threatconnect.com Open in urlscan Pro
192.124.249.3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Submission: On June 16 via api (June 16th 2022, 2:47:47 pm UTC) from DE — Scanned from DE

Summary HTTP 240 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 34 IPs in 5 countries across 24 domains to perform 240 HTTP transactions. The main IP is 192.124.249.3, located in Menifee, United States and belongs to SUCURI-SEC, US. The main domain is threatconnect.com. The Cisco Umbrella rank of the primary domain is 623959.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on April 14th 2022. Valid for: a year.

This is the only time threatconnect.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
147	192.124.249.3 192.124.249.3	30148 (SUCURI-SEC) (SUCURI-SEC)
1	2a00:1450:400... 2a00:1450:400e:800::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2a27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.89.35.64 104.89.35.64	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e024	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1 7	3.92.120.28 3.92.120.28	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:215... 2600:9000:2156:fc00:d:7e9b:1200:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	206.19.49.24 206.19.49.24	17225 (ATT-CERFN...) (ATT-CERFNET-BLOCK)
2	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2 8	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
3	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:400c:c1b::9a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
4	2620:1ec:27::... 2620:1ec:27::cafe:1686	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:4700::68... 2606:4700::6810:50a5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	20.40.202.0 20.40.202.0	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	20.120.65.166 20.120.65.166	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 4	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:170... 2a02:26f0:1700:18c::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.54.96.194 52.54.96.194	14618 (AMAZON-AES) (AMAZON-AES)
2 8	2600:9000:225... 2600:9000:225e:c00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	63.32.81.235 63.32.81.235	16509 (AMAZON-02) (AMAZON-02)
240	34

147 192.124.249.3 (Menifee, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10003.sucuri.net

threatconnect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:800::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2a27 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.89.35.64 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-35-64.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:f7::5c7b:e024 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.92.120.28 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-120-28.compute-1.amazonaws.com

gonow.threatconnect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:fc00:d:7e9b:1200:93a1 (United States)

ASN16509 (AMAZON-02, US)

storage.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:22::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2620:1ec:c11::200 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:27::cafe:1686 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6810:50a5 (United States)

ASN13335 (CLOUDFLARENET, US)

www.lightboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.40.202.0 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

lightboxapi.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.120.65.166 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

l.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.234.93.27 (Dublin, Ireland) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.87 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:18c::1c91 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.54.96.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-96-194.compute-1.amazonaws.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:225e:c00:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.81.235 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-81-235.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
154	threatconnect.com 1 redirects threatconnect.com — Cisco Umbrella Rank: 623959 gonow.threatconnect.com	858 KB
12	clarity.ms 2 redirects www.clarity.ms — Cisco Umbrella Rank: 595 l.clarity.ms — Cisco Umbrella Rank: 5547 c.clarity.ms — Cisco Umbrella Rank: 1161	51 KB
11	gstatic.com fonts.gstatic.com www.gstatic.com	573 KB
10	lightboxcdn.com www.lightboxcdn.com — Cisco Umbrella Rank: 6605	275 KB
9	adroll.com 2 redirects s.adroll.com — Cisco Umbrella Rank: 2527 d.adroll.com — Cisco Umbrella Rank: 1630	79 KB
8	bing.com 2 redirects bat.bing.com — Cisco Umbrella Rank: 389 c.bing.com — Cisco Umbrella Rank: 229	25 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 370 www.linkedin.com — Cisco Umbrella Rank: 527 px4.ads.linkedin.com — Cisco Umbrella Rank: 5965	4 KB
6	6sc.co j.6sc.co — Cisco Umbrella Rank: 8285 c.6sc.co — Cisco Umbrella Rank: 12139 ipv6.6sc.co — Cisco Umbrella Rank: 8556 b.6sc.co — Cisco Umbrella Rank: 5440	13 KB
5	google.com www.google.com — Cisco Umbrella Rank: 9	25 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	40 KB
3	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 554	560 B
3	t.co t.co — Cisco Umbrella Rank: 466	544 B
3	pardot.com storage.pardot.com — Cisco Umbrella Rank: 10467 pi.pardot.com — Cisco Umbrella Rank: 4806	6 KB
2	azurewebsites.net lightboxapi.azurewebsites.net — Cisco Umbrella Rank: 7738	1 KB
2	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 681	27 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 953	7 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 96	155 KB
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14447 apt.techtarget.com — Cisco Umbrella Rank: 18628	2 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67 ajax.googleapis.com — Cisco Umbrella Rank: 329	35 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 435	703 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 246	5 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5111	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 125	443 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 6381	1 KB
240	24

	Domain	Requested by
147	threatconnect.com	threatconnect.com
10	www.lightboxcdn.com	threatconnect.com www.lightboxcdn.com gonow.threatconnect.com
8	s.adroll.com	2 redirects threatconnect.com s.adroll.com
7	gonow.threatconnect.com	1 redirects gonow.threatconnect.com pi.pardot.com
6	www.gstatic.com	www.google.com www.gstatic.com
6	bat.bing.com	www.googletagmanager.com bat.bing.com threatconnect.com gonow.threatconnect.com
5	www.google.com	threatconnect.com gonow.threatconnect.com www.gstatic.com
5	fonts.gstatic.com	fonts.googleapis.com www.google.com
4	c.clarity.ms	2 redirects
4	l.clarity.ms	www.clarity.ms
4	www.clarity.ms	bat.bing.com www.clarity.ms
4	www.google-analytics.com	www.googletagmanager.com threatconnect.com gonow.threatconnect.com
3	b.6sc.co
3	analytics.twitter.com	threatconnect.com gonow.threatconnect.com
3	t.co	threatconnect.com gonow.threatconnect.com
3	px.ads.linkedin.com	3 redirects
2	pi.pardot.com	threatconnect.com pi.pardot.com
2	c.bing.com	2 redirects
2	lightboxapi.azurewebsites.net	www.lightboxcdn.com
2	static.ads-twitter.com	www.googletagmanager.com
2	px4.ads.linkedin.com	threatconnect.com gonow.threatconnect.com
2	snap.licdn.com	threatconnect.com www.googletagmanager.com
2	www.googletagmanager.com	threatconnect.com gonow.threatconnect.com
1	d.adroll.com	s.adroll.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	cdnjs.cloudflare.com	gonow.threatconnect.com
1	ajax.googleapis.com	gonow.threatconnect.com
1	www.google.de	threatconnect.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	apt.techtarget.com	threatconnect.com
1	www.linkedin.com	1 redirects
1	storage.pardot.com	threatconnect.com
1	j.6sc.co	threatconnect.com
1	ws.zoominfo.com	threatconnect.com
1	trk.techtarget.com	threatconnect.com
1	fonts.googleapis.com	threatconnect.com
240	38

This site contains links to these domains. Also see Links.

Domain
app.threatconnect.com
marketplace.threatconnect.com
training.threatconnect.com
docs.threatconnect.com
twitter.com
www.linkedin.com
www.facebook.com
github.com
www.youtube.com

Subject Issuer	Validity	Valid
threatconnect.com Starfield Secure Certificate Authority - G2	`2022-04-14` - `2023-04-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-25` - `2022-08-24`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2022-05-04` - `2023-05-04`	a year	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-13` - `2022-11-12`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-06-10` - `2022-12-10`	6 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
gonow.threatconnect.com R3	`2022-04-22` - `2022-07-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
ssl1029400.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2022-06-01` - `2022-12-08`	6 months	crt.sh
*.azurewebsites.net Microsoft Azure TLS Issuing CA 01	`2022-03-14` - `2023-03-09`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
pi.pardot.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-08` - `2022-11-07`	a year	crt.sh
s.adroll.com Amazon	`2021-08-02` - `2022-08-31`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2021-09-09` - `2022-10-08`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Frame ID: 41FDDA881E96EC3DCF144CB459CDCBD4
Requests: 199 HTTP requests in this frame

Frame: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
Frame ID: 42BD02D96BFD810E6443F82360831CC7
Requests: 29 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/lightbox.js?mb=1655390864198&lv=1
Frame ID: C2EF5874307A747AE6158ED4C503136E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nb25vdy50aHJlYXRjb25uZWN0LmNvbTo0NDM.&hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&size=normal&cb=j5z7et8xhof
Frame ID: 3C8D9C5D47B12D424D209981044D54DE
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ
Frame ID: 5BC34A5A90CA3333925683B014C0C44E
Requests: 3 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/lightbox.js?mb=1655390865010&lv=1
Frame ID: C5C8361F6C1847618FC5F005E5AE78BC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Research Roundup: Activity on Previously Identified APT33 Domains - ThreatConnect | Risk-Threat-Response

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DataTables (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

dataTables.*\.js

Flickity (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/flickity(?:\.pkgd)?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Lightbox (JavaScript Libraries) Expand

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

240
Requests

97 %
HTTPS

60 %
IPv6

24
Domains

38
Subdomains

34
IPs

5
Countries

2177 kB
Transfer

6788 kB
Size

39
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://app.threatconnect.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://marketplace.threatconnect.com/
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://training.threatconnect.com/
Title: Learning Portal

Search URL Search Domain Scan URL

URL: https://training.threatconnect.com/pages/knowledge-base
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://docs.threatconnect.com/en/latest/
Title: Dev Documents

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/incident/incident.xhtml?incident=3955546222#/
Title: 20200908A: Previously Identified APT33 Domains Resolving to 109.230.199[.]157

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=zeverco.com&owner=Common+Community
Title: zeverco[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=oliverleftley%40inbox.com&owner=Common+Community
Title: oliverleftley@inbox[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=service-eset.com&owner=Common+Community
Title: service-eset[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=wata.nakatsu%40mail.com&owner=Common+Community
Title: wata.nakatsu@mail[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=simsoshop.com&owner=Common+Community
Title: simsoshop[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=tsuda2016%40mail.com&owner=Common+Community
Title: tsuda2016@mail[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=qualitweb.com&owner=Common+Community
Title: qualitweb[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=tsuyukisogawa%40inbox.lv&owner=Common+Community
Title: tsuyukisogawa@inbox[.]lv

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/address.xhtml?address=109.230.199.157&owner=Common+Community
Title: 109.230.199[.]157

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=publicsecur.com&owner=Common+Community
Title: publicsecur[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=akadnsplugin.com&owner=Common+Community
Title: akadnsplugin[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=joshua.toon1978%40mail.com&owner=Common+Community
Title: joshua.toon1978@mail[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=service-houston.com&owner=Common+Community
Title: service-houston[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=support-newyork.com&owner=Common+Community
Title: support-newyork[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=ocsp-support.com&owner=Common+Community
Title: ocsp-support[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=warren.jones2626%40mail.com&owner=Common+Community
Title: warren.jones2626@mail[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=prefmsedge.com&owner=Common+Community
Title: prefmsedge[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=warren.jones6363%40inbox.lv&owner=Common+Community
Title: warren.jones6363@inbox[.]lv

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/host.xhtml?host=tracking-protection.net&owner=Common+Community
Title: tracking-protection[.]net

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=warrenjones39458%40protonmail.com&owner=Common+Community
Title: warrenjones39458@protonmail[.]com

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/incident/incident.xhtml?incident=3960880511#/
Title: 20200908B: File Matching YARA Rule Associated to RedDelta PlugX

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/incident/incident.xhtml?incident=3960813350#/
Title: 20200909A: CDN and News-spoofing Probable Phishing Domains Hosted at 185.228.83[.]110

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/incident/incident.xhtml?incident=3965684423#/
Title: Emotet C2 Deltas from 2020/09/09 as of 8:00EDT or 12:00UTC

Search URL Search Domain Scan URL

URL: https://app.threatconnect.com/auth/incident/incident.xhtml?incident=3933897015#/
Title: Threat Roundup for August 28 to September 4

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?via=ThreatConnect&text=Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&title=Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F

Search URL Search Domain Scan URL

URL: https://training.threatconnect.com/?_ga=2.42642022.258151698.1653509175-271651125.1653407945
Title: Learning Portal

Search URL Search Domain Scan URL

URL: https://training.threatconnect.com/pages/knowledge-base?_ga=2.42642022.258151698.1653509175-271651125.1653407945
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://github.com/ThreatConnect-Inc/threatconnect-playbooks?_ga=2.213445591.258151698.1653509175-271651125.1653407945
Title: Github Repository

