage&source=Secureworks

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3a%2f%2fwww.secureworks.com%2fresearch%2fthreat-group-3390-targets-organizations-for-cyberespionage&hashtags=Secureworks&via=Secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3a%2f%2fwww.secureworks.com%2fresearch%2fthreat-group-3390-targets-organizations-for-cyberespionage

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/ HTTP 307
https://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/ HTTP 301
https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=915&optin=disabled&firstPartyCookieDomain=www.secureworks.com HTTP 302
http://www.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=915&optin=disabled&elq1pcGUID=35EE3A3E65284F82B768E1DC5DE204B1 HTTP 307
https://www.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=915&optin=disabled&elq1pcGUID=35EE3A3E65284F82B768E1DC5DE204B1 HTTP 302
https://www.secureworks.com/404?item=%2fvisitor%2fv200%2fsvrgp&user=extranet%5cAnonymous&site=website

Request Chain 79

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.secureworks.com&pId=6557760276126749500

Request Chain 80

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&time=1575539090435 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26756%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%252Fresearch%252Fthreat-group-3390-targets-organizations-for-cyberespionage%26time%3D1575539090435%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&time=1575539090435&liSync=true

Request Chain 95

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AADl3E670aMAAC7FVH11yA HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADl3E670aMAAC7FVH11yA&verifyHash=425b08da692df5b18c63981897b99837995156d8

103 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set threat-group-3390-targets-organizations-for-cyberespionage Show response
www.secureworks.com/research/
Redirect Chain

http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/
https://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/
https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

211 KB
50 KB

774ms
445ms

Document
text/html

13.93.233.100
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.93.233.100 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

654650c48b310bfef370e83d7b9ad32ea8f3e197dd632b04a592ded5474cc093

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Host: www.secureworks.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Cookie: ApplicationGatewayAffinity=b3433d94be8f768d0b5f4c588c6325edeeab03f43cda79ff4dba83e24925ff9a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: sc_expview=0; path=/ ASP.NET_SessionId=mximwiuebc5j35j1qgwg4e13; path=/; HttpOnly
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Date: Thu, 05 Dec 2019 09:44:47 GMT
Content-Length: 49238

Redirect headers

Content-Type: text/html; charset=utf-8
Location: /research/threat-group-3390-targets-organizations-for-cyberespionage
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Set-Cookie: ApplicationGatewayAffinity=b3433d94be8f768d0b5f4c588c6325edeeab03f43cda79ff4dba83e24925ff9a;Path=/;Domain=www.secureworks.com
Date: Thu, 05 Dec 2019 09:44:47 GMT
Content-Length: 20494

GET
H2 200 html5reset-1.6.1.css
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/ 1 KB
859 B 260ms
189ms Stylesheet
text/css 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/html5reset-1.6.1.css

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:39 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: text/css
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 573
etag: "217e7365a8fdd41:0"

GET
H2 200 western-typographies.css
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/ 2 KB
651 B 233ms
162ms Stylesheet
text/css 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/western-typographies.css?v=05012019

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:39 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: text/css
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 365
etag: "54b77d65a8fdd41:0"

GET
H2 200 main.css
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/ 235 KB
36 KB 303ms
232ms Stylesheet
text/css 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/main.css?v=072520191111

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

4943c777d42903d7b958355cdcc8590782ea5818ae432e4f5bb1bb2fadbb10c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: ASP.NET
content-security-policy-report-only: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
status: 200
vary: Accept-Encoding
content-length: 35707
etag: "16b9634d5748d51:0"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 01 Aug 2019 10:53:07 GMT
server: Microsoft-IIS/8.5
date: Thu, 05 Dec 2019 09:44:48 GMT
x-frame-options: DENY
content-type: text/css
accept-ranges: bytes

GET
H2 200 style.css
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/css/ 155 KB
22 KB 420ms
349ms Stylesheet
text/css 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/css/style.css?v=08062019

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

ed7acce01f3f6f9c035d9e4c180803695e48c789a2efda9cd93f0469f1bfc9d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: ASP.NET
content-security-policy-report-only: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
status: 200
vary: Accept-Encoding
content-length: 21310
etag: "0dafc44d04bd51:0"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 05 Aug 2019 20:56:36 GMT
server: Microsoft-IIS/8.5
date: Thu, 05 Dec 2019 09:44:48 GMT
x-frame-options: DENY
content-type: text/css
accept-ranges: bytes

GET
H2 200 jquery-3.3.1.min.js Show response
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/ 85 KB
30 KB 204ms
133ms Script
application/javascript 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/jquery-3.3.1.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:50 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: application/javascript
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 30351
etag: "d11ad6ba8fdd41:0"

GET
H2 200 Arke.SecureWorks.EloquaFormV2.js Show response
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/form/ 5 KB
3 KB 226ms
156ms Script
application/javascript 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/form/Arke.SecureWorks.EloquaFormV2.js?v=08012019

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

df629edbde8c1983b0561460aa1907072a365e4d750d09a039e07a42c882574d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: ASP.NET
content-security-policy-report-only: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
status: 200
vary: Accept-Encoding
content-length: 1898
etag: "05212ddd147d51:0"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 31 Jul 2019 18:57:56 GMT
server: Microsoft-IIS/8.5
date: Thu, 05 Dec 2019 09:44:48 GMT
x-frame-options: DENY
content-type: application/javascript
accept-ranges: bytes

GET
H2 200 logo.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Navigation/ 4 KB
4 KB 13ms
13ms Image
image/svg+xml 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Navigation/logo.ashx?modified=20190419084624&la=en&hash=A09D0DFF8AC6499B15407577BF81E7A87A290435

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

c812381c9ac71514c3891e0e18a2d7746e473661f0dd4f1e2551afdbc9b1936b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="logo.svg"
content-length: 3939
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Apr 2019 08:46:24 GMT
server: Microsoft-IIS/8.5
etag: c047221416b84fa58b57396b65dc827f
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 btn-arrow.svg
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/images/ 2 KB
2 KB 11ms
11ms Image
image/svg+xml 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/images/btn-arrow.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:53 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: image/svg+xml
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 2096
etag: "cc57b86da8fdd41:0"

GET
H2 200 arrow-back.svg
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/images/ 1 KB
1 KB 19ms
19ms Image
image/svg+xml 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/images/arrow-back.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:53 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: image/svg+xml
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 1025
etag: "1469d6da8fdd41:0"

GET
H2 200 rc_logo_menu.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Products/ 32 KB
32 KB 39ms
32ms Image
image/png 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Products/rc_logo_menu.ashx?modified=20190419105139&h=152&w=580&la=en&hash=9336BC9BDEED9A629CBF0E31C707E50B566FF7EE

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

171e7b748124982e2867189b3e1395caa954fd5807b6f44162e91536b705de06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="rc_logo_menu.png"
content-length: 32581
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Apr 2019 10:51:39 GMT
server: Microsoft-IIS/8.5
etag: b6a65bbf2c2940e6bc56a9dfe4765127
x-frame-options: DENY
content-type: image/png
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 red-cloak-image2.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Products/ 160 KB
160 KB 73ms
66ms Image
image/png 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Products/red-cloak-image2.ashx?modified=20190428133414&h=704&w=800&la=en&hash=EA9716587A8CDF2232555719F2F51A0189F7506E

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

fa8ec5f7ef1d6e3c8552080a80896358e20ce4241767dead448be7e9782bd3a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="red-cloak-image2.png"
content-length: 163537
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 13:34:14 GMT
server: Microsoft-IIS/8.5
etag: 3eae3a6835d34d4b8bb47a94adde76ee
x-frame-options: DENY
content-type: image/png
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img001-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 22 KB
23 KB 109ms
102ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img001-sml.ashx?h=120&w=500&la=en&modified=20151123205018&hash=8790E85D2ACBD1533645F11B56C56F5DDEA351C9