Search URL Search Domain Scan URL

URL: https://twitter.com/ThreatConnect
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCPyjrU8mqhsHl0EhB7ZIfgw
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ThreatConnect/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatconnect-inc/
Title: Linkedin

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 92

https://gonow.threatconnect.com/l/902141/2021-02-16/5zg4/902141/1613500354lt80qUuq/blogsubscr.js HTTP 302
https://storage.pardot.com/902141/1613500354lt80qUuq/blogsubscr.js

Request Chain 155

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3711361%2C3545449&time=1655390862597&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3711361%252C3545449%26time%3D1655390862597%26url%3Dhttps%253A%252F%252Fthreatconnect.com%252Fblog%252Fresearch-roundup-activity-on-previously-identified-apt33-domains%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3711361%2C3545449&time=1655390862597&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3711361%2C3545449&time=1655390862597&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&liSync=true&e_ipv6=AQK9MNzKRL_mIAAAAYFs-_8LQP31WlpkOCa8tE0FzbgEATFSOW7J6922P_kuisCz

Request Chain 190

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3545449&time=1655390864465&url=https%3A%2F%2Fthreatconnect.com%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3545449&time=1655390864465&url=https%3A%2F%2Fthreatconnect.com%2F&e_ipv6=AQLT1dn002MEgwAAAYFs_ASxBc043rlnXldg7MeMlqBULSEK2CCgNDev1pGY3ouE

Request Chain 220

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=01149E52137B4E0BBF42583D738E8C6F&RedC=c.clarity.ms&MXFR=272C03D37B3A65DE36FB12167F3A6B2F HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=01149E52137B4E0BBF42583D738E8C6F&MUID=1BCD2AEA85F161F82F4A3B2F849A6031

Request Chain 225

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=7861027D1B204D31A9E9DAC2488B4244&RedC=c.clarity.ms&MXFR=04B2E9C3EA0C62DC3031F806EE0C6CE9 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=7861027D1B204D31A9E9DAC2488B4244&MUID=1BCD2AEA85F161F82F4A3B2F849A6031

Request Chain 231

https://s.adroll.com/j/exp/MR26X3TS4BEIPA6YVOXOHG/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 232

https://s.adroll.com/j/pre/MR26X3TS4BEIPA6YVOXOHG/CGR5LPDTG5HZ5MD6X6EJKF/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

240 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/ 200 KB
28 KB 1360ms
1332ms Document
text/html 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

47d553572e2572b2df10e44a16a5e8acadcefc18fb416dfa0f508492380736f8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=600, must-revalidate
content-encoding: br
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Thu, 16 Jun 2022 14:47:41 GMT
link: <https://threatconnect.com/wp-json/>; rel="https://api.w.org/" <https://threatconnect.com/wp-json/wp/v2/posts/24391>; rel="alternate"; type="application/json" <https://threatconnect.com/?p=24391>; rel=shortlink
server: nginx
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: MISS
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-sucuri-cache: MISS
x-sucuri-id: 15003
x-xss-protection: 1; mode=block

GET
H2 200 grid.css
threatconnect.com/wp-content/themes/enfold/css/ 11 KB
3 KB 8ms
8ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/css/grid.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

430319c3cfcd3004c407938b40b07ddbe6dd1f79356df8d2b3870da03bbef945

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-2a41"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 base.css
threatconnect.com/wp-content/themes/enfold/css/ 19 KB
6 KB 9ms
8ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/css/base.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

0fd1b8d21b0f690304c0171e544e20ca7eba8be589126a27b265e7ba62e2bff4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-4a60"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 layout.css
threatconnect.com/wp-content/themes/enfold/css/ 85 KB
17 KB 9ms
8ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/css/layout.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

c82b672b61cdcd6c5e0b6544ea37a6e000709c1246ac1bfa3ff582d4185c5832

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1521a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 buttons.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons/ 7 KB
2 KB 14ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons/buttons.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

c5fda6f6dd4ae8253f226d3b89620b627476bf2fb89b117543d62775e7932790

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1ae8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 buttonrow.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttonrow/ 472 B
540 B 14ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttonrow/buttonrow.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

0276ecc6eb34688965af8f6b186f9d79f97505a31dd0cc983c3a3c6182ce97fc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1d8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/ 12 KB
3 KB 15ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/slideshow.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

1eb7c62fc51cfeb522b88696fb41115e5fa8a17bc99b4e906eb96d174b51403c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-2ecd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 postslider.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/postslider/ 4 KB
1 KB 15ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/postslider/postslider.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

03f2fab7a5b2b7b7953002a4f417606bdb6d110b0c07ebd42374542a231ebfd7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-f7c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 contentslider.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contentslider/ 3 KB
1 KB 15ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contentslider/contentslider.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

05a349c06ad17b08e976517762bdf968418485c6dd14d2407de595626654f58b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-aa1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gallery.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery/ 3 KB
1 KB 16ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery/gallery.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

d8202c5456e90866f259d384d7d5af0d79a0e72eff8b59a1de6cd622081e92b4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-b8a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 heading.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/heading/ 5 KB
2 KB 16ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/heading/heading.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

a5ad8b502a890049da65110581eb8cddacfce2bc9b0e017b8f17bf26993ab7a1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-12ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 icon.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icon/ 3 KB
1 KB 16ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icon/icon.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

3f0310c1ab27ea2a728f8d5adcc98460dfe171f20e96f03e43593338eda99acd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-a11"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 iconlist.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlist/ 4 KB
2 KB 16ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlist/iconlist.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

edd8cb44b94fb76d6a2713f78db132e5623b417b3d26beb0a55e5106ad4efb53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1096"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 image.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image/ 6 KB
2 KB 16ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image/image.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

2ce46483e4d2c9082f980dcf933b4c40149d055540d392865de64f7016e620e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-18f2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.dataTables.min.css
threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/integrations_table/DataTables/css/ 13 KB
2 KB 17ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/integrations_table/DataTables/css/jquery.dataTables.min.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

731b609ecc2fd6ae347f0bcf9e65a473efb611c545366d15fde1cab038ef194b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Mar 2021 16:28:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"605cba28-3551"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 integrations_table.css
threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/integrations_table/ 4 KB
1 KB 17ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/integrations_table/integrations_table.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

38f4e09b7008da42e7dc201a01bab4feb7dc9e66b7bf58ea0ccb0b9fe31c1060

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Mar 2021 16:28:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"605cba28-e7d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 testimonials.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/ 6 KB
2 KB 17ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/testimonials.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

024e3c6164d3b326f9ea19767be8f24a85f9427680e21de3f015d5dfa7025d7a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-18f1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lottie.css
threatconnect.com/wp-content/plugins/enfold-plus-lotties/assets/css/ 949 B
638 B 17ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus-lotties/assets/css/lottie.css?ver=1.2.7

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

ee6d0c97d172af9620f1ad82be2d15d3a2109ca8ab96f25b644814f34247557a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-3b5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bulma_grid.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/dist/ 18 KB
2 KB 17ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/dist/bulma_grid.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

e9c5b1987a9c832d022b74eeeb75ad59e6d5192cb85584932da668f9d7f6f5c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-472d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flickity.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/dist/ 2 KB
1 KB 18ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/dist/flickity.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

2a6fb021027df3628a394d95bb217f31bc1739932c0d581cdbefe88c78eebbd0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-7c3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_flickity_slider.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 458 B
578 B 18ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_flickity_slider.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

12b42fe6d39673c1e85c63df6ef2906ce0120d5fb1010142b49e9bc09f1bb68a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-1ca"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_custom_menu.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 280 B
512 B 18ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_custom_menu.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

b9a3829921f030601d923482197968bd87d9e00904316282225e02756ddf3014

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-118"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 google_maps.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/google_maps/ 2 KB
1 KB 18ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/google_maps/google_maps.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

23f268342b56fd13378302feb75120a18aa63b8645fdd2122f95dc0c0699ed87

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-912"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 grid_row.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/grid_row/ 2 KB
972 B 18ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/grid_row/grid_row.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

a057d4d81423ee04344bfb8d43d3c8e8eb157efc4a0fb3be3c77b845263e6986

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-810"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hr.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/hr/ 2 KB
1 KB 19ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/hr/hr.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

cc2fc51fc5ade58e3350056a062f6817c41544909061ca953f4aaa41c1ea6d1b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-8d9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_hr.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 1 KB
693 B 19ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_hr.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

7b8bdda9988ce6669dcc430230ad33fa88053d2e2a04fd5de2482eec7a56f585

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-533"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_grids.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 5 KB
1 KB 19ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_grids.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

1d016509bcdceb392c3b04f2b3691b706b35c649046fe249b2dd9efc14b9e26b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-1468"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_item_grid.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 374 B
582 B 19ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_item_grid.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5d9ccc96ded6b593317eced6f7dcf8b6a49cb2d7f9632d7b64df1bee868eac11

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-176"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_posts_grid.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 335 B
563 B 19ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_posts_grid.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

44a48bd1c9056a0f97589f463ffc47372006801121f53673fa4c74401b7b7664

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-14f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_tab_slider.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 5 KB
996 B 20ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_tab_slider.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

95965900d54c7e7f0ca243ae8770ed860f2eded07a9a2e873e29cc4c44ab486c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-1285"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_social_profiles.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 472 B
591 B 20ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_social_profiles.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

6d489ed7659a9807cebb71e700fb6ae6ae8b8be566ea5d116be3c4470f57cf1b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-1d8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_textblock.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 52 B
434 B 20ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_textblock.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

9c5db6ce4dc5dd7260f21f7fcde1b035cfcca54224da6b394cf15e97096d8c80

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-34"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 audio-player.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-player/ 1 KB
768 B 21ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-player/audio-player.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

8410dde9f5fbec6e77d68820847fb4d518d1556d825d843441a6e8a6e10b56a1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-5d7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 blog.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/blog/ 21 KB
5 KB 21ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/blog/blog.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

1049fae50c8abfe96ebcf379914f9c2691aaeab24ccdc9654acf9930fda7a4bc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-5525"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 buttons_fullwidth.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons_fullwidth/ 1 KB
780 B 22ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons_fullwidth/buttons_fullwidth.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

9a4cfb61aa5cf0606b4b1a8430d0b433fa53164acaa36b568435f485690dbc09

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-517"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 catalogue.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/catalogue/ 1 KB
869 B 22ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/catalogue/catalogue.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

8ded5c193148b101466930d55f68fdab3d3580145476210d4cbe814395798a50

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-598"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 comments.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/comments/ 6 KB
2 KB 23ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/comments/comments.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

cacbbb7f3cef11f7c7285558291685348abab2396fc8da6ef1388792942cb724

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-160a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 contact.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact/ 13 KB
3 KB 23ms
15ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact/contact.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

ea13c6084b0f4de44cde4353682875ad2f41d4ab30b20fc4148d4916777467fb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-328b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 countdown.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/ 2 KB
991 B 23ms
15ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/countdown.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

9ed807755f1565eb7e790c85e2628d946ce5ae770783d96831431c86a2af6f2b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-85a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gallery_horizontal.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/ 4 KB
1 KB 24ms
16ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

6e0de530a601c3f100fee7910c9924ab4c63d78e6057c309b312aa53111c99dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-f69"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 headline_rotator.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/ 2 KB
1003 B 24ms
16ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

167bb793e92dbe283c32ee3f83184f7c1acd17ee3e7bdba643a4e2d9acad9f5a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-7ec"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 iconbox.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconbox/ 3 KB
1 KB 25ms
4ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconbox/iconbox.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