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

5b63d0923d05bc3afb24948addbd35594332a7eb5154d049bfd9f9b0ce7fffdb

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img001-sml.jpg"
content-length: 22691
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:18 GMT
server: Microsoft-IIS/8.5
etag: 5dfe7090569d47478812abd11c02c6d9
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img002-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 19 KB
20 KB 102ms
95ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img002-sml.ashx?h=136&w=500&la=en&modified=20151123205019&hash=AB9289FD79F86385694B1B4F6139A1391E4C5BDA

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

8ae444cc32c6d80f940552a99b489ec1618cf275286fb3bc9e4da71662a551fd

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img002-sml.jpg"
content-length: 19562
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:19 GMT
server: Microsoft-IIS/8.5
etag: 72760c08b4ea4c4bbef15e3316f957c0
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img003-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 20 KB
21 KB 122ms
115ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img003-sml.ashx?h=67&w=500&la=en&modified=20151123205019&hash=E236BF226BD59A14AA932A64998D5C1F180174DF

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

f4b66b93cd3fe7b811513cfc90d9a843c00e31eb9bcf8462e6456434d4f1cd20

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img003-sml.jpg"
content-length: 20874
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:19 GMT
server: Microsoft-IIS/8.5
etag: 659361f569e04fa29451b3627d441700
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img004-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 9 KB
10 KB 102ms
95ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img004-sml.ashx?h=12&w=500&la=en&modified=20151123205020&hash=B3DD4E354C962F67D1CF35DA62B0AA22E943516F

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

75bf58ab146a6fdc019b799857ab18d47999023496aefe13d39ded1844e57d34

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img004-sml.jpg"
content-length: 8881
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:20 GMT
server: Microsoft-IIS/8.5
etag: 08d58ca25d61488bb802fecbac6dd394
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img005-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 27 KB
28 KB 110ms
103ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img005-sml.ashx?h=110&w=500&la=en&modified=20151123205020&hash=2750E2CBF621F67A7DD6C087CDA7A97BABB298AE

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

2b995e968c45ad9a5d516970b9e8d4de25352edb4ea8c015b61aa9b1088589af

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img005-sml.jpg"
content-length: 27763
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:20 GMT
server: Microsoft-IIS/8.5
etag: f43b08e3c9a14cd2827b714b98dc63c0
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img006-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 27 KB
28 KB 98ms
91ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img006-sml.ashx?h=138&w=500&la=en&modified=20151123205021&hash=C67084936C23EAE882BBA4A419B1C02F72279390

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7e27ac7bc86fe65529ab71cf527fbe7486fa2ffa71119a20c60d04c47580f883

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img006-sml.jpg"
content-length: 27820
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:21 GMT
server: Microsoft-IIS/8.5
etag: 299d8e4fe8b642d68f9febe84d838852
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img007-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 29 KB
30 KB 110ms
103ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img007-sml.ashx?h=307&w=500&la=en&modified=20151123205021&hash=57B49A0AB1E39595FF09BCA2391D1C4692126EB5

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7d65115f40ced8dd6b7f1dfc6faec90e2ce916248d813fe99185dc5e59317d4f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img007-sml.jpg"
content-length: 29871
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:21 GMT
server: Microsoft-IIS/8.5
etag: cce2a542308f4c2abeb4aa8ed58a2661
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img008-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 34 KB
36 KB 95ms
88ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img008-sml.ashx?h=75&w=500&la=en&modified=20151123205021&hash=15F96F3948DA9F6932774F898392A321DDEA0FFA

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

4e88ca00b0064f59821ff541958353ee21202a0444b1a9923fe9be34805e6189

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img008-sml.jpg"
content-length: 35309
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:21 GMT
server: Microsoft-IIS/8.5
etag: e5fcd1e70d564dd58f556e7508983127
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img009-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 29 KB
30 KB 115ms
108ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img009-sml.ashx?h=60&w=500&la=en&modified=20151123205022&hash=40026816E57BFEA973A41AFE0123763EAB0AC457

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

786bf053c1965ab32ed5ffcd3b5af9e6f66d4dd0b09df7adac85d553004edb1c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img009-sml.jpg"
content-length: 30019
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:22 GMT
server: Microsoft-IIS/8.5
etag: 4cd076004a334e81aa625ebbb0626a3f
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img010-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 12 KB
13 KB 77ms
71ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img010-sml.ashx?h=31&w=500&la=en&modified=20151123205022&hash=591006D605BAB4B977C791ADD3EF3730F4681C6A

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

6f5de1bcdea51634d61d0dbb25f43c8143621c728c445986e4d59bdd315b8b71

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img010-sml.jpg"
content-length: 12705
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:22 GMT
server: Microsoft-IIS/8.5
etag: d69bce4d019c429486da007fa7c2349e
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img011-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 32 KB
33 KB 95ms
89ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img011-sml.ashx?h=181&w=500&la=en&modified=20151123205023&hash=E01B82EAC4E22C90603038638A21DB1E1CBD2B39

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7193ec86f6d7b2b0988deb32d3847bb194fcc4192486ac36b610f47888129c5e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img011-sml.jpg"
content-length: 32727
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:23 GMT
server: Microsoft-IIS/8.5
etag: 53382e79cc4a4e96bf04d80eea106f2e
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img012-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 14 KB
15 KB 104ms
98ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img012-sml.ashx?h=59&w=500&la=en&modified=20151123205023&hash=C87B44A46A5DB4C5EC64C37294D9FD9379453E61

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7fb766836b390eaf0d4e3fc23e519521f205526b7380d570dfd5ccbe3863ad09

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img012-sml.jpg"
content-length: 14041
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:23 GMT
server: Microsoft-IIS/8.5
etag: fe2d452d83b34dab837405f6932a18ef
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img013-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 9 KB
10 KB 120ms
114ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img013-sml.ashx?h=14&w=500&la=en&modified=20151123205024&hash=17852A44CFD947182F6325FD6827171DB3CB84F2

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

89109889e208edb7af21fdf4776cf4fecea762a8ba13a9aeee8e99796b39fa38

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img013-sml.jpg"
content-length: 9303
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:24 GMT
server: Microsoft-IIS/8.5
etag: ca4894c0544446c4bb080b7205f67fe1
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img014-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 15 KB
16 KB 124ms
118ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img014-sml.ashx?h=51&w=500&la=en&modified=20151123205024&hash=86E7D6EB917C412AA6856ADBD115E5ACE763033B

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

48569c365618d185c9fa802c0acc3ab85fd05c6695525e365aa97af9700c15ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img014-sml.jpg"
content-length: 15513
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:24 GMT
server: Microsoft-IIS/8.5
etag: f56b74a48aa147d5bf5a15efe26a7bd0
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img015-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 11 KB
12 KB 123ms
117ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img015-sml.ashx?h=79&w=500&la=en&modified=20151123205025&hash=BC54EAE98FB8DB655F3EA6AE665FB2AF43E0DFF8

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

066be1f9c94503d7d546d7e633beb2e0209e4653aa847ebd4544062ea6e6f5cc

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img015-sml.jpg"
content-length: 10984
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:25 GMT
server: Microsoft-IIS/8.5
etag: a62fe95693b24e649344a9b6b83ba082
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img016-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 8 KB
9 KB 122ms
116ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img016-sml.ashx?h=13&w=500&la=en&modified=20151124185724&hash=5874F9185A634FD0A20B4F230D6E4C026D1EC57F

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

fa4111062d540edd318ba3c991808dcce3dcbe9e74ec3078a1ad3cb9c6f8534d

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img016-sml.jpg"
content-length: 8378
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 24 Nov 2015 18:57:24 GMT
server: Microsoft-IIS/8.5
etag: 07c80a98a15e4c88a0b5ad33672b3cef
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img017-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 37 KB
38 KB 137ms
131ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img017-sml.ashx?h=290&w=500&la=en&modified=20151123205025&hash=68BE3E0464EDF3B085DBDFFD34AE1E5F8F93FB8E

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

740e443a7a4fd5a2ce7d4817088a09fd13bd8bd03d33c2c7180ebe368b1742f9

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img017-sml.jpg"
content-length: 37651
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:25 GMT
server: Microsoft-IIS/8.5
etag: 0089ab55779c48c5a7246caeaa1684c5
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img018-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 42 KB
43 KB 107ms
102ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img018-sml.ashx?h=421&w=500&la=en&modified=20151123205026&hash=3D9E979200D0D1E2AA6D93E79090D982A65A610A