68bc5b50da1c099955bc5c074dc9be6f7d6e30ad87b4749db8402ca7212b8211

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-c40"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 icongrid.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/ 16 KB
3 KB 25ms
5ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/icongrid.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

ec5a6f0d403ad9ca46d8e112259e29e6d6960b01a4ea6788040b700ff5d164a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-3f4c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 image_hotspots.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/ 4 KB
2 KB 26ms
5ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

ebf58be00925b63196df30db7702d649c33078a859023695351b629559cc58d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-115c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 magazine.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/ 5 KB
1 KB 26ms
6ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/magazine.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

c0fb22b093b05d9f8c0a5f98cc475cdaab7d89d69b580f5c60ef4d01945aee77

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1282"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 masonry_entries.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry_entries/ 18 KB
4 KB 27ms
7ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry_entries/masonry_entries.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

ef539b1c10e2bb2cb1a9c7564589eec478a211e37c6827dd5eadffcd41772e5b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-4788"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia-snippet-site-preloader.css
threatconnect.com/wp-content/themes/enfold/css/ 2 KB
1 KB 27ms
7ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/css/avia-snippet-site-preloader.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5359f6e24d75b783a04e0bc597ae59d66acce61dc74d124beaca24061dd18e0c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-882"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 menu.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/ 9 KB
2 KB 28ms
8ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/menu.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

1ce3a489012358b2b5fd1cce6abdde430860f11a4ef8a300512c8c8912fe22de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-22f4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 notification.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notification/ 3 KB
1 KB 28ms
9ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notification/notification.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

394ff109b4d4b094dc40add2d0fb4ccc6d40d9a162b1bdc0ad968294c675d5e0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-ddb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 numbers.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers/ 3 KB
1 KB 28ms
9ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers/numbers.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

d5f94071a3eed52c0a80d2fac134d524036484ffc92a28381ab2a00a80ff7efd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-c21"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 portfolio.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/ 10 KB
3 KB 27ms
7ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/portfolio.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

daf004d0f11bce6ec02c6cc7561dd54638244758725f9b441210d6804261ad63

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-2652"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post_metadata.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/post_metadata/ 1 KB
700 B 28ms
8ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/post_metadata/post_metadata.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

dd1ce67e4a8d5cfa3cc3c7b3382172bbbceeabc2facf51e1cfe0f1537aab725c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-55f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 progressbar.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/ 8 KB
2 KB 28ms
8ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/progressbar.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

f45b2fd1030d6c507a36b79938473a7e605b46d19eb98ae29fb3a190180f427c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-1ed6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 promobox.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/promobox/ 2 KB
1 KB 28ms
9ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/promobox/promobox.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

67fa468a84ce7bfa85023710993cc547a001f1e2027ab188327506eedb16cfc3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-796"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow_accordion.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/ 2 KB
1 KB 29ms
9ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

e7c62d6fd132c8e5711c2d158748d8420e77d06751842caa45a659705ce49d91

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-964"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow_feature_image.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_feature_image/ 2 KB
1001 B 29ms
10ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_feature_image/slideshow_feature_image.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

b431ef2eeb9c3a8b19e66b398d5cf7897f6d3392b52508bd8ca600e09da68b65

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-8a0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow_fullsize.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullsize/ 6 KB
1 KB 30ms
10ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullsize/slideshow_fullsize.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

64eb8d62bcda3664ae8d92e808d0952e3ae9f21b95562d348ef3ef9f1666866b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-16a3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow_fullscreen.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/ 2 KB
964 B 30ms
11ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

a77ce3a51aa38669b59928125facee4ea3d346c2b609abf7a39014943c5c2458

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-816"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 social_share.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/social_share/ 9 KB
2 KB 30ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/social_share/social_share.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5573215b2e6b57e790b8e3ff2f7d6100d147a3fcc66af8ffe4caeaabcdf27006

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-25f4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tab_section.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tab_section/ 6 KB
2 KB 31ms
12ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tab_section/tab_section.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

c94fa37035f8be8283034b9f11043d4ab39298aa59ab0e6ca8f5ff9dc35cdb2a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-16bb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 table.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/table/ 7 KB
2 KB 31ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/table/table.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

4f573b2b417cb161284550811b7427c10311fb3e0203d2ddd786ac562131d6a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1a24"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tabs.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tabs/ 4 KB
1 KB 32ms
13ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tabs/tabs.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

ecdc3e1733b4465431016227c1c31cd75bb931a284b9728a4478217e8a57eee0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-e6b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 team.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/team/ 3 KB
1 KB 32ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/team/team.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

929937a67f4200f5df7d383e95fe4ede9b399b5516842aaf55de33aec6689f60

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-d96"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 timeline.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/timeline/ 29 KB
4 KB 33ms
15ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/timeline/timeline.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

73708e205ef125b31e5811dde0f5a7bfb685bd0b0bc604fdbba9a5355e19accc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-7236"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 toggles.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles/ 5 KB
2 KB 33ms
14ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles/toggles.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5b438219488cb104cc30a2e5ce6dc29a0bc3fa7ebe6d101d7fab1feec1952b06

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1397"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 video.css
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/ 2 KB
969 B 33ms
15ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/video.css?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

c5ec3b8830ed916eebffd15f4518f9a87333b50c3b0c10d108ed239b795c0b2a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-785"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 shortcodes.css
threatconnect.com/wp-content/themes/enfold/css/ 35 KB
8 KB 34ms
15ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/css/shortcodes.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

a00e9d206b80a089b22ff80579fe9750df9d593cfb2925e710734ac862c2e60b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-8a00"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_shortcodes.css
threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ 6 KB
1 KB 34ms
16ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/css/ep_shortcodes.css?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

eaf2cbcb9061cf17bb962055e284183ca0c35721de558646f999bea875cd8538

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-16c7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 magnific-popup.css
threatconnect.com/wp-content/themes/enfold/js/aviapopup/ 7 KB
2 KB 35ms
16ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

e62e8fe4252bf270d3984c4e3f4be5ff5c19667dd195d5bbb9e404f3267f0981

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1b24"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia-snippet-lightbox.css
threatconnect.com/wp-content/themes/enfold/css/ 4 KB
2 KB 35ms
17ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/css/avia-snippet-lightbox.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

4bb3a0dfcdc1d59ac8b394bf493506ccf9854c7fd5fb878302801d867fa50727

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-e37"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia-snippet-widget.css
threatconnect.com/wp-content/themes/enfold/css/ 23 KB
6 KB 36ms
18ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/css/avia-snippet-widget.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

42622f4dc019baba5598912f40ac5569599e4a6347d9df58db1f99cabf508d5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-5dca"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 threatconnect.css
threatconnect.com/wp-content/uploads/dynamic_avia/ 134 KB
19 KB 36ms
18ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/uploads/dynamic_avia/threatconnect.css?ver=629e2c1181d30

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

ebf53dd58a55e83488b68c74386041da4b497d872f0c70f25857898fac8cad80

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48ef-219a0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
threatconnect.com/wp-content/themes/ThreatConnect/ 139 B
479 B 37ms
19ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/style.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

d54d3649797b02d6d84921f1d262b8e825d8a61ddf068470d8877e3b05d6d028

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Jun 2022 22:15:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"62a9088b-8b"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sassy-social-share-public.css
threatconnect.com/wp-content/plugins/sassy-social-share/public/css/ 9 KB
3 KB 37ms
19ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.42

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

87e1ed8c94d134e4e068a17891d3dad0d122ee052bf061da0ca0e87b3da75069

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:32 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f4-25e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia-snippet-cookieconsent.css
threatconnect.com/wp-content/themes/enfold/css/ 7 KB
2 KB 38ms
20ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/css/avia-snippet-cookieconsent.css?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

1cee6086f4a0ccf93d14d55464a8f70ff156e7701dfcfedfa96f743a62d758bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-1d06"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.css
threatconnect.com/wp-content/themes/ThreatConnect/assets/css/ 165 KB
24 KB 38ms
21ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/assets/css/main.css?ver=1.4

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5dce54cb694a11d2c69ab01a584ad4d9b7e038f4a267573bda717c720d2f8d4f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Wed, 15 Jun 2022 20:24:32 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"62aa4000-29526"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
threatconnect.com/wp-includes/js/jquery/ 87 KB
32 KB 40ms
23ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48dc-15db1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
threatconnect.com/wp-includes/js/jquery/ 11 KB
5 KB 43ms
26ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48dc-2bd8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia-compat.js Show response
threatconnect.com/wp-content/themes/enfold/js/ 2 KB
1 KB 43ms
26ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/js/avia-compat.js?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

76f2c8d87b8acec6dad3f12ad4ef2e95cc2757f032222238a1c1b65e5e9e70ad

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-84f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 50ms
21ms Stylesheet
text/css 2a00:1450:400e:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Miriam+Libre:300,400,700%7CLato:300,400,700&display=auto

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aa5199b6566e6f3193819bafc32cae6e0032675a299c0143a6b869eaa27e0f94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 14:47:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Jun 2022 14:47:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Jun 2022 14:47:42 GMT

GET
H2 200 wp-emoji-release.min.js Show response
threatconnect.com/wp-includes/js/ 18 KB
5 KB 8ms
7ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48dc-4705"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 65ms
38ms Script
text/javascript 2606:4700:4400::6812:2a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 103
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Thu, 16 Jun 2022 14:55:59 GMT
cache-control: max-age=1200
cf-ray: 71c4579a68056922-FRA
cf-bgj: minify

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 220 KB
78 KB 51ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c3897ad6f1800bf468cf4acfa7e224b686d22f3789edce13f055e9fc9332c159

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79028
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Jun 2022 14:47:42 GMT

GET
H2 200 k9tIxIK8yDtqsInmZdv1 Show response
ws.zoominfo.com/pixel/ 2 KB
1 KB 182ms
160ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/k9tIxIK8yDtqsInmZdv1

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

da76d8f1241294c7497a43751591fced11c8ebcf61512710249ef34bde7f8846

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 71c4579a69b49962-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
via: 1.1 google

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 31 KB
10 KB 64ms
8ms Script
application/javascript 104.89.35.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-35-64.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8e038b564510a45dc11799f74da367733f3db7f9c0a0434f1e90c44ec5168278

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 9715
Pragma: no-cache
Last-Modified: Thu, 05 May 2022 03:45:17 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6273484d-7b02"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 16 Jun 2022 14:47:42 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 52ms
9ms Script
application/x-javascript 2a02:26f0:f7::5c7b:e024
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 662
Date: Thu, 16 Jun 2022 14:47:42 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
X-EdgeConnect-MidMile-RTT: 0
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=53595
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H2 200 tc-2022.woff2
threatconnect.com/wp-content/uploads/avia_fonts/tc-2022/ 7 KB
8 KB 9ms
8ms Font
font/woff2 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/uploads/avia_fonts/tc-2022/tc-2022.woff2

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

120491441eca26b97638c2f63d39b1633a2d5ebbf4fe87890f7eba18d1e9f7f5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Origin: https://threatconnect.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 7364
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "629e48ef-1cc4"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 DdT-798HsHwubBAqfkcBTL_X3LbrQsq6.woff2
fonts.gstatic.com/s/miriamlibre/v13/ 13 KB
14 KB 34ms
8ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/miriamlibre/v13/DdT-798HsHwubBAqfkcBTL_X3LbrQsq6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Miriam+Libre:300,400,700%7CLato:300,400,700&display=auto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d53b318a2ec7f8c8a151e1e73eab4f7b4b78c796032e48f7d0fc5081a9e47d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://threatconnect.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 21:55:39 GMT
x-content-type-options: nosniff
age: 147123
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13520
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:53:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 21:55:39 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 ThreatConnect_Big_Logo.png
threatconnect.com/wp-content/themes/ThreatConnect/img/logos/ 16 KB
16 KB 8ms
8ms Image
image/png 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/img/logos/ThreatConnect_Big_Logo.png

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/wp-content/themes/ThreatConnect/assets/css/main.css?ver=1.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

083f0ccac7b455fe86c16c28a831dc811a9153448fc3155af6ce4db36c669d1b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/wp-content/themes/ThreatConnect/assets/css/main.css?ver=1.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 15976
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Jun 2022 22:15:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62a9088b-3e68"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tc-fontawesome.woff2
threatconnect.com/wp-content/uploads/avia_fonts/tc-fontawesome/ 6 KB
6 KB 8ms
8ms Font
font/woff2 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/uploads/avia_fonts/tc-fontawesome/tc-fontawesome.woff2