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

c7debf416764a0cf0ee43711b1d5eb0b04125442c5e6e2e90f733b22b67b7b33

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img018-sml.jpg"
content-length: 43169
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:26 GMT
server: Microsoft-IIS/8.5
etag: ae88b35554d44250a2f98eaaa81a47e2
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img019-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 39 KB
41 KB 129ms
123ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img019-sml.ashx?h=220&w=500&la=en&modified=20151123205026&hash=20BA17D49576C88AC984EEF05F11CEE50FB30B38

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

9cbd7238cd27a946923299b27265062980b79c350e798e21b1bda12644b2dfca

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img019-sml.jpg"
content-length: 40312
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:26 GMT
server: Microsoft-IIS/8.5
etag: 6626a0e8e8aa4f80a0a68a0478d08b6d
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img020-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 7 KB
8 KB 122ms
116ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img020-sml.ashx?h=11&w=500&la=en&modified=20151123205027&hash=59C4CB636E14640457C310ED4F7EF39363B0F862

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

a36288fcf5bd9f63c14e6a90551a073c80af642028b28e339167e5ab0239d978

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img020-sml.jpg"
content-length: 7479
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:27 GMT
server: Microsoft-IIS/8.5
etag: 47fdb36d221a4c9fac866214392de0a3
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img021-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 39 KB
40 KB 120ms
115ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img021-sml.ashx?h=85&w=500&la=en&modified=20151123205027&hash=EC1608A59C3815A2E624DB10BEF88EBD11F77B78

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

5f91b6cce63fd136afeb0b14fbd302a76a3f01a8d39b07c16d6a3ffda193bcc7

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img021-sml.jpg"
content-length: 40183
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Nov 2015 20:50:27 GMT
server: Microsoft-IIS/8.5
etag: 577146a05ead405eb7027876b969c59f
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 blog-img022-sml.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/ 8 KB
9 KB 125ms
120ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Resources/Threat%20Analyses/003%20threat%20group%203390/blog-img022-sml.ashx?h=13&w=500&la=en&modified=20151124160830&hash=C6686B15D18222FC9BD4050D6661CCE80CEAA688

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

51b6fe58f7372b34d93a1ea7f68169ba25f68fe8a78456717cf9f32019cac7d5

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="blog-img022-sml.jpg"
content-length: 7796
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 24 Nov 2015 16:08:30 GMT
server: Microsoft-IIS/8.5
etag: f4d24c269054448290ae0e1651657633
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H/1.1 200
OK arrow_up.jpg
portal.secureworks.com/images/research/androidsurvey/ 347 B
687 B 756ms
146ms Image
image/jpeg 206.55.101.161
SecureWorks Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.secureworks.com/images/research/androidsurvey/arrow_up.jpg
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 206.55.101.161 Chicago, United States, ASN22992 (SECUREWORKS - SecureWorks Corp, US),
Reverse DNS: portal.secureworks.com
Software: /
Resource Hash: fa57809db47d60bfa2fdd595f7184a48cff868ae56492ad0bc7931d16ca1c551

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Dec 2019 09:44:49 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Sep 2011 14:19:14 GMT
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Content-Length: 263

GET
H2 200 abstract_blue-graphs_375x630_dark.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/2019/abstract_0008_blue-graphs/ 43 KB
45 KB 88ms
83ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/2019/abstract_0008_blue-graphs/abstract_blue-graphs_375x630_dark.ashx?modified=20191017195505

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

1971fc09cd06945e207185bd0765a0149b10a3c34e3bb563cbc9f05ac2aa9d30

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="abstract_blue-graphs_375x630_dark.jpg"
content-length: 44432
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 17 Oct 2019 19:55:05 GMT
server: Microsoft-IIS/8.5
etag: c079bf4f01eb48488d78bd54b188a978
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 green_burst_360x190.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/2D/021%20green%20burst/ 32 KB
33 KB 101ms
96ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/2D/021%20green%20burst/green_burst_360x190.ashx?modified=20180213141900

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e91195552d24d204a4fd7a778135ac53eb124e853040a0c737eab10a8084745f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="green_burst_360x190.jpg"
content-length: 32960
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 13 Feb 2018 14:19:00 GMT
server: Microsoft-IIS/8.5
etag: 2b5383b739fd49e1821efbdad15ba8c5
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H/1.1 200
OK fallback-tile.jpg
www.secureworks.com/content/app/img/ 16 KB
18 KB 190ms
187ms Image
image/jpeg 13.93.233.100
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/content/app/img/fallback-tile.jpg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.93.233.100 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

56d43da645983b2c1271bd821fadedee43ce6688dc2b8bf05c948b64c081517d

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sun, 28 Apr 2019 09:54:49 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/jpeg
Date: Thu, 05 Dec 2019 09:44:48 GMT
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Accept-Ranges: bytes
Content-Length: 16540
ETag: "95c1fb6aa8fdd41:0"

GET
H2 200 places_0060_school-locker_360x190.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Places/060%20school-locker/ 12 KB
14 KB 111ms
106ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/Insights/Places/060%20school-locker/places_0060_school-locker_360x190.ashx?modified=20160518170910

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

57a29587a4c1afd2f1433e67507ef73107187c101cc546f14148f5088c65028c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="places_0060_school-locker_360x190.jpg"
content-length: 12742
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 18 May 2016 17:09:10 GMT
server: Microsoft-IIS/8.5
etag: 706868c84e024843afb2875189ff3eb2
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 linkedin.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/SharedElements/Footer/ 966 B
1 KB 103ms
98ms Image
image/svg+xml 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/SharedElements/Footer/linkedin.ashx?modified=20151001162233

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="linkedin.svg"
content-length: 966
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 01 Oct 2015 16:22:33 GMT
server: Microsoft-IIS/8.5
etag: c54c6c9a1d6f46c2a44d4e2cd4d333b8
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 twitter.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/SharedElements/Footer/ 1 KB
2 KB 88ms
83ms Image
image/svg+xml 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/SharedElements/Footer/twitter.ashx?modified=20151001162249

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="twitter.svg"
content-length: 1339
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 01 Oct 2015 16:22:49 GMT
server: Microsoft-IIS/8.5
etag: 5b3bdeaf674d4a84bfe8c14eab766a6e
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 facebook2.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/SharedElements/Footer/ 587 B
932 B 101ms
97ms Image
image/svg+xml 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/SharedElements/Footer/facebook2.ashx?modified=20190116141121

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="facebook2.svg"
content-length: 587
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Jan 2019 14:11:21 GMT
server: Microsoft-IIS/8.5
etag: 28bfcea6d26843b2a7f93b7e579b9a64
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 github.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/SharedElements/Footer/ 1 KB
1 KB 105ms
100ms Image
image/svg+xml 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/SharedElements/Footer/github.ashx?modified=20190116135435

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="github.svg"
content-length: 1129
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Jan 2019 13:54:35 GMT
server: Microsoft-IIS/8.5
etag: 993bc4133ae84b5f9a9d8d72d3446f96
x-frame-options: DENY
content-type: image/svg+xml
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 dell-technologies.png
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/img/ 2 KB
3 KB 120ms
115ms Image
image/png 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/img/dell-technologies.png

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:49 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: image/png
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 2543
etag: "7739e86aa8fdd41:0"

GET
H2 200 libs.min.js Show response
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/ 151 KB
40 KB 168ms
167ms Script
application/javascript 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/libs.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

eba76ac8345f08f6f41fc5cd7d9caf25edb9b2ac46bea2a500482c8a0b7136fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:50 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: application/javascript
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 40558
etag: "91aac16ba8fdd41:0"

GET
H2 200 main.js Show response
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/ 110 KB
31 KB 41ms
41ms Script
application/javascript 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/main.js?v=080120191