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

013195661aee412200d59b8c7f79974b990c5a2098fff5e2b8f03b5b37f096e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Origin: https://threatconnect.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 6088
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "629e48ef-17c8"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 DdTh798HsHwubBAqfkcBTL_fZ5P-.woff2
fonts.gstatic.com/s/miriamlibre/v13/ 13 KB
13 KB 26ms
17ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/miriamlibre/v13/DdTh798HsHwubBAqfkcBTL_fZ5P-.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Miriam+Libre:300,400,700%7CLato:300,400,700&display=auto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4764bf56ebd628c42087ce3ac42be83bdcb98fe904f502379e247e2d08b451e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://threatconnect.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 21:49:39 GMT
x-content-type-options: nosniff
age: 147483
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12912
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:45:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 21:49:39 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 16ms
10ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Miriam+Libre:300,400,700%7CLato:300,400,700&display=auto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://threatconnect.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 164428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:07:14 GMT

GET
H2

200

blogsubscr.js Show response
storage.pardot.com/902141/1613500354lt80qUuq/
Redirect Chain

https://gonow.threatconnect.com/l/902141/2021-02-16/5zg4/902141/1613500354lt80qUuq/blogsubscr.js
https://storage.pardot.com/902141/1613500354lt80qUuq/blogsubscr.js

945 B
1 KB

500ms
430ms

Script
text/javascript

2600:9000:2156:fc00:d:7e9b:1200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.pardot.com/902141/1613500354lt80qUuq/blogsubscr.js
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: H2
Server: 2600:9000:2156:fc00:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27aa7481954dc0648d2b4feee75d5b8fae181c44897c9871f3317bdee5e9fdbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:44 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Tue, 16 Feb 2021 18:32:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "345c475ec0a8fe3e1f075f131ff542ef"
x-cache: Miss from cloudfront
content-type: text/javascript
x-amz-replication-status: COMPLETED
content-length: 945
accept-ranges: bytes
x-robots-tag: none
x-amz-version-id: OLESmYnoWVzYfvdSfz4ZMiKMlXnAF70p
x-amz-cf-id: dXBVd7KPrIJ8cRIKvibesrOuWmta8WaxOUpDWE_-OyB9yUooLeJFkA==

Redirect headers

Date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
Server: PardotServer
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
location: https://storage.pardot.com/902141/1613500354lt80qUuq/blogsubscr.js
cache-control: max-age=600
Connection: keep-alive
x-robots-tag: none
Content-Length: 137
expires: Thu, 16 Jun 2022 14:57:42 GMT

GET
H2 200 related.css
threatconnect.com/wp-content/plugins/yet-another-related-posts-plugin/style/ 307 B
543 B 9ms
6ms Stylesheet
text/css 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/yet-another-related-posts-plugin/style/related.css?ver=5.27.8

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

2efe0d8072659b087901323e1fdb18a0f57e6011cb9cb7edff6e1723fc2e8d70

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f2-133"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia.js Show response
threatconnect.com/wp-content/themes/enfold/js/ 59 KB
17 KB 10ms
4ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/js/avia.js?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

4ef4686cbc3c797070a433201cdc9327fda1f4be0cc73b349c8f2b899ba49363

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-edd3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 shortcodes.js Show response
threatconnect.com/wp-content/themes/enfold/js/ 40 KB
11 KB 13ms
1ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/js/shortcodes.js?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5f952e0af917764aca917688a5efeb8dd9141093f15369bd1ccf0dc0d9077970

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-9f61"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/ 31 KB
9 KB 14ms
2ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/slideshow.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

75a1b5d61298818bc4c7b95408af9c263f552ab4e084db2c4a439a8b6f9ef75e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-7ae1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gallery.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery/ 3 KB
1 KB 18ms
4ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery/gallery.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

e076c728f80af0f1311f2e9048b18818119d27c14a0db3d0b505edaff3a5138c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-d5c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 iconlist.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlist/ 691 B
687 B 18ms
4ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlist/iconlist.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

70d4828c15265b95a042b7291dff56fde6ee443acf271da1b1a34723849ddf0b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-2b3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.dataTables.min.js Show response
threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/integrations_table/DataTables/js/ 80 KB
29 KB 18ms
5ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/integrations_table/DataTables/js/jquery.dataTables.min.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

dda1d592ee93c534549248a26efc13cf993cc1cef1b84af542a4c1f8ea3943b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Mar 2021 16:28:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"605cba28-141e1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 integrations_table.js Show response
threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/integrations_table/ 511 B
625 B 19ms
5ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/integrations_table/integrations_table.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

e3a5a586af5ef83742d786d0013be78b79bc5ebad17f9e5901fb4a39aa48143e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Mar 2021 16:28:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"605cba28-1ff"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 testimonials.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/ 708 B
692 B 20ms
6ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/testimonials.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

310edb74bcdb96ff090db51276ab0ad4ee7ae5d6f3cb48ce2b6df0edc8ad8e4c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-2c4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lottie-web.js Show response
threatconnect.com/wp-content/plugins/enfold-plus-lotties/assets/js/dist/ 246 KB
63 KB 21ms
7ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus-lotties/assets/js/dist/lottie-web.js?ver=1.2.7

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

41121032744ae3e098d01b42d02ee46b3daccb5f691d97c1bc0fe62a514fea28

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-3d85b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lottie.js Show response
threatconnect.com/wp-content/plugins/enfold-plus-lotties/assets/js/ 3 KB
2 KB 25ms
11ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus-lotties/assets/js/lottie.js?ver=1.2.7

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5c4b117010b00385033194b7d448d1f2c6ecdcb49334b41561776dd38a2f9413

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-a25"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lottieTabs.js Show response
threatconnect.com/wp-content/themes/ThreatConnect/assets/js/dist/ 3 KB
1 KB 25ms
12ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/assets/js/dist/lottieTabs.js?ver=1.4

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

e1f41bb78a8a9451cf6f10d13ba92fc879d0139070fce0307d7d62ae75ee73f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 16:45:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"611d3914-a1b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flickity.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/ 53 KB
14 KB 26ms
12ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/flickity.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

2f559133e795138a9e4836a6c22f45a9192d8f60bc51d58648840e8150c760a3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-d357"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flickity-fade.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/ 7 KB
2 KB 27ms
14ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/flickity-fade.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

d637dae1aa80d0dd5ba985ac364cf9d541e3152949a4f234c010319c8e1f0a02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-1c2e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 enquire.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/ 3 KB
2 KB 28ms
14ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/enquire.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

dfb99dee1e029d51d6cfb672d847929890b1585402de17f5ed092edd72a688b4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-c2b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flickity-sync.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/ 3 KB
1 KB 28ms
15ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/flickity-sync.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

29ed674055ed51be81f36c84c23c87a911775bcae6f8d158f4ec43b6f2bd606b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-c85"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flickity-as-nav-for.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/ 4 KB
2 KB 28ms
15ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/flickity-as-nav-for.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

645c85c47a096414f80fb2a589c4086ea33b22204c08c2c2db86f45d3bda9ad6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-101a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flickity-prev-next.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/ 644 B
676 B 29ms
16ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/flickity-prev-next.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

d77f2bc29b21dcd3e2656f073dd09cc1a658da77bd8d9ab0fcefda0a21fa7fb3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-284"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flickity-hash.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/ 3 KB
1 KB 29ms
16ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/dist/flickity-hash.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

200d1514b6b8b14cec7f01edbe31a348ca8716022772c1936facf61a338aef0c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-b58"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_shortcodes.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/ 326 B
585 B 29ms
17ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/ep_shortcodes.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

de9dcd951b7dd88f17da2fd7a573b3bf63dd16c9ecada6b61a93acfba7fc299d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-146"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_flickity_slider.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/ 2 KB
860 B 29ms
17ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/ep_flickity_slider.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

fcc8a30d38eeacb30158d0d90764bb7a725996874d5884b5017b10cc9ff14a34

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-750"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_item_grid.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/ 1 KB
822 B 30ms
18ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/ep_item_grid.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

dfced0621406b56297852f394a4b93825c69defcd20ce9e67b439bea504405cb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-4d2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ep_posts_grid.js Show response
threatconnect.com/wp-content/plugins/enfold-plus/assets/js/ 3 KB
1 KB 30ms
18ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus/assets/js/ep_posts_grid.js?ver=0.1.9.52

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

b0806c302d41468915d96296138d82a352b260c1597ea02f9dd34272e7f57f58

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:34 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f6-bf1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lottie-slider.js Show response
threatconnect.com/wp-content/plugins/enfold-plus-lotties/assets/js/ 3 KB
2 KB 30ms
19ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/enfold-plus-lotties/assets/js/lottie-slider.js?ver=1.2.7

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

b006914505301660045e65aaea7381bf33c1d8e3d15263bb6556231d5df05784

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-abd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 audio-player.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-player/ 2 KB
1 KB 31ms
19ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-player/audio-player.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

1405953ba31d896be3fc88ce1d8a815c0293cc56625e29fee2948f8fe452fdb2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-938"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 contact.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact/ 10 KB
3 KB 31ms
20ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact/contact.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

4a9dfce8b2543f8f89caf6b3d456bbbf4c4c66132a9e703b99c7413e83cef1cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-2652"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 countdown.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/ 6 KB
2 KB 31ms
20ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/countdown.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

8d893952943dd9e0850f8c7505f8c0d11871d1deefa4b68468e5a3071201b58b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-16e8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gallery_horizontal.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/ 5 KB
2 KB 31ms
19ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

a682c87a5ce2d04cd9a5924b0a175302c1fdd7f5a699342471fa4be74d866655

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1343"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 headline_rotator.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/ 5 KB
2 KB 31ms
20ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

2618c8add84246e2cec2a0681b450a1d4f80e81efddcb601a40add7a585c2b1a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-12ea"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 icongrid.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/ 3 KB
1 KB 31ms
20ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/icongrid.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

004ea73ceb1e88719659c6428b6d2a586c216c8910bb2da786337fe957f658bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-cc2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 image_hotspots.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/ 789 B
714 B 31ms
21ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

473c9f8075664906585eb391239137ee5b48b18e35882a7ce29c53674f78dc76

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-315"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 magazine.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/ 2 KB
1 KB 32ms
21ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/magazine.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

960a028119de25b821135e4a69085a780c5ffe9161ca4eca572fc36380605577

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-884"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 isotope.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/ 48 KB
14 KB 32ms
21ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/isotope.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

11787a8b7542fbe98867b211d0e9cea087163816cd3ec38ed231bbc41dc38479

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-bfb9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 masonry_entries.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry_entries/ 8 KB
3 KB 31ms
22ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry_entries/masonry_entries.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

19e7eaf37821b33d420d4f637064880a2c6b499b9200bed5236ce05471b708f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1e97"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 menu.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/ 4 KB
2 KB 32ms
23ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/menu.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

ce1e463aaccb4f7c001e0c4bb32ffc32cd7fcf268941bf74c0832a5a85f81ed4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-fd4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 notification.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notification/ 2 KB
1 KB 32ms
23ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notification/notification.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

49fec2b57002c08bfc89a2268899f5632751ae25e8fc415269f5a6f025dff48b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-95c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 numbers.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers/ 4 KB
2 KB 32ms
24ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers/numbers.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

8da4913a5c9bf5dd3d94adb8fae3108a36083fe53e1f317bdade0f95c1ce4a50

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-e79"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 portfolio.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/ 11 KB
4 KB 32ms
24ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/portfolio.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5ac9abec0cbe62b1dd67c7cde82cdefec6f8f4e25dd36f4ee59369365b5732ce

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-2c02"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 progressbar.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/ 888 B
759 B 32ms
24ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/progressbar.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

54cd7e9d4f76bf5b89b26b84c09d4bccabd9dc6f1afcce81ac0945cdb9bd8c8e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-378"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow-video.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/ 23 KB
7 KB 32ms
25ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/slideshow-video.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

0e2730d094b0aff3e895c0a60d6c6adf2ced2a3b8c635fe77ee18d9b5984bd15

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-5be2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow_accordion.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/ 8 KB
3 KB 32ms
25ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

1a6c2c375f6cbb852581f444a2481cb1949bb0821546c3a771d7e6188835c39a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-2078"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slideshow_fullscreen.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/ 5 KB
2 KB 33ms
26ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