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

26a544d7d235757a337def43a4c6e27804a74c38b5a0645a4d772080ce9dc0b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: ASP.NET
content-security-policy-report-only: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
status: 200
vary: Accept-Encoding
content-length: 30993
etag: "3cd91b667847d51:0"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 31 Jul 2019 08:17:31 GMT
server: Microsoft-IIS/8.5
date: Thu, 05 Dec 2019 09:44:48 GMT
x-frame-options: DENY
content-type: application/javascript
accept-ranges: bytes

GET
H2 200 products.js Show response
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/js/ 130 KB
28 KB 97ms
97ms Script
application/javascript 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/js/products.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

4be618f5923b8089e93ee32766120eb5931221546e5b8754384f9848e057b287

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:56 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: application/javascript
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 28523
etag: "578e226fa8fdd41:0"

GET
H2 200 default.css
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/highlighter/ 1 KB
865 B 46ms
46ms Stylesheet
text/css 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/highlighter/default.css

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:40 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: text/css
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 580
etag: "7069ed65a8fdd41:0"

GET
H2 200 highlight.pack.js Show response
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/libs/ 50 KB
20 KB 51ms
29ms Script
application/javascript 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/js/libs/highlight.pack.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:51 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: application/javascript
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 20267
etag: "78cc216ca8fdd41:0"

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 123 KB
33 KB 20ms
16ms Script
application/javascript 2a00:1450:4001:81b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a135125444191b00327fb4df2e740ebadaf2f0b04820535181f6c520b240852a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:48 GMT
content-encoding: br
last-modified: Thu, 05 Dec 2019 09:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 33528
x-xss-protection: 0
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 search_black.svg
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/images/ 1 KB
1 KB 90ms
89ms Image
image/svg+xml 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/images/search_black.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

9b0bf159f80983222b73d42eec10e4996ec8c0ac1730114ccb1a15579434cc1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/css/style.css?v=08062019
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:54 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: image/svg+xml
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 1201
etag: "8f264e6ea8fdd41:0"

GET
H2 200 visuelt-medium.woff
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/ 36 KB
36 KB 27ms
16ms Font
font/x-woff 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/visuelt-medium.woff

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/css/style.css?v=08062019
Origin: https://www.secureworks.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:53 GMT
server: Microsoft-IIS/8.5
access-control-allow-origin: *
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: font/x-woff
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 36448
etag: "b993886da8fdd41:0"

GET
H2 200 visuelt-regular.woff
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/ 34 KB
35 KB 162ms
151ms Font
font/x-woff 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/visuelt-regular.woff

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/css/style.css?v=08062019
Origin: https://www.secureworks.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:53 GMT
server: Microsoft-IIS/8.5
access-control-allow-origin: *
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: font/x-woff
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 34560
etag: "60db956da8fdd41:0"

GET
H2 200 visuelt-light.woff
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/ 63 KB
65 KB 105ms
94ms Font
font/x-woff 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/visuelt-light.woff

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/css/style.css?v=08062019
Origin: https://www.secureworks.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:53 GMT
server: Microsoft-IIS/8.5
access-control-allow-origin: *
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: font/x-woff
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 64920
etag: "1f4d7b6da8fdd41:0"

GET
H2 200 icomoon.ttf
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/fonts/icomoon-new/ 3 KB
4 KB 43ms
33ms Font
application/octet-stream 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/fonts/icomoon-new/icomoon.ttf?8und5p

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/main.css?v=072520191111
Origin: https://www.secureworks.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:42 GMT
server: Microsoft-IIS/8.5
access-control-allow-origin: *
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: application/octet-stream
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 2904
etag: "a19d466a8fdd41:0"

GET
H2 200 visuelt-black.woff
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/ 34 KB
35 KB 207ms
196ms Font
font/x-woff 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/visuelt-black.woff

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/css/style.css?v=08062019
Origin: https://www.secureworks.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:53 GMT
server: Microsoft-IIS/8.5
access-control-allow-origin: *
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: font/x-woff
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 35128
etag: "7ac55e6da8fdd41:0"

GET
H2 200 visuelt-bold.woff
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/ 35 KB
36 KB 48ms
37ms Font
font/x-woff 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/fonts/visuelt/visuelt-bold.woff

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

acc248ead4890c65f3e2792cfe555e4d98c961f4b564bc4a77e86270dd3051f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/rc/css/style.css?v=08062019
Origin: https://www.secureworks.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 28 Apr 2019 09:54:53 GMT
server: Microsoft-IIS/8.5
access-control-allow-origin: *
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: font/x-woff
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 36300
etag: "2af56c6da8fdd41:0"

GET
H2 200 icomoon.ttf
pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/fonts/icomoon/ 3 KB
4 KB 30ms
24ms Font
application/octet-stream 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/fonts/icomoon/icomoon.ttf?3dz4z

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://pcdnscwx01-maxyilfdpln5c.azureedge.net/content/app/css/main.css?v=072520191111
Origin: https://www.secureworks.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 29 Apr 2019 11:42:14 GMT
server: Microsoft-IIS/8.5
access-control-allow-origin: *
x-powered-by: ASP.NET
x-frame-options: DENY
content-type: application/octet-stream
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges: bytes
content-length: 2736
etag: "6ed4139780fed41:0"

GET
H/1.1 200
OK elqCfg.min.js Show response
img.en25.com/i/ 6 KB
3 KB 90ms
30ms Script
application/x-javascript 184.31.90.134
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://img.en25.com/i/elqCfg.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.31.90.134 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a184-31-90-134.deploy.static.akamaitechnologies.com

Software

/ ASP.NET

Resource Hash

6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Thu, 05 Dec 2019 09:44:48 GMT
Connection: keep-alive
Content-Length: 2115
Pragma: no-cache
Last-Modified: Wed, 24 Jul 2019 19:48:25 GMT
ETag: "12d7dac15842d51:0"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store
Accept-Ranges: bytes
Expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 by-industry-financial-institutions.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/ 122 KB
123 KB 28ms
27ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/by-industry-financial-institutions.ashx?modified=20190419173050

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

b520c94e2aab76a8c7e7b02f6867b778bf014c80d7f337cd37838dd49d7a270f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="by-industry-financial-institutions.jpg"
content-length: 124982
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Apr 2019 17:30:50 GMT
server: Microsoft-IIS/8.5
etag: 1692dbe720f04522b02083a113c30b78
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 by-industry-government.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/ 71 KB
71 KB 20ms
20ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/by-industry-government.ashx?modified=20190419173052

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

a6f04f314e19e25a4510b639f4cdb9f6c1e9e0c6836853ed3a2beb9524114462

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="by-industry-government.jpg"
content-length: 72214
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Apr 2019 17:30:52 GMT
server: Microsoft-IIS/8.5
etag: 9a23cdae0951451fa791db3403a061ea
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 by-industry-healthcare.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/ 47 KB
48 KB 20ms
19ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/by-industry-healthcare.ashx?modified=20190423224343

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e292c71413292bdf338c1bd1b4ddc29647e87480e2b3fd064a6264d60ad0506a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="by-industry-healthcare.jpg"
content-length: 48535
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Apr 2019 22:43:43 GMT
server: Microsoft-IIS/8.5
etag: af56c43af7004f4a957303912a81c49e
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 by-industry-manufactoring.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/ 75 KB
76 KB 24ms
24ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/by-industry-manufactoring.ashx?modified=20190423224408

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

6e3cda5532be9382055e989ad552cc7d45305ff98be349720cce3dcf17e8d58e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="by-industry-manufactoring.jpg"
content-length: 77284
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Apr 2019 22:44:08 GMT
server: Microsoft-IIS/8.5
etag: c1b73e2493b24b83b78613e3d9872486
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 by-industry-retail.ashx
pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/ 43 KB
43 KB 14ms
14ms Image
image/jpeg 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcdnscwx01-maxyilfdpln5c.azureedge.net/~/media/Images/4-2019/Industry/by-industry-retail.ashx?modified=20190423224432

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

87f3971f74f483593a67cdc03e56301ec24b878e42df7070fa050181f246ed6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: ASP.NET
status: 200
date: Thu, 05 Dec 2019 09:44:48 GMT
content-disposition: inline; filename="by-industry-retail.jpg"
content-length: 43606
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Apr 2019 22:44:32 GMT
server: Microsoft-IIS/8.5
etag: 3561838ea2d84e6dbe0abca0bdc3b321
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, no-cache
accept-ranges: bytes
expires: Thu, 05 Dec 2019 09:44:48 GMT

GET
H2 200 722c3cab-f94f-479e-9e1b-631ba9f5a469.js Show response
cdn.cookielaw.org/langswitch/ 1 KB
1 KB 127ms
33ms Script
application/x-javascript 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/langswitch/722c3cab-f94f-479e-9e1b-631ba9f5a469.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (lha/8D6F) /
Resource Hash: 33b765efcb980c8ce1d71082a94da0d2f21cb9dab22807e94274994a9643eef3

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Dec 2019 09:44:49 GMT
content-encoding: gzip
content-md5: rPc32acNI2bqdZNwd5ARTA==
x-cache: HIT
status: 200
content-length: 668
x-ms-lease-status: unlocked
last-modified: Tue, 19 Nov 2019 20:56:47 GMT
server: ECAcc (lha/8D6F)
etag: 0x8D76D32FE311D7E
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 5896f7a8-a01e-005b-6740-abdf9a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Thu, 05 Dec 2019 13:44:49 GMT

GET
H/1.1 200
OK svrGP
s1659.t.eloqua.com/visitor/v200/ 49 B
373 B 452ms
116ms Image
image/gif 209.167.231.17
Oracle Corporation

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=915&optin=disabled

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

209.167.231.17 , United States, ASN7160 (NETDYNAMICS - Oracle Corporation, US),

Reverse DNS

e017.en25.com

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Thu, 05 Dec 2019 09:44:50 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: private,no-cache, no-store
Content-Type: image/gif
Content-Length: 49
Expires: -1

GET
H/1.1

404
Not Found

404
www.secureworks.com/
Redirect Chain

https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=915&optin=disabled&firstPartyCookieDomain=www.secureworks.com
http://www.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=915&optin=disabled&elq1pcGUID=35EE3A3E65284F82B768E1DC5DE204B1
https://www.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=915&optin=disabled&elq1pcGUID=35EE3A3E65284F82B768E1DC5DE204B1
https://www.secureworks.com/404?item=%2fvisitor%2fv200%2fsvrgp&user=extranet%5cAnonymous&site=website

15 KB
15 KB

783ms
268ms

Image
text/html

13.93.233.100
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/404?item=%2fvisitor%2fv200%2fsvrgp&user=extranet%5cAnonymous&site=website

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.93.233.100 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

93360f8c41ab0de4045226fbd3416a445bbce166c89b8a85e71b984090f7d750

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Cache-Control: private
Date: Thu, 05 Dec 2019 09:44:50 GMT
Content-Security-Policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Content-Length: 76227
X-Content-Type-Options: nosniff

Redirect headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Location: /404?item=%2fvisitor%2fv200%2fsvrgp&user=extranet%5cAnonymous&site=website
Cache-Control: private
Date: Thu, 05 Dec 2019 09:44:49 GMT
Content-Security-Policy: script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Content-Length: 20412
X-Content-Type-Options: nosniff

GET
H2 200 099f118e-cbc2-4e14-9e08-ad04968ca44a.js Show response
cdn.cookielaw.org/consent/ 77 KB
17 KB 33ms
33ms Script
application/x-javascript 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/consent/099f118e-cbc2-4e14-9e08-ad04968ca44a.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/722c3cab-f94f-479e-9e1b-631ba9f5a469.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (lha/8DF5) /
Resource Hash: 9857f8116ff777d102d073b16efe60c7af97d4c08a40668556e27c2fbb8cbf3f

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Dec 2019 09:44:49 GMT
content-encoding: gzip
content-md5: QSSXiU7CbDPUHjSKz5OdZg==
x-cache: HIT
status: 200
content-length: 17600
x-ms-lease-status: unlocked
last-modified: Tue, 19 Nov 2019 20:56:50 GMT
server: ECAcc (lha/8DF5)
etag: 0x8D76D330019C25E
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d2ff8d05-101e-0102-3240-ab9c49000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Thu, 05 Dec 2019 13:44:49 GMT

GET
H2 200 optanon.css
cdn.cookielaw.org/skins/5.7.0/default_flat_top_two_button_black/v2/css/ 23 KB
6 KB 34ms
33ms Stylesheet
text/css 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/skins/5.7.0/default_flat_top_two_button_black/v2/css/optanon.css
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/099f118e-cbc2-4e14-9e08-ad04968ca44a.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (lha/8D89) /
Resource Hash: 3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Dec 2019 09:44:49 GMT
content-encoding: gzip
content-md5: crIKParhU1c78x8HrtgMcQ==
x-cache: HIT
status: 200
content-length: 5551
x-ms-lease-status: unlocked
last-modified: Tue, 29 Oct 2019 10:05:59 GMT
server: ECAcc (lha/8D89)
etag: 0x8D75C57994A054E
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 326d7bef-101e-0006-7a46-ab2f9e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Thu, 05 Dec 2019 13:44:49 GMT

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 30ms
6ms Script
application/javascript 2001:4de0:ac19::1:b:2b
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/099f118e-cbc2-4e14-9e08-ad04968ca44a.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Origin: https://www.secureworks.com

Response headers

Date: Thu, 05 Dec 2019 09:44:49 GMT
Content-Encoding: gzip
Last-Modified: Sat, 20 Jan 2018 17:26:44 GMT
Server: nginx
ETag: W/"5a637bd4-1538f"
Vary: Accept-Encoding
X-HW: 1575539089.dop025.fr8.t,1575539089.cds017.fr8.shn,1575539089.cds017.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 30288

GET
H2 200 nr-1153.min.js Show response
js-agent.newrelic.com/ 26 KB
10 KB 85ms
28ms Script
application/javascript 151.101.114.110
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1153.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0f4eb8ed7fc767a6dc7512f7597e4d34e4259e797c7c2ee224d7a97d14ecd23

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
x-amz-request-id: 2D3E105A17E6604D
x-cache: HIT
status: 200
content-length: 10041
x-amz-id-2: 3t2tQkRjpPp4+gdFW47JilyJiUbAK2RvAnDqzmjysD9hoW4Nrlxvo7Z+PN9rqyVwbaH2UA5RltE=
x-served-by: cache-hhn4035-HHN
last-modified: Fri, 08 Nov 2019 16:26:28 GMT
server: AmazonS3
x-timer: S1575539090.455105,VS0,VE0
etag: "d3b942e7c79a167d59ed590feee5e193"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 6017

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 4273
date: Thu, 05 Dec 2019 08:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Thu, 05 Dec 2019 10:33:37 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 26ms
25ms Script
application/javascript 151.101.12.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
age: 5466
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-fra19153-FRA
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1575539090.435477,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 3 KB
2 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:399::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:399::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Dec 2019 09:44:50 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=29470
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 81ms
49ms Script
application/javascript 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:49 GMT
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref: Ref A: 040DED85D41F424BA68C8D434BBA79A0 Ref B: VIEEDGE1105 Ref C: 2019-12-05T09:44:50Z
access-control-allow-origin: *
etag: "09c5197968d51:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7148

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 25 KB
9 KB 34ms
34ms Script
text/javascript 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

19c87f0cf5ee963ed08a612136d76a212111f023f020a80f77cedbee1a627031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9627
x-xss-protection: 0
server: cafe
etag: 2186705307927612976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Dec 2019 09:44:50 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 121 KB
26 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

71b52274b1b43661e6523b2774c9fa98a673e1861703bea5f32d75a32a850394

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
content-length: 26702
x-xss-protection: 0
pragma: public
x-fb-debug: pAR/Z+pJeo9wZTWs2hmTDSDo0ichpXfzxPBLXbBAXkso28L19jUcX/wXu2W7Up1PSmQ/A65E+L/PsmOi6OeahA==
x-fb-trip-id: 420120009
date: Thu, 05 Dec 2019 09:44:50 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 14 KB
6 KB 229ms
26ms Script
application/javascript 2.19.36.87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.36.87 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-36-87.deploy.static.akamaitechnologies.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 92dea0037946ab7baf6fa695b397e14e78ab4702a3a1526729ac43c6457fe310