1bd354070a2ae53ffa68a844ae4f8ff376d33bafdc7d5e9fb29b1aac6d22d432

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f1-1514"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tab_section.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tab_section/ 8 KB
3 KB 33ms
26ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tab_section/tab_section.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

c69f90b943a7938cb62b883f1d5c9f70a9382ec362b14efa013bb75e34c29d27

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-2127"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tabs.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tabs/ 4 KB
2 KB 33ms
27ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tabs/tabs.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

4f15165c519a5b39ca782e60dbc18b9d40f4c79ef56b39102ee91f2b8666792f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-ea3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 timeline.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/timeline/ 4 KB
2 KB 33ms
27ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/timeline/timeline.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

8250d2a6499c7acb5683013a9d90ba1a0799dadb948b5c7dbf62bfa3eabe56d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-11db"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 toggles.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles/ 4 KB
2 KB 34ms
27ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles/toggles.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

5db82c8597446f4cf4eb225f222a0249538d12ebefa8cc7d33833c062fd56ded

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-10c2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 video.js Show response
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/ 2 KB
1 KB 34ms
28ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/video.js?ver=5.9.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

4d900c5255ac8e336b38606f70a16748693db8f6cd5a374f4af5ab1e37c9eb11

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-8fc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fitvids.js Show response
threatconnect.com/wp-content/plugins/fitvids-for-wordpress/ 4 KB
2 KB 34ms
28ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/fitvids-for-wordpress/jquery.fitvids.js?ver=1.1

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

4eeeaa4e345fef8be54d0a26426b4fb41a4fa9110bf30cba2254472189aca82c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-edb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.magnific-popup.min.js Show response
threatconnect.com/wp-content/themes/enfold/js/aviapopup/ 20 KB
8 KB 34ms
29ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/js/aviapopup/jquery.magnific-popup.min.js?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

c4a2abc89986ca24c4fdb9cac3ff1f75b696844db6cdfa5b0c775a7e1a214634

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-51ff"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia-snippet-lightbox.js Show response
threatconnect.com/wp-content/themes/enfold/js/ 7 KB
3 KB 35ms
27ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/js/avia-snippet-lightbox.js?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

26dd8ee0547cb2a34952e131486bcadbcf89d330e2f82fa3167d9884f492a22b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-1b0f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia-snippet-widget.js Show response
threatconnect.com/wp-content/themes/enfold/js/ 2 KB
1 KB 35ms
27ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/js/avia-snippet-widget.js?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

377546b16297589f4f83068790d091fc6837e0cf5efe1afbdf4294b68e0828f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-8a7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sassy-social-share-public.js Show response
threatconnect.com/wp-content/plugins/sassy-social-share/public/js/ 119 KB
40 KB 36ms
28ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.42

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

a28f7b51eecc453bfa4b7794290a3d75918d3983ec835f0089b5a92d90ba9961

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:33 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f5-1dbb3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avia-snippet-cookieconsent.js Show response
threatconnect.com/wp-content/themes/enfold/js/ 21 KB
6 KB 36ms
29ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/js/avia-snippet-cookieconsent.js?ver=4.9.2.3

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

f5f8618aa6b70e822faa78b79891f20470f31bd3b4234f38315151501ec39b17

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f0-554c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 smush-lazy-load.min.js Show response
threatconnect.com/wp-content/plugins/wp-smush-pro/app/assets/js/ 8 KB
4 KB 37ms
29ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js?ver=3.9.11

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:31 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"629e48f3-1ef2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 masonry_entries.js Show response
threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/masonry_entries/ 5 KB
2 KB 37ms
30ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/includes/avia-shortcodes/masonry_entries/masonry_entries.js?ver=1.4

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

c97db88c5a2a205647caed9e1333c74014eb6d63c07793eb2c2b27765c852fbf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Mar 2021 16:28:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"605cba28-138f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.js Show response
threatconnect.com/wp-content/themes/ThreatConnect/assets/js/dist/ 3 KB
1 KB 37ms
30ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/assets/js/dist/main.js?ver=1.4

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

e82554f8b229e3285bac722e99343412587a0dd4ca5f0337d58525de39bf4615

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Mar 2021 16:28:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"605cba28-b09"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bundle.js Show response
threatconnect.com/wp-content/themes/ThreatConnect/assets/js/ 23 KB
8 KB 36ms
31ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/assets/js/bundle.js?ver=1.4

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

58b13bfca0bbad87c5d6e119fbde85a1659884be01dc9bb5c1e91abc627dcb78

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Jun 2022 22:15:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"62a9088b-5dd5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 typewritter.js Show response
threatconnect.com/wp-content/themes/ThreatConnect/assets/js/dist/ 14 KB
5 KB 36ms
31ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/assets/js/dist/typewritter.js?ver=1.4

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

8dededb218d6b97a05c568f21187d7cea8be1451badf973ca5f619727e4e43b4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Jun 2022 22:15:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"62a9088b-39f4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 headline-rotator-4.js Show response
threatconnect.com/wp-content/themes/ThreatConnect/assets/js/ 1006 B
972 B 37ms
32ms Script
application/javascript 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/assets/js/headline-rotator-4.js?ver=1.4

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

f8c7234f71ee95d38313af50d48515f0e5cfc5b1a98eb0639282bbc8207aa510

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Jun 2022 22:15:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"62a9088b-3ee"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Wave-Top-Middle-Right-4@2x.png
threatconnect.com/wp-content/themes/ThreatConnect/img/png/ 40 KB
41 KB 25ms
25ms Image
image/png 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/img/png/Wave-Top-Middle-Right-4@2x.png

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/wp-content/themes/ThreatConnect/assets/css/main.css?ver=1.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

2878e704dc99ab3f990ef40b6ea7ebd5faa20eb36b3acf566d650dca090ebf8a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/wp-content/themes/ThreatConnect/assets/css/main.css?ver=1.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 41440
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:28 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "629e48f0-a1e0"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 20ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Miriam+Libre:300,400,700%7CLato:300,400,700&display=auto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://threatconnect.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 164428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:07:14 GMT

GET
H2 200 entypo-fontello.woff2
threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/ 38 KB
39 KB 7ms
7ms Font
font/woff2 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatconnect.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff2

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

7f260ff280b2e54e84e6f9c2790da49cc9abadc457b77d1df4dea121a8c8ab6e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Origin: https://threatconnect.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 39220
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "629e48f1-9934"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3711361%2C3545449&time=1655390862597&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3711361%252C3545449%26time%3D1655390862597%26url%3Dhttps%253A%252F%252Fthreatconn...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3711361%2C3545449&time=1655390862597&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3711361%2C3545449&time=1655390862597&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domain...

0
267 B

192ms
156ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3711361%2C3545449&time=1655390862597&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&liSync=true&e_ipv6=AQK9MNzKRL_mIAAAAYFs-_8LQP31WlpkOCa8tE0FzbgEATFSOW7J6922P_kuisCz
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:43 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: E21CD7638CBD4EE7AE96768A1CA02D99 Ref B: FRAEDGE1107 Ref C: 2022-06-16T14:47:43Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXhkbhfPYgRX+PzBPBtcQ==
x-li-fabric: prod-ltx1

Redirect headers

date: Thu, 16 Jun 2022 14:47:42 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 69DB7EDC646443EBB167BD594532A977 Ref B: VIEEDGE3306 Ref C: 2022-06-16T14:47:43Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3711361%2C3545449&time=1655390862597&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&liSync=true&e_ipv6=AQK9MNzKRL_mIAAAAYFs-_8LQP31WlpkOCa8tE0FzbgEATFSOW7J6922P_kuisCz
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXhkbhcACjmbBF2qhrEEg==

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
324 B 384ms
94ms Image
image/gif 206.19.49.24
ATT-CERFNET-BLOCK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=14465143&version=2.1.1&ref=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&r=1655390862599
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:42 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
Server: Apache/2.4.6 (CentOS)
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 43

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 49 KB
14 KB 43ms
8ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05448e9440e5f8a66395d7d66a9bfcb9614a80e4e181f6347cd742ec36725ca6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 18:52:59 GMT
etag: "90b3a450b1a5741eca2aac717f3ebbc2+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 13714
x-served-by: cache-iad-kiad7000048-IAD, cache-hhn11563-HHN

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 38ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6173
date: Thu, 16 Jun 2022 13:04:49 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 16 Jun 2022 15:04:49 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 76ms
34ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e2db6493cc4a606dd658a7859c64d725083e1c463b38005a761bab49d9cf27d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 13 Jun 2022 22:16:41 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E56457D0597348C693FBC51E1D401EFD Ref B: FRAEDGE1517 Ref C: 2022-06-16T14:47:42Z
etag: "80ead641737fd81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Thu, 16 Jun 2022 14:47:42 GMT
accept-ranges: bytes
content-length: 11353

GET
H2 200 adsct
t.co/i/ 43 B
339 B 201ms
173ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=f2d67bfd-6b16-45b0-a0cd-8beffeb177b4&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=1a28aeae-6e35-4556-aada-b8473778780d&tw_document_href=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nztwy&type=javascript&version=2.3.20

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-response-time: 166
date: Thu, 16 Jun 2022 14:47:42 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 040af5dc6ddf406eb69625708893a72ab3ac1ef3c6f16f7f0a4de4bb57b913ed
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
355 B 192ms
169ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=f2d67bfd-6b16-45b0-a0cd-8beffeb177b4&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=1a28aeae-6e35-4556-aada-b8473778780d&tw_document_href=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nztwy&type=javascript&version=2.3.20

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-response-time: 161
date: Thu, 16 Jun 2022 14:47:41 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: a196fdf15fa052c8301f115173e7611dd0459e0866974f56c88f9cf040e588d7
content-length: 43

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 60ms
19ms XHR
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-42717170-1&cid=1920901713.1655390863&jid=2032275317&gjid=234987171&_gid=1782912057.1655390863&_u=YGBAiEABBAAAAE~&z=660651168

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatconnect.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 16 Jun 2022 14:47:42 GMT
content-type: text/plain
access-control-allow-origin: https://threatconnect.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 25ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=646978685&t=pageview&_s=1&dl=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&ul=en-us&de=UTF-8&dt=Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains%20-%20ThreatConnect%20%7C%20Risk-Threat-Response&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABB~&jid=2032275317&gjid=234987171&cid=1920901713.1655390863&tid=UA-42717170-1&_gid=1782912057.1655390863&gtm=2wg6f0PHTD73T&z=1632942938

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 06:19:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 30508
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 56373044.js Show response
bat.bing.com/p/action/ 219 B
476 B 158ms
158ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56373044.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

46450f02e3c55e721a83dba608b41a1db458f0a6ce7def437485c427ea03e1ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 588BA3CA9A7544CCBC72DC2D4D3DFDE8 Ref B: FRAEDGE1517 Ref C: 2022-06-16T14:47:42Z
date: Thu, 16 Jun 2022 14:47:42 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 300

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 55ms
32ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-42717170-1&cid=1920901713.1655390863&jid=2032275317&_u=YGBAiEABBAAAAE~&z=772954895

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 14:47:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 56ms
32ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-42717170-1&cid=1920901713.1655390863&jid=2032275317&_u=YGBAiEABBAAAAE~&z=772954895

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 14:47:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 56373044 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 1027ms
480ms Script
application/x-javascript 2620:1ec:27::cafe:1686
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/56373044
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/56373044.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1686 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: d3fd4756c0c2aba21e31da8c374368bfd9a3176440a43de3a80420f6325317e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
x-powered-by: ASP.NET
x-azure-ref: 0j0KrYgAAAACgX6klxOoURZ2K9w+CUP7+RFhCMzBFREdFMDIwNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
content-length: 1587
expires: -1

GET
H/1.1 200
OK 4gph Show response
gonow.threatconnect.com/l/902141/2021-01-25/ Frame 42BD 32 KB
9 KB 367ms
367ms Document
text/html 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
Requested by: Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-02-16/5zg4/902141/1613500354lt80qUuq/blogsubscr.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: cc31b7dada6cd9516e31bd92bfc4637c46ffc4c8144ecd82ef6fbba88da710e2

Request headers

Referer: https://threatconnect.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 8545
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Jun 2022 14:47:43 GMT
Server: PardotServer
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
expires: Thu, 19 Nov 1981 08:52:00 GMT
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
pragma: no-cache
vary: Accept-Encoding,User-Agent
x-pardot-rsp: 0/0/1

GET
H2 200 adsct
t.co/i/ 43 B
103 B 177ms
177ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=668b4d8a-42b9-448c-9fc5-2485a65faf25&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=1a28aeae-6e35-4556-aada-b8473778780d&tw_document_href=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nztwy&type=javascript&version=2.3.20

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-response-time: 169
date: Thu, 16 Jun 2022 14:47:43 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 040af5dc6ddf406eb69625708893a72ab3ac1ef3c6f16f7f0a4de4bb57b913ed
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
102 B 175ms
175ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=668b4d8a-42b9-448c-9fc5-2485a65faf25&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=1a28aeae-6e35-4556-aada-b8473778780d&tw_document_href=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nztwy&type=javascript&version=2.3.20

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-response-time: 168
date: Thu, 16 Jun 2022 14:47:42 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: a196fdf15fa052c8301f115173e7611dd0459e0866974f56c88f9cf040e588d7
content-length: 43

GET
H2 200 Association-Graph_2020-09-11-7_05_23am.jpg
threatconnect.com/wp-content/uploads/ 42 KB
43 KB 314ms
314ms Image
image/jpeg 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatconnect.com/wp-content/uploads/Association-Graph_2020-09-11-7_05_23am.jpg

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

55fa00568c08afcbe795b405a8b872fb20d0e7c05c9e2361171297b8b518f7c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:43 GMT
x-content-type-options: nosniff
x-sucuri-cache: MISS
content-length: 43314
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Jun 2022 18:35:10 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "629e48de-a932"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ThreatConnect_Logo_Dark.png
threatconnect.com/wp-content/themes/ThreatConnect/img/logos/ 15 KB
16 KB 7ms
7ms Image
image/png 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/img/logos/ThreatConnect_Logo_Dark.png

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

68c2740b42187f9ac9924af6d8e4422e8771dc01e4b6ca5f96052a19830479c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:42 GMT
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 15627
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Jun 2022 22:15:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62a9088b-3d0b"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 204 0
bat.bing.com/action/ 0
176 B 37ms
37ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=56373044&tm=gtm002&Ver=2&mid=c2671233-276d-4916-b87f-1443b49df148&sid=4754ed10ed8311ec902451febb0ff586&vid=4754f580ed8311ec988af568d409d282&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains%20-%20ThreatConnect%20%7C%20Risk-Threat-Response&p=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&r=&lt=2516&evt=pageLoad&msclkid=N&sv=1&rn=75452

Requested by

Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96A6A1A575EE43428DB3D15D49C3463D Ref B: FRAEDGE1517 Ref C: 2022-06-16T14:47:43Z
date: Thu, 16 Jun 2022 14:47:43 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK form.css
gonow.threatconnect.com/css/ Frame 42BD 31 KB
8 KB 104ms
104ms Stylesheet
text/css 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://gonow.threatconnect.com/css/form.css?ver=2021-09-20
Requested by: Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:43 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Thu, 16 Jun 2022 05:18:41 GMT
Server: PardotServer
etag: "7be2-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: text/css
cache-control: max-age=63072000
Connection: keep-alive
accept-ranges: bytes
Content-Length: 7660
expires: Sat, 15 Jun 2024 14:47:43 GMT

GET
H/1.1 200
OK piUtils.js Show response
gonow.threatconnect.com/js/ Frame 42BD 341 KB
99 KB 216ms
112ms Script
application/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://gonow.threatconnect.com/js/piUtils.js?ver=2021-09-20
Requested by: Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: 732a85650cf73f86d42d3b89bf9139c2f1bd66db55555c4778ebf4e78e8a0dce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:43 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Thu, 16 Jun 2022 05:18:41 GMT
Server: PardotServer
etag: "555a1-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
Transfer-Encoding: chunked
Connection: keep-alive
accept-ranges: bytes
expires: Sat, 15 Jun 2024 14:47:43 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame 42BD 94 KB
34 KB 31ms
9ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 12:07:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9622
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33576
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Jun 2023 12:07:21 GMT

GET
H2 200 iframeResizer.contentWindow.min.js Show response
cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.11/ Frame 42BD 13 KB
5 KB 35ms
17ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.11/iframeResizer.contentWindow.min.js

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

107fbb21d462c56b56e6d741c0c9135cbf87bd6e6d02a578a1ffc76c067b9c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 570857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4395
timing-allow-origin: *
last-modified: Tue, 02 Jun 2020 17:36:19 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ed68e13-348e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UUcJmiR1tXi4cDrRelOnVvtYSiUWUXvosQ16xyw4gVTKzeXMwkfoI%2FSxAFGABybO2FAmtji6xTatiFnxXdNGI8tLr%2F53PHtesWIO%2Ff3bQXqY6MYqlcosOo9lE2vAHLf5SLgsMqhYfznI6C192gXluaq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 71c457a368db9152-FRA
expires: Tue, 06 Jun 2023 14:47:43 GMT

GET
H3 200 api.js Show response
www.google.com/recaptcha/ Frame 42BD 850 B
576 B 34ms
16ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dfb6795a9ca2b442ca3364e40c39bbc6ce3b91ff6971d935b98377028dec9e31

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Thu, 16 Jun 2022 14:47:43 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus-e/s/0.6.35/ 53 KB
23 KB 474ms
474ms Script
application/javascript 2620:1ec:27::cafe:1686
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus-e/s/0.6.35/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/56373044
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1686 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: fab5572c01cd671e1a92d8ffda83b65c5276089a5d8f7cec2105ba034a55a98e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:43 GMT
content-encoding: br
etag: "1d880d11ff3a965"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0j0KrYgAAAABMAQRZ7zIHQamdhQIK50GJRFhCMzBFREdFMDIwNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 lightbox_inline.js Show response
www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/ 2 KB
1 KB 210ms
182ms Script
application/javascript 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/lightbox_inline.js?mb=1655390863987
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c586db3291b895fa8e2cbc534b7f4f3965c439fc4a9d30e3beb91b012414dc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: br
cf-cache-status: REVALIDATED
content-md5: GyfMI9GE6nAmC4WcEkOEMg==
cf-polished: origSize=2379
x-ms-lease-status: unlocked
last-modified: Mon, 14 Mar 2022 22:01:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: bf36e3ae-201e-001e-4709-56c2dd000000
x-ms-version: 2009-09-19
cf-ray: 71c457a41bd9995d-FRA
cf-bgj: minify

GET
H2 200 lightbox.js Show response
www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/ Frame C2EF 326 B
313 B 186ms
186ms Script
application/javascript 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/lightbox.js?mb=1655390864198&lv=1
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 33d26fca67efa57efce74346f667635098726937f69c1f449865a8d6be750041

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 16 Jun 2022 14:06:27 GMT
server: cloudflare
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 71c457a54e20995d-FRA

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 42BD 220 KB
77 KB 44ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e8842c27c61e73fea7a9a0d8dc2bc740c9477363f068aceacdaac5db8574547a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79018
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Jun 2022 14:47:44 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/ Frame 42BD 367 KB
146 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

506336914f02f937120502bd21ebe49d3720829c2a09f6bc7f933baba246e14c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gonow.threatconnect.com/
Origin: https://gonow.threatconnect.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:37:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 606
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148524
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:37:38 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 42BD 8 KB
3 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:f7::5c7b:e024
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 662
Date: Thu, 16 Jun 2022 14:47:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
X-EdgeConnect-MidMile-RTT: 0
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=53593
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 42BD 49 KB
13 KB 8ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05448e9440e5f8a66395d7d66a9bfcb9614a80e4e181f6347cd742ec36725ca6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 18:52:59 GMT
etag: "90b3a450b1a5741eca2aac717f3ebbc2+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 13714
x-served-by: cache-iad-kiad7000048-IAD, cache-hhn11563-HHN

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 42BD 49 KB
20 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6175
date: Thu, 16 Jun 2022 13:04:49 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 16 Jun 2022 15:04:49 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 42BD 38 KB
11 KB 31ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHTD73T

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e2db6493cc4a606dd658a7859c64d725083e1c463b38005a761bab49d9cf27d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 13 Jun 2022 22:16:41 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F8E7F2A2F9FE4953BE61A72520833D92 Ref B: FRAEDGE1517 Ref C: 2022-06-16T14:47:44Z
etag: "80ead641737fd81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Thu, 16 Jun 2022 14:47:44 GMT
accept-ranges: bytes
content-length: 11353

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 3C8D 43 KB
22 KB 26ms
26ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nb25vdy50aHJlYXRjb25uZWN0LmNvbTo0NDM.&hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&size=normal&cb=j5z7et8xhof

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c40f3f11a889bda8635602d5ae0369fdde07c3518a8cefc9dc9ad1cdbee01cdc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VtEgtmMB0-bdFT9h85H5Uw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gonow.threatconnect.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22789
content-security-policy: script-src 'report-sample' 'nonce-VtEgtmMB0-bdFT9h85H5Uw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 14:47:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 user.js Show response
www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/ Frame C2EF 640 KB
135 KB 27ms
26ms Script
application/javascript 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/user.js?cb=637881441612827847
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/lightbox.js?mb=1655390864198&lv=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 496e54253744f42929f9c3876419ce1d537ed140242470c4a69b70059528e2fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: vi8Brutl8UmUsSdt45A1Pw==
age: 334434
cf-polished: origSize=1095138
last-modified: Mon, 14 Mar 2022 22:01:48 GMT
x-ms-lease-status: unlocked
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: c9c02b76-601e-0030-2f85-7e421a000000
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 71c457a6e8d0995d-FRA
expires: Fri, 16 Jun 2023 14:47:44 GMT

GET
H2

200

collect
px4.ads.linkedin.com/ Frame 42BD
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3545449&time=1655390864465&url=https%3A%2F%2Fthreatconnect.com%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3545449&time=1655390864465&url=https%3A%2F%2Fthreatconnect.com%2F&e_ipv6=AQLT1dn002MEgwAAAYFs_ASxBc043rlnXldg7MeMlqBULSEK2CCgNDev1pGY3ouE

0
144 B

160ms
153ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3545449&time=1655390864465&url=https%3A%2F%2Fthreatconnect.com%2F&e_ipv6=AQLT1dn002MEgwAAAYFs_ASxBc043rlnXldg7MeMlqBULSEK2CCgNDev1pGY3ouE
Requested by: Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:44 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: BE154FED65E347919715104CE17B0118 Ref B: FRAEDGE1107 Ref C: 2022-06-16T14:47:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXhkbh1LQsthv+635/eGw==
x-li-fabric: prod-ltx1

Redirect headers

date: Thu, 16 Jun 2022 14:47:44 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F59CBA4781B64FE898ACB30B4E29BCE0 Ref B: VIEEDGE3306 Ref C: 2022-06-16T14:47:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3545449&time=1655390864465&url=https%3A%2F%2Fthreatconnect.com%2F&e_ipv6=AQLT1dn002MEgwAAAYFs_ASxBc043rlnXldg7MeMlqBULSEK2CCgNDev1pGY3ouE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXhkbhyIHUetG745e0yUg==

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/ Frame 3C8D 51 KB
24 KB 24ms
8ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nb25vdy50aHJlYXRjb25uZWN0LmNvbTo0NDM.&hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&size=normal&cb=j5z7et8xhof

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:37:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 593
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:37:51 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/ Frame 3C8D 367 KB
145 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

506336914f02f937120502bd21ebe49d3720829c2a09f6bc7f933baba246e14c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:37:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 606
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148524
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:37:38 GMT

GET
H2 200 adsct
t.co/i/ Frame 42BD 43 B
102 B 182ms
182ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=33e778e0-9764-4745-9ffe-c7c48b2c89e6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=c68847a0-7c32-499e-8b20-681edd3ae975&tw_document_href=https%3A%2F%2Fgonow.threatconnect.com%2Fl%2F902141%2F2021-01-25%2F4gph&tw_document_referrer=https%3A%2F%2Fthreatconnect.com%2F&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=nztwy&type=javascript&version=2.3.20