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Dec 2019 09:44:50 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Dec 2019 01:37:18 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5de70dce-389e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 5948

GET
H2 200 cd4e45c0.min.js Show response
tag.demandbase.com/ 60 KB
60 KB 98ms
36ms Script
application/javascript 13.224.196.96
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/cd4e45c0.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.196.96 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-196-96.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a33294f2959bd6331eb79baad3f292564c5d861043476c67d91c0c34870ad107

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Dec 2019 21:38:28 GMT
via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
age: 2947
x-cache: Hit from cloudfront
status: 200
content-length: 61424
last-modified: Thu, 21 Nov 2019 02:35:23 GMT
server: AmazonS3
etag: "0fa015470593a2a4a54604fd93bf107f"
vary: Accept-Encoding
x-amz-version-id: ljZNRHmhuL0bHbf7ltCc1nQSgswhBbJ0
cache-control: public, max-age=3600
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: GHRudxaPhULhJvSSPsR8v7Qpnucy_wJJpWktVkh9pNLapvETnYoYig==

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 138ms
34ms Script
text/javascript 163.171.132.119
QUANTIL NETWORKS INC

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Dec 2019 09:44:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 256
X-Ws-Request-Id: 5de8d192_PSdgflkfFRA2mu7_53923-12981
Content-Type: text/javascript
Via: 1.1 VMmgnyNY2gh45:0 (W), 1.1 kf148:9 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control: max-age=600
X-Px: ht PSdgflkfFRA2gb73FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Thu, 05 Dec 2019 09:50:34 GMT

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.secureworks.com&pId=6557760276126749500

4 B
485 B

285ms
192ms

Image
image/jpeg

143.204.101.129
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.secureworks.com&pId=6557760276126749500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.129 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-129.fra50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Dec 2019 09:44:51 GMT
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
x-amzn-RequestId: 6e12884e-8f6c-4808-b849-686d0172122e
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-5de8d193-f0ad4cfed99df35268221768;Sampled=0
Connection: keep-alive
x-amz-apigw-id: EOWu_GkgIAMFZwQ=
Content-Length: 4
X-Amz-Cf-Id: jfamqma_ORLU9c1RDj6JKoS3x6KIhQHqJUI3q6r8tC_4bCcuB2NgqA==

Redirect headers

Pragma: no-cache
Date: Thu, 05 Dec 2019 09:44:52 GMT
AN-X-Request-Uuid: c906747e-9532-4ccc-b9a5-d1444f032f14
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://attr.ml-api.io/?domain=www.secureworks.com&pId=6557760276126749500
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 109.236.94.15; 109.236.94.15; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.105:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&time=1575539090435
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26756%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%252Fresearch%252Fthreat-gro...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&time=1575539090435&liSync=true

0
207 B

164ms
164ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&time=1575539090435&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 20
x-li-uuid: UpFcoHRw3RWAlsm6vCoAAA==

Redirect headers

date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-efr5
content-length: 20
x-li-uuid: EBJmlXRw3RXQXfrVuCoAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&time=1575539090435&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
106 B 7ms
7ms Image
image/gif 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Nov 2019 17:38:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1181199
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
stats.g.doubleclick.net/r/ 35 B
113 B 14ms
14ms Image
image/gif 2a00:1450:400c:c08::9d
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-1042506-1&cid=1301416116.1575539090&jid=1991624769&gjid=104557496&_gid=2130162194.1575539090&_u=YGBAgEAB~&z=406344657

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Thu, 05 Dec 2019 09:44:50 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
100 B 7ms
5ms Image
image/gif 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=749095487&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&ul=en-us&de=UTF-8&dt=Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YGDAiEABB~&jid=526363138&gjid=1786479577&cid=1301416116.1575539090&tid=UA-1281488-1&_gid=2130162194.1575539090&gtm=2wgav9P6Z7M2&cd1=non-company%20visitor&cd2=non-company%20visitor&cd3=non-company%20visitor&cd4=non-company%20visitor&cd5=non-company%20visitor&cd6=non-company%20visitor&cd7=non-company%20visitor&cd8=non-company%20visitor&cd9=non-company%20visitor&cd10=non-company%20visitor&cd11=non-company%20visitor&cd12=non-company%20visitor&cd13=non-company%20visitor&cd14=non-company%20visitor&cd15=non-company%20visitor&cd16=non-company%20visitor&z=88675363

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Nov 2019 17:38:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1181199
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
stats.g.doubleclick.net/r/ 35 B
113 B 15ms
14ms Image
image/gif 2a00:1450:400c:c08::9d
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-1281488-1&cid=1301416116.1575539090&jid=526363138&gjid=1786479577&_gid=2130162194.1575539090&_u=YGDAiEABB~&z=179827711

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Thu, 05 Dec 2019 09:44:50 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1414384078852603 Show response
connect.facebook.net/signals/config/ 349 KB
85 KB 50ms
50ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1414384078852603?v=2.9.14&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

fc8021ebee3a658d028660b7d1b8d1198649f38ed3333405e729cf0495953fee

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 1PtJtiUZS11edFcb+NQtJGdJegBCv0DBnoBW9A1jGnWiJ6lujGPJBxb4oquscNAdQQLdFOwYdu/m1SvgOlYIQQ==
x-fb-trip-id: 420120009
date: Thu, 05 Dec 2019 09:44:50 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970967472/ 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:81f::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970967472/?random=1575539090468&cv=9&fst=1575539090468&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgav9&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&tiba=Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%20%7C%20Secureworks&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f3fdf81244e61f1d253a4f5b7e40333385bf7cf2bd621c2f7149c095e724b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 994
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
265 B 145ms
144ms Script
application/javascript 104.244.42.67
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nvfy0&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Thu, 05 Dec 2019 09:44:50 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 214af6cd86d4ed7a1ec47346e32cfd2c
x-transaction: 00041381004714ec
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
167 B 138ms
136ms Image
image/gif 104.244.42.133
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nvfy0&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=0
content-length: 65
x-xss-protection: 0
x-response-time: 111
pragma: no-cache
last-modified: Thu, 05 Dec 2019 09:44:50 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 62d3668ce7dd1853b581b48a85cc0233
x-transaction: 00541f930009bbd4
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK a198656738 Show response
bam.nr-data.net/1/ 57 B
261 B 460ms
115ms Script
text/javascript 162.247.242.18
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/a198656738?a=333048387&v=1153.61ee9ba&to=bwBXMEpSWEpRUUcIDlZKeDJ7HGVQRFdQDhNdJloKTEFZVVxXQU4oVgFQHA%3D%3D&rst=4118&ref=https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage&qt=1&ap=119&be=1629&fe=4028&dc=2219&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1575539086358,%22n%22:0,%22f%22:846,%22dn%22:846,%22dne%22:846,%22c%22:846,%22s%22:863,%22ce%22:1175,%22rq%22:1175,%22rp%22:1620,%22rpe%22:1768,%22dl%22:1623,%22di%22:2219,%22ds%22:2219,%22de%22:2294,%22dc%22:4028,%22l%22:4028,%22le%22:4055%7D,%22navigation%22:%7B%7D%7D&fp=2211&fcp=2211&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1153.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-6.nr-data.net
Software: /
Resource Hash: d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/970967472/ 42 B
122 B 22ms
22ms Image
image/gif 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970967472/?random=1575539090468&cv=9&fst=1575536400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgav9&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&tiba=Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=3769088454&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Dec 2019 09:44:50 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/970967472/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/970967472/?random=1575539090468&cv=9&fst=1575536400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgav9&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&tiba=Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=3769088454&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Dec 2019 09:44:50 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
149 B 47ms
46ms Image
text/plain 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4058580&Ver=2&mid=43a33a49-949d-edbf-8ad4-c3b576425d1c&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%20%7C%20Secureworks&kw=TG-3390,%20threat%20group,%20threat%20analysis,%20CTU,%20china%20threat&p=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&r=&lt=4055&evt=pageLoad&msclkid=N&rn=890257
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Thu, 05 Dec 2019 09:44:49 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 13A8C1319FC54050BFBD4F4BF9EE545F Ref B: VIEEDGE1105 Ref C: 2019-12-05T09:44:50Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
255 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1414384078852603&ev=PageView&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&rl=&if=false&ts=1575539090532&sw=1600&sh=1200&v=2.9.14&r=stable&ec=0&o=30&fbp=fb.1.1575539090532.991893537&it=1575539090457&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:50 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-23=":443"; ma=3600
content-length: 44
expires: Thu, 05 Dec 2019 09:44:50 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 424 B
930 B 167ms
106ms XHR
application/json 143.204.101.109
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&page_title=Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%20%7C%20Secureworks&key=bd6faef5461d3df6bcbccb67a2eb484c&src=tag
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.109 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-109.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: e3efa8c562586c0ee636fef0bc90a465459f4a32b24e847ff35c8a8f4fe21f3e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Origin: https://www.secureworks.com