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-response-time: 171
date: Thu, 16 Jun 2022 14:47:44 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 040af5dc6ddf406eb69625708893a72ab3ac1ef3c6f16f7f0a4de4bb57b913ed
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 42BD 43 B
103 B 167ms
167ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=33e778e0-9764-4745-9ffe-c7c48b2c89e6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=c68847a0-7c32-499e-8b20-681edd3ae975&tw_document_href=https%3A%2F%2Fgonow.threatconnect.com%2Fl%2F902141%2F2021-01-25%2F4gph&tw_document_referrer=https%3A%2F%2Fthreatconnect.com%2F&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=nztwy&type=javascript&version=2.3.20

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-response-time: 159
date: Thu, 16 Jun 2022 14:47:44 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: a196fdf15fa052c8301f115173e7611dd0459e0866974f56c88f9cf040e588d7
content-length: 43

GET
H3 200 collect
www.google-analytics.com/ Frame 42BD 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2040681238&t=pageview&_s=1&dl=https%3A%2F%2Fgonow.threatconnect.com%2Fl%2F902141%2F2021-01-25%2F4gph&dr=https%3A%2F%2Fthreatconnect.com%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=363x318&je=0&_u=QCCAiEABB~&jid=&gjid=&cid=1920901713.1655390863&tid=UA-42717170-1&_gid=1782912057.1655390863&gtm=2wg6f0PHTD73T&z=304802050

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 06:19:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 30510
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 56373044.js Show response
bat.bing.com/p/action/ Frame 42BD 219 B
450 B 175ms
175ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56373044.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

46450f02e3c55e721a83dba608b41a1db458f0a6ce7def437485c427ea03e1ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8C56582DB6724B1BA41D4F4970D94A61 Ref B: FRAEDGE1517 Ref C: 2022-06-16T14:47:44Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
date: Thu, 16 Jun 2022 14:47:44 GMT
content-length: 300

GET
H2 204 0
bat.bing.com/action/ Frame 42BD 0
122 B 32ms
32ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=56373044&tm=gtm002&Ver=2&mid=0be63441-de61-4fbc-8cfd-ecc5c38eb5ad&sid=4754ed10ed8311ec902451febb0ff586&vid=4754f580ed8311ec988af568d409d282&vids=0&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fthreatconnect.com%2F&r=&lt=851&evt=pageLoad&ifm=1&msclkid=N&sv=1&rn=828940

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 79EC495BF6944BACB7FB07561EA7C026 Ref B: FRAEDGE1517 Ref C: 2022-06-16T14:47:44Z
date: Thu, 16 Jun 2022 14:47:44 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fb_lightbox.2.1.5.css
www.lightboxcdn.com/static/ 4 KB
1 KB 27ms
18ms Stylesheet
text/css 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/static/fb_lightbox.2.1.5.css?cb=637828921083609608
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/user.js?cb=637881441612827847
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: q4B4xYJoZwx9ikt94o1nCA==
age: 334432
cf-polished: origSize=6016
x-ms-meta-cbmodifiedtime: Wed, 10 Apr 2019 18:50:43 GMT
last-modified: Wed, 10 Apr 2019 19:06:17 GMT
x-ms-lease-status: unlocked
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 4a1b9784-301e-004e-0685-7eddd5000000
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 71c457a769a1995d-FRA
expires: Fri, 16 Jun 2023 14:47:44 GMT

GET
H/1.1 200
OK z Show response
lightboxapi.azurewebsites.net/z9gd/41603/threatconnect.com/jsonp/ 455 B
738 B 580ms
127ms Script
application/javascript 20.40.202.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lightboxapi.azurewebsites.net/z9gd/41603/threatconnect.com/jsonp/z?cb=1655390864550&callback=jQuery17104331521177311699_1655390864524&_=1655390864551
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/user.js?cb=637881441612827847
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4adbe9a33d78be9a266af6391ca610a3ad16abe7cb7f0259e9f68f60d1fb4661

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript

GET
H2 200 t.gif
www.lightboxcdn.com/z9g/ 35 B
259 B 25ms
25ms Image
image/gif 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.lightboxcdn.com/z9g/t.gif?c=1655390864531&h=threatconnect.com&e=p&u=41603
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Jun 2022 14:47:44 GMT
cf-cache-status: HIT
content-md5: KNaBTzCeoon4R8ac+RGUxg==
age: 2118341
cf-polished: status=not_needed
x-ms-meta-cbmodifiedtime: Tue, 26 Feb 2019 00:59:40 GMT
content-length: 35
x-ms-lease-status: unlocked
last-modified: Tue, 26 Feb 2019 01:15:02 GMT
server: cloudflare
etag: 0x8D69B87D5A1B25F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
x-ms-request-id: af63abe9-a01e-0081-2a45-a8f796000000
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71c457a779cf995d-FRA
cf-bgj: imgq:85,h2pri

POST
H2 204 collect Show response
l.clarity.ms/ 0
177 B 540ms
99ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.35/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://threatconnect.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

access-control-allow-origin: https://threatconnect.com
date: Thu, 16 Jun 2022 14:47:44 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
DATA 200
OK truncated
/ Frame 3C8D 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3C8D 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 3C8D 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 19:40:09 GMT
x-content-type-options: nosniff
age: 587255
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 16 Jun 2022 19:40:09 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 3C8D 15 KB
15 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 164463
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Jun 2023 17:06:41 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 3C8D 102 B
134 B 26ms
18ms Other
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=g9jXH0OtfQet-V0Aewq23c7K

Requested by

Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

884fb63655c87934d3b52b108f13b8939e3f9a4241c88dd7d7e5d2dd6de0d3bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nb25vdy50aHJlYXRjb25uZWN0LmNvbTo0NDM.&hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&size=normal&cb=j5z7et8xhof
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 16 Jun 2022 14:47:44 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 5BC3 7 KB
1 KB 36ms
34ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1195c084eea93206b8f7a05ee84af2da0c3b19ff4d6591eb3184a67720fe90e2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-63pmLL8ojorLpNgG3TfRsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gonow.threatconnect.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1113
content-security-policy: script-src 'report-sample' 'nonce-63pmLL8ojorLpNgG3TfRsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 14:47:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 56373044 Show response
www.clarity.ms/tag/uet/ Frame 42BD 2 KB
2 KB 468ms
465ms Script
application/x-javascript 2620:1ec:27::cafe:1686
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/56373044
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/56373044.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1686 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 7c21577ff6936d2933a6a57aa499fcdde4ae87d5a9749639861585ad23deaafa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:44 GMT
x-powered-by: ASP.NET
x-azure-ref: 0kEKrYgAAAAAQVyYJFC9/S6kq8/LrnzCvRFhCMzBFREdFMDIwNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
expires: -1
cache-control: no-cache, no-store
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/ Frame 5BC3 51 KB
24 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:37:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 593
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:37:51 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/ Frame 5BC3 367 KB
145 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

506336914f02f937120502bd21ebe49d3720829c2a09f6bc7f933baba246e14c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:37:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 606
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148524
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:37:38 GMT

GET
H2 200 lightbox_inline.js Show response
www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/ Frame 42BD 2 KB
1 KB 18ms
18ms Script
application/javascript 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/lightbox_inline.js?mb=1655390864822
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c586db3291b895fa8e2cbc534b7f4f3965c439fc4a9d30e3beb91b012414dc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: GyfMI9GE6nAmC4WcEkOEMg==
age: 0
cf-polished: origSize=2379
x-ms-lease-status: unlocked
last-modified: Mon, 14 Mar 2022 22:01:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: bf36e3ae-201e-001e-4709-56c2dd000000
x-ms-version: 2009-09-19
cf-ray: 71c457a92cc3995d-FRA
cf-bgj: minify

POST
H2 204 collect Show response
l.clarity.ms/ 0
25 B 452ms
281ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.35/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://threatconnect.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

access-control-allow-origin: https://threatconnect.com
date: Thu, 16 Jun 2022 14:47:44 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 lightbox.js Show response
www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/ Frame C5C8 326 B
316 B 19ms
18ms Script
application/javascript 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/lightbox.js?mb=1655390865010&lv=1
Requested by: Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 33d26fca67efa57efce74346f667635098726937f69c1f449865a8d6be750041

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:45 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Jun 2022 14:47:44 GMT
server: cloudflare
age: 1
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 71c457aa6ef2995d-FRA
cf-bgj: minify

GET
H2 200 user.js Show response
www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/ Frame C5C8 640 KB
135 KB 26ms
26ms Script
application/javascript 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/user.js?cb=637881441612827847
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/lightbox.js?mb=1655390865010&lv=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 496e54253744f42929f9c3876419ce1d537ed140242470c4a69b70059528e2fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Jun 2022 14:47:45 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: vi8Brutl8UmUsSdt45A1Pw==
age: 334435
cf-polished: origSize=1095138
last-modified: Mon, 14 Mar 2022 22:01:48 GMT
x-ms-lease-status: unlocked
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: c9c02b76-601e-0030-2f85-7e421a000000
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 71c457aa8f32995d-FRA
expires: Fri, 16 Jun 2023 14:47:45 GMT

GET
H2 200 fb_lightbox.2.1.5.css
www.lightboxcdn.com/static/ Frame 42BD 4 KB
1 KB 16ms
16ms Stylesheet
text/css 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/static/fb_lightbox.2.1.5.css?cb=637828921083609608
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/user.js?cb=637881441612827847
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Jun 2022 14:47:45 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: q4B4xYJoZwx9ikt94o1nCA==
age: 334433
cf-polished: origSize=6016
x-ms-meta-cbmodifiedtime: Wed, 10 Apr 2019 18:50:43 GMT
last-modified: Wed, 10 Apr 2019 19:06:17 GMT
x-ms-lease-status: unlocked
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 4a1b9784-301e-004e-0685-7eddd5000000
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 71c457aadfc9995d-FRA
expires: Fri, 16 Jun 2023 14:47:45 GMT

GET
H/1.1 200
OK z Show response
lightboxapi.azurewebsites.net/z9gd/41603/gonow.threatconnect.com/jsonp/ Frame 42BD 455 B
737 B 161ms
127ms Script
application/javascript 20.40.202.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lightboxapi.azurewebsites.net/z9gd/41603/gonow.threatconnect.com/jsonp/z?cb=1655390865097&callback=jQuery17107016999251708751_1655390865086&_=1655390865097
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/user.js?cb=637881441612827847
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 32433487862ac9ad79139eb776cd7f62fc01b316f4ece606168e058203d57efb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:45 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript

GET
H2 200 t.gif
www.lightboxcdn.com/z9g/ Frame 42BD 35 B
106 B 13ms
13ms Image
image/gif 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.lightboxcdn.com/z9g/t.gif?c=1655390865090&h=gonow.threatconnect.com&e=p&u=41603
Requested by: Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Jun 2022 14:47:45 GMT
cf-cache-status: HIT
content-md5: KNaBTzCeoon4R8ac+RGUxg==
age: 2118342
cf-polished: status=not_needed
x-ms-meta-cbmodifiedtime: Tue, 26 Feb 2019 00:59:40 GMT
content-length: 35
x-ms-lease-status: unlocked
last-modified: Tue, 26 Feb 2019 01:15:02 GMT
server: cloudflare
etag: 0x8D69B87D5A1B25F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
x-ms-request-id: af63abe9-a01e-0081-2a45-a8f796000000
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71c457aaefd4995d-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 clarity.js Show response
www.clarity.ms/eus-e/s/0.6.34/ Frame 42BD 53 KB
23 KB 454ms
454ms Script
application/javascript 2620:1ec:27::cafe:1686
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus-e/s/0.6.34/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/56373044
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1686 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:44 GMT
content-encoding: br
etag: "1d880d11ff3a854"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0kUKrYgAAAADUmVmujTAoS5rNBYAxgzPFRFhCMzBFREdFMDIwNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H/1.1 200
OK pd.js Show response
gonow.threatconnect.com/ Frame 42BD 5 KB
2 KB 106ms
105ms Script
application/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://gonow.threatconnect.com/pd.js
Requested by: Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: 3b91e6a4b14493d67f9660e6d4a2e27c1eea54d97ccb7c30acf3b89998b3be99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:45 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Thu, 16 Jun 2022 05:18:41 GMT
Server: PardotServer
etag: "1547-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
Connection: keep-alive
accept-ranges: bytes
Content-Length: 1946
expires: Sat, 15 Jun 2024 14:47:45 GMT