Response headers

date: Thu, 05 Dec 2019 09:44:50 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 1728000
request-id: 9e6abb3a-5253-407e-8d16-1e66acae427a
x-amz-cf-id: txMM0fPz_tlsT0PI7J9W3k-F-lLVReaycy8-wXq5VHSL99TELvb6aw==
pragma: no-cache
access-control-allow-origin: https://www.secureworks.com
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
identification-source: CENTRAL
expires: Wed, 04 Dec 2019 09:44:50 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AADl3E670aMAAC7FVH11yA
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADl3E670aMAAC7FVH11yA&verifyHash=425b08da692df5b18c63981897b99837995156d8

26 B
408 B

205ms
205ms

Image
image/gif

13.225.78.109
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADl3E670aMAAC7FVH11yA&verifyHash=425b08da692df5b18c63981897b99837995156d8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.78.109 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-225-78-109.fra2.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Dec 2019 09:44:51 GMT
Via: 1.1 2fcedcc055e24d7ac99fbc19ed8fc8ec.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 7c671a656c6ed588
X-Amz-Cf-Id: 5xWoBwXxFAUTChPlpmoQkbrD8gWNedk9U0pPq3aCrhgxI_VLneTC4A==

Redirect headers

Date: Thu, 05 Dec 2019 09:44:50 GMT
Via: 1.1 2fcedcc055e24d7ac99fbc19ed8fc8ec.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AADl3E670aMAAC7FVH11yA&verifyHash=425b08da692df5b18c63981897b99837995156d8
Connection: keep-alive
trace-id: a63b8e7955313a96
Content-Length: 0
X-Amz-Cf-Id: FfV6JHxJ9oAJxPb2oiJy3fN9gWeLRywW26j3K9t-fHnNL55FHqyu-w==

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
450 B 434ms
109ms Image
image/gif 206.19.49.24
AT&T Enhanced Net...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=17588164&version=2.0&ref=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&r=1575539090567
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Dec 2019 09:44:50 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=12
Content-Length: 43

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
375 B 87ms
29ms XHR
text/plain 2.19.36.87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.36.87 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-36-87.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c81e4597b605774e778680d8a61cec80f9fe675ecd2262d9c05292b7078c0dfd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Origin: https://www.secureworks.com

Response headers

Date: Thu, 05 Dec 2019 09:44:50 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.secureworks.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
627 B 296ms
237ms Image
image/gif 2.19.36.87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=&visitor=6b1bdfb5-49f2-490b-8738-2d2dd6c3d41e&session=f6d18fd0-e254-4142-85fc-fcb634f0c848&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Analysis%20of%20TG-3390%27s%20operations%2C%20targeting%2C%20and%20tools%20led%20CTU%20researchers%20to%20assess%20with%20moderate%20confidence%20the%20group%20is%20located%20in%20China.%22%2C%22keywords%22%3A%22TG-3390%2C%20threat%20group%2C%20threat%20analysis%2C%20CTU%2C%20china%20threat%22%2C%22title%22%3A%22Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%20%7C%20Secureworks%22%7D&cb=39090660&r=&thirdParty=%7B%7D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.19.36.87 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-19-36-87.deploy.static.akamaitechnologies.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Dec 2019 09:44:50 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Wed, 30 Jan 2019 07:07:08 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5c514d1c-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 200
OK a198656738 Show response
bam.nr-data.net/resources/1/ 0
162 B 221ms
221ms XHR
text/plain 162.247.242.18
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/resources/1/a198656738?a=333048387&v=1153.61ee9ba&to=bwBXMEpSWEpRUUcIDlZKeDJ7HGVQRFdQDhNdJloKTEFZVVxXQU4oVgFQHA%3D%3D&rst=4595&ref=https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage&st=1575539086358
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-6.nr-data.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Origin: https://www.secureworks.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.secureworks.com
Access-Control-Allow-Credentials: true
Content-Length: 0
Content-Type: text/plain

GET
H2 200 /
www.facebook.com/tr/ 44 B
255 B 9ms
9ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1414384078852603&ev=Microdata&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&rl=&if=false&ts=1575539091035&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%20%7C%20Secureworks%22%2C%22meta%3Adescription%22%3A%22Analysis%20of%20TG-3390%27s%20operations%2C%20targeting%2C%20and%20tools%20led%20CTU%20researchers%20to%20assess%20with%20moderate%20confidence%20the%20group%20is%20located%20in%20China.%22%2C%22meta%3Akeywords%22%3A%22TG-3390%2C%20threat%20group%2C%20threat%20analysis%2C%20CTU%2C%20china%20threat%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage%22%2C%22og%3Adescription%22%3A%22Analysis%20of%20TG-3390%27s%20operations%2C%20targeting%2C%20and%20tools%20led%20CTU%20researchers%20to%20assess%20with%20moderate%20confidence%20the%20group%20is%20located%20in%20China.%22%2C%22og%3Atitle%22%3A%22Threat%20Group-3390%20Targets%20Organizations%20for%20Cyberespionage%22%2C%22twitter%3Aurl%22%3A%22https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.14&r=stable&ec=1&o=30&fbp=fb.1.1575539091035.2070614071&it=1575539090457&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 09:44:51 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-23=":443"; ma=3600
content-length: 44
expires: Thu, 05 Dec 2019 09:44:51 GMT

POST
H/1.1 200
OK a198656738 Show response
bam.nr-data.net/events/1/ 24 B
186 B 115ms
114ms XHR
image/gif 162.247.242.18
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/a198656738?a=333048387&v=1153.61ee9ba&to=bwBXMEpSWEpRUUcIDlZKeDJ7HGVQRFdQDhNdJloKTEFZVVxXQU4oVgFQHA%3D%3D&rst=14118&ref=https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-6.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Origin: https://www.secureworks.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.secureworks.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.secureworks.com/	1970-01-19 14:24:35	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Thu+Dec+05+2019+10%3A44%3A50+GMT%2B0100+(Central+European+Standard+Time)&version=5.7.0&landingPath=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-group-3390-targets-organizations-for-cyberespionage&groups=0_231029%3A1%2C0_216829%3A1%2C1%3A1%2C0_216843%3A1%2C0_216830%3A1%2C2%3A1%2C0_223771%3A1%2C0_216835%3A1%2C0_216831%3A1%2C3%3A1%2C4%3A1%2C0_229335%3A1%2C0_216832%3A1%2C0_216836%3A1%2C0_216833%3A1%2C0_216834%3A1%2C0_216837%3A1%2C0_216839%3A1%2C0_216840%3A1%2C0_216841%3A1%2C0_216842%3A1%2C0_216838%3A1
www.secureworks.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: mximwiuebc5j35j1qgwg4e13
www.secureworks.com/	1969-12-31 23:59:59	Name: sc_expview Value: 0
.www.secureworks.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinity Value: b3433d94be8f768d0b5f4c588c6325edeeab03f43cda79ff4dba83e24925ff9a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' data: https://.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://.company-target.com https://.bidr.io https://.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.company-target.com
apt.techtarget.com
attr.ml-api.io
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
cdn.cookielaw.org
code.jquery.com
connect.facebook.net
googleads.g.doubleclick.net
img.en25.com
j.6sc.co
js-agent.newrelic.com
match.prod.bidr.io
pcdnscwx01-maxyilfdpln5c.azureedge.net
portal.secureworks.com
px.ads.linkedin.com
s.ml-attr.com
s1659.t.eloqua.com
secure.adnxs.com
segments.company-target.com
sjs.bizographics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tag.demandbase.com
trk.techtarget.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.secureworks.com
104.244.42.133
104.244.42.67
13.224.196.96
13.225.78.109
13.93.233.100
143.204.101.109
143.204.101.129
151.101.114.110
151.101.12.157
152.195.132.202
162.247.242.18
163.171.132.119
172.217.18.98
184.31.90.134
185.33.223.80
2.19.36.87
2001:4de0:ac19::1:b:2b
206.19.49.24
206.55.101.161
209.167.231.17
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:818::2004
2a00:1450:4001:81b::2008
2a00:1450:4001:81b::200e
2a00:1450:4001:81f::2002
2a00:1450:400c:c08::9d
2a01:4a0:1338:28::c38a:ff18
2a02:26f0:10c:399::3adf
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
52.214.100.213
68.67.153.60
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
066be1f9c94503d7d546d7e633beb2e0209e4653aa847ebd4544062ea6e6f5cc
0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
171e7b748124982e2867189b3e1395caa954fd5807b6f44162e91536b705de06
1971fc09cd06945e207185bd0765a0149b10a3c34e3bb563cbc9f05ac2aa9d30
19c87f0cf5ee963ed08a612136d76a212111f023f020a80f77cedbee1a627031
1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
26a544d7d235757a337def43a4c6e27804a74c38b5a0645a4d772080ce9dc0b8
2b995e968c45ad9a5d516970b9e8d4de25352edb4ea8c015b61aa9b1088589af
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
33b765efcb980c8ce1d71082a94da0d2f21cb9dab22807e94274994a9643eef3
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2
48569c365618d185c9fa802c0acc3ab85fd05c6695525e365aa97af9700c15ba
4943c777d42903d7b958355cdcc8590782ea5818ae432e4f5bb1bb2fadbb10c9
4be618f5923b8089e93ee32766120eb5931221546e5b8754384f9848e057b287
4e88ca00b0064f59821ff541958353ee21202a0444b1a9923fe9be34805e6189
50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46
51b6fe58f7372b34d93a1ea7f68169ba25f68fe8a78456717cf9f32019cac7d5
56d43da645983b2c1271bd821fadedee43ce6688dc2b8bf05c948b64c081517d
57a29587a4c1afd2f1433e67507ef73107187c101cc546f14148f5088c65028c
5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad
5b63d0923d05bc3afb24948addbd35594332a7eb5154d049bfd9f9b0ce7fffdb
5f91b6cce63fd136afeb0b14fbd302a76a3f01a8d39b07c16d6a3ffda193bcc7
654650c48b310bfef370e83d7b9ad32ea8f3e197dd632b04a592ded5474cc093
6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae
6e3cda5532be9382055e989ad552cc7d45305ff98be349720cce3dcf17e8d58e
6f5de1bcdea51634d61d0dbb25f43c8143621c728c445986e4d59bdd315b8b71
7193ec86f6d7b2b0988deb32d3847bb194fcc4192486ac36b610f47888129c5e
71b52274b1b43661e6523b2774c9fa98a673e1861703bea5f32d75a32a850394
740e443a7a4fd5a2ce7d4817088a09fd13bd8bd03d33c2c7180ebe368b1742f9
75bf58ab146a6fdc019b799857ab18d47999023496aefe13d39ded1844e57d34
786bf053c1965ab32ed5ffcd3b5af9e6f66d4dd0b09df7adac85d553004edb1c
7d65115f40ced8dd6b7f1dfc6faec90e2ce916248d813fe99185dc5e59317d4f
7e27ac7bc86fe65529ab71cf527fbe7486fa2ffa71119a20c60d04c47580f883
7fb766836b390eaf0d4e3fc23e519521f205526b7380d570dfd5ccbe3863ad09
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87f3971f74f483593a67cdc03e56301ec24b878e42df7070fa050181f246ed6f
89109889e208edb7af21fdf4776cf4fecea762a8ba13a9aeee8e99796b39fa38
8ae444cc32c6d80f940552a99b489ec1618cf275286fb3bc9e4da71662a551fd
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
92dea0037946ab7baf6fa695b397e14e78ab4702a3a1526729ac43c6457fe310
93360f8c41ab0de4045226fbd3416a445bbce166c89b8a85e71b984090f7d750
9857f8116ff777d102d073b16efe60c7af97d4c08a40668556e27c2fbb8cbf3f
9b0bf159f80983222b73d42eec10e4996ec8c0ac1730114ccb1a15579434cc1d
9cbd7238cd27a946923299b27265062980b79c350e798e21b1bda12644b2dfca
a135125444191b00327fb4df2e740ebadaf2f0b04820535181f6c520b240852a
a33294f2959bd6331eb79baad3f292564c5d861043476c67d91c0c34870ad107
a36288fcf5bd9f63c14e6a90551a073c80af642028b28e339167e5ab0239d978
a6f04f314e19e25a4510b639f4cdb9f6c1e9e0c6836853ed3a2beb9524114462
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acc248ead4890c65f3e2792cfe555e4d98c961f4b564bc4a77e86270dd3051f7
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b520c94e2aab76a8c7e7b02f6867b778bf014c80d7f337cd37838dd49d7a270f
b6f3fdf81244e61f1d253a4f5b7e40333385bf7cf2bd621c2f7149c095e724b9
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3
c0f4eb8ed7fc767a6dc7512f7597e4d34e4259e797c7c2ee224d7a97d14ecd23
c7debf416764a0cf0ee43711b1d5eb0b04125442c5e6e2e90f733b22b67b7b33
c812381c9ac71514c3891e0e18a2d7746e473661f0dd4f1e2551afdbc9b1936b
c81e4597b605774e778680d8a61cec80f9fe675ecd2262d9c05292b7078c0dfd
c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df629edbde8c1983b0561460aa1907072a365e4d750d09a039e07a42c882574d
e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9
e292c71413292bdf338c1bd1b4ddc29647e87480e2b3fd064a6264d60ad0506a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3efa8c562586c0ee636fef0bc90a465459f4a32b24e847ff35c8a8f4fe21f3e
e91195552d24d204a4fd7a778135ac53eb124e853040a0c737eab10a8084745f
eba76ac8345f08f6f41fc5cd7d9caf25edb9b2ac46bea2a500482c8a0b7136fc
ed7acce01f3f6f9c035d9e4c180803695e48c789a2efda9cd93f0469f1bfc9d0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f4b66b93cd3fe7b811513cfc90d9a843c00e31eb9bcf8462e6456434d4f1cd20
fa4111062d540edd318ba3c991808dcce3dcbe9e74ec3078a1ad3cb9c6f8534d
fa57809db47d60bfa2fdd595f7184a48cff868ae56492ad0bc7931d16ca1c551
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
fa8ec5f7ef1d6e3c8552080a80896358e20ce4241767dead448be7e9782bd3a5
fc8021ebee3a658d028660b7d1b8d1198649f38ed3333405e729cf0495953fee
fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f

www.secureworks.com Open in urlscan Pro 13.93.233.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

103 Requests

100 %HTTPS

40 %IPv6

30 Domains

37 Subdomains

31 IPs

6 Countries

2011 kBTransfer

3512 kBSize

4 Cookies

24 Outgoing links

Page URL History

Redirected requests

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.secureworks.com Open in urlscan Pro
13.93.233.100 Public Scan

Screenshot
Live screenshot

Full Image

103
Requests

100 %
HTTPS

40 %
IPv6

30
Domains

37
Subdomains

31
IPs

6
Countries

2011 kB
Transfer

3512 kB
Size

4
Cookies

103 HTTP transactions
0 data transactions