GET
H2

200

c.gif
c.clarity.ms/ Frame 42BD
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=01149E52137B4E0BBF42583D738E8C6F&RedC=c.clarity.ms&MXFR=272C03D37B3A65DE36FB12167F3A6B2F
https://c.clarity.ms/c.gif?CtsSyncId=01149E52137B4E0BBF42583D738E8C6F&MUID=1BCD2AEA85F161F82F4A3B2F849A6031

42 B
84 B

28ms
28ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=01149E52137B4E0BBF42583D738E8C6F&MUID=1BCD2AEA85F161F82F4A3B2F849A6031
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 14:47:45 GMT
last-modified: Fri, 20 May 2022 21:53:17 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "17a28a3946cd81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 16 Jun 2022 14:47:45 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 97B9BCDCF2AB43E0B5A081A967FB007C Ref B: FRAEDGE1517 Ref C: 2022-06-16T14:47:45Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=01149E52137B4E0BBF42583D738E8C6F&MUID=1BCD2AEA85F161F82F4A3B2F849A6031
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
703 B 48ms
14ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Jun 2022 14:47:45 GMT
X-Proxy-Origin: 80.255.10.197; 80.255.10.197; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 74fd6bd5-c274-4972-8c98-be09de0e7212
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatconnect.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
373 B 32ms
8ms XHR
text/plain 104.89.35.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-35-64.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: eb282821d139e8aae406d42e71d10579bd35732d21278be253ec492fd3380f6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:45 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://threatconnect.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H2 200 / Show response
ipv6.6sc.co/ 14 B
248 B 42ms
9ms XHR
text/html 2a02:26f0:1700:18c::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:18c::1c91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 608809605af2e55d53fb2fba4aea30c6f5303560206b4cc918be70c3c4823411

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 14:47:45 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://threatconnect.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:5a::5
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 14
expires: Thu, 16 Jun 2022 14:47:45 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 294ms
97ms Script
application/javascript 52.54.96.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-96-194.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: 3b91e6a4b14493d67f9660e6d4a2e27c1eea54d97ccb7c30acf3b89998b3be99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:46 GMT
content-encoding: gzip
X-Pardot-Route: 16b0ab393667a33fe86adedc3141e88c
last-modified: Thu, 16 Jun 2022 05:18:41 GMT
Server: PardotServer
etag: "1547-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
Connection: keep-alive
accept-ranges: bytes
Content-Length: 1946
expires: Sat, 15 Jun 2024 14:47:46 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=7861027D1B204D31A9E9DAC2488B4244&RedC=c.clarity.ms&MXFR=04B2E9C3EA0C62DC3031F806EE0C6CE9
https://c.clarity.ms/c.gif?CtsSyncId=7861027D1B204D31A9E9DAC2488B4244&MUID=1BCD2AEA85F161F82F4A3B2F849A6031

42 B
368 B

28ms
28ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=7861027D1B204D31A9E9DAC2488B4244&MUID=1BCD2AEA85F161F82F4A3B2F849A6031
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 14:47:45 GMT
last-modified: Fri, 20 May 2022 21:53:17 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "17a28a3946cd81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 16 Jun 2022 14:47:45 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1EDBEFBC973441DF82DEE929F1F34CA0 Ref B: FRAEDGE1517 Ref C: 2022-06-16T14:47:45Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=7861027D1B204D31A9E9DAC2488B4244&MUID=1BCD2AEA85F161F82F4A3B2F849A6031
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 ThreatConnect_Logo_White.png
threatconnect.com/wp-content/themes/ThreatConnect/img/logos/ 11 KB
11 KB 8ms
7ms Image
image/png 192.124.249.3
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatconnect.com/wp-content/themes/ThreatConnect/img/logos/ThreatConnect_Logo_White.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.3 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10003.sucuri.net

Software

nginx /

Resource Hash

72ed935c2a96b8129608d78bf823e3aaff4e49401f6c77cc5972436a28a43aaa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:45 GMT
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 10985
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Jun 2022 22:15:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62a9088b-2ae9"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
x-sucuri-id: 15003
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 324ms
293ms Image
image/gif 104.89.35.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=93a8d23d0f118df3aa7c62b57c94facc&svisitor=5de17b5cda1b00008e42ab62f1010000be735e00&session=b6481b8f-96ce-4c1b-8705-aa8eac7154e7&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A5a%3A%3A5%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20highlight%20in%20this%20Roundup%20is%20a%20number%20of%20APT33%20domains%20previously%20identified%20in%20a%20TrendMicro%20report%20on%20obfuscated%20command%20and%20control%20infrastructure%20began%20resolving%20to%20109.230.199%5B.%5D157%20starting%20in%20late%20July%202020%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains%20-%20ThreatConnect%20%7C%20Risk-Threat-Response%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&pageViewId=b0985002-d175-4225-82b6-c2ab42e38dd1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-35-64.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:46 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 321ms
292ms Image
image/gif 104.89.35.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=93a8d23d0f118df3aa7c62b57c94facc&svisitor=5de17b5cda1b00008e42ab62f1010000be735e00&session=b6481b8f-96ce-4c1b-8705-aa8eac7154e7&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2016%20Jun%202022%2014%3A47%3A42%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20highlight%20in%20this%20Roundup%20is%20a%20number%20of%20APT33%20domains%20previously%20identified%20in%20a%20TrendMicro%20report%20on%20obfuscated%20command%20and%20control%20infrastructure%20began%20resolving%20to%20109.230.199%5B.%5D157%20starting%20in%20late%20July%202020%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains%20-%20ThreatConnect%20%7C%20Risk-Threat-Response%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&pageViewId=b0985002-d175-4225-82b6-c2ab42e38dd1&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-35-64.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:46 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 51 KB
17 KB 37ms
8ms Script
text/javascript 2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: threatconnect.com
URL: https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdf2548659475edf6d8a64f3995611a01e349e330783ea5a1aeba2c18b04266e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

X-Amz-Version-Id: vcd4XbNE_Pl2Teljt1ugU4ZCn1lsldzi
Content-Encoding: gzip
Etag: W/"7e7fdff9ecd026f868e5a44b75a4c8e3"
Age: 945
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Last-Modified: Tue, 14 Jun 2022 18:27:02 GMT
Server: AmazonS3
Date: Thu, 16 Jun 2022 14:32:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 3u356WB1SvIITAwYuouTKz_nZWanSqEHkjyZQur76vS3EbIZFV_IKg==

POST
H2 204 collect Show response
l.clarity.ms/ Frame 42BD 0
72 B 186ms
186ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://gonow.threatconnect.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

access-control-allow-origin: https://gonow.threatconnect.com
date: Thu, 16 Jun 2022 14:47:45 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/MR26X3TS4BEIPA6YVOXOHG/index.js
https://s.adroll.com/j/exp/index.js

28 B
762 B

16ms
9ms

Script
application/javascript

2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

X-Amz-Version-Id: QCXe6z8Ijv28a3Z6pj7cPKMX4fdClAik
Via: 1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront)
Etag: "5816cced8568d223aa09d889f300692b"
Age: 79157
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Wed, 18 May 2022 19:09:46 GMT
Server: AmazonS3
Date: Wed, 15 Jun 2022 16:48:30 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 8a2Q_QCV3lPtFPpaj81YK1OVMveyodcZrvFX6eqcgLC3VvXATITIAg==

Redirect headers

Date: Thu, 16 Jun 2022 09:41:34 GMT
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Age: 18371
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: xUhiTFg2LecCSf5lb_Js4eFA-FYSHT-IPCOMs7TAwqU0tPay2-7Ggw==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/MR26X3TS4BEIPA6YVOXOHG/CGR5LPDTG5HZ5MD6X6EJKF/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
733 B

9ms
9ms

Script
application/javascript

2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 65828
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Date: Thu, 16 Jun 2022 05:16:00 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 6tpmZWJsOp1jIrqMtdZ4S-kYULh1wgeLah4zRnrMslEO61trbzri0w==

Redirect headers

Date: Thu, 16 Jun 2022 09:41:34 GMT
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Age: 18370
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: ppbiGjadT3orJqTv2gcUYXzqHEcaWb835-YQvEWlb5_aISv058UDWg==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/MR26X3TS4BEIPA6YVOXOHG/CGR5LPDTG5HZ5MD6X6EJKF/ 4 KB
3 KB 25ms
10ms Script
text/javascript 2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/MR26X3TS4BEIPA6YVOXOHG/CGR5LPDTG5HZ5MD6X6EJKF/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

X-Amz-Version-Id: NnZ57ICrq2Vvc3oZ9f4hhy0l2UENUu0u
Content-Encoding: gzip
Etag: W/"33ed216ef4569e95a97e55fb39d91d38"
Age: 1281
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Last-Modified: Tue, 14 Jun 2022 04:42:33 GMT
Server: AmazonS3
Date: Thu, 16 Jun 2022 14:26:25 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: dePsvIOSI_ruL9Lv1lsSLti23vsQCsKiBmB4ZjLzTha-jLaGuRwP1g==

GET
H/1.1 200
OK analytics Show response
gonow.threatconnect.com/ Frame 42BD 0
498 B 231ms
231ms Script
text/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://gonow.threatconnect.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=21674&account_id=903141&title=&url=https%3A%2F%2Fgonow.threatconnect.com%2Fl%2F902141%2F2021-01-25%2F4gph&referrer=https%3A%2F%2Fthreatconnect.com%2F
Requested by: Host: gonow.threatconnect.com
URL: https://gonow.threatconnect.com/pd.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gonow.threatconnect.com/l/902141/2021-01-25/4gph
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
Date: Thu, 16 Jun 2022 14:47:46 GMT
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: User-Agent
p3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 0
Server: PardotServer
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 MR26X3TS4BEIPA6YVOXOHG Show response
d.adroll.com/consent/check/ 452 B
546 B 100ms
32ms Script
application/javascript 63.32.81.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/MR26X3TS4BEIPA6YVOXOHG?arrfrr=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&_s=142457ddb3601f35149c224249ff1e7c&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.81.235 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-81-235.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: d157d2ba0c32933b0a924c4de710fd7fd0de8159975d1790c0ae9b93f9dd4fa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:47:46 GMT
server: nginx/1.20.0
content-length: 452
content-type: application/javascript

GET
H/1.1 200
OK analytics Show response
pi.pardot.com/ 3 KB
3 KB 295ms
294ms Script
text/javascript 52.54.96.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=12603&account_id=903141&title=Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains%20-%20ThreatConnect%20%7C%20Risk-Threat-Response&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&referrer=

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-54-96-194.compute-1.amazonaws.com

Software

PardotServer /

Resource Hash

9b40b4e15bbfbeb39a2d4a8bb39532cd080251484a1ae5e97a077ab19e000340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
Date: Thu, 16 Jun 2022 14:47:46 GMT
content-encoding: gzip
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: Accept-Encoding,User-Agent
Connection: keep-alive
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
strict-transport-security: max-age=31536000; includeSubDomains
Content-Type: text/javascript; charset=utf-8
Content-Length: 1445
Server: PardotServer
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 410 KB
55 KB 9ms
9ms Script
application/javascript 2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 91144fbcc0e3f609b021e362ec29d2a9b58f15e840f229eb99ea2c04d927882b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

X-Amz-Version-Id: 44sIT20LqRj70wQHqyIoOw7etYYdjkbK
Content-Encoding: gzip
Etag: W/"0a7d0ea8d7d31b07e925fe340acf431b"
Age: 53
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Last-Modified: Wed, 04 May 2022 19:41:48 GMT
Server: AmazonS3
Date: Thu, 16 Jun 2022 14:47:46 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Nf9FLFWW3aUdeod3X2tT1iaopQnPjHot-w4ddZIP6cAXM9G3L22TGw==

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 9ms
8ms Image
image/png 2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Age: 78527
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Date: Wed, 15 Jun 2022 16:59:00 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 3dyCmfH43U19yzXsn7G2Pourb3efs1NFkk-EwuUhNxE4htmuJrTYuw==

GET
H/1.1 200
OK analytics Show response
gonow.threatconnect.com/ 50 B
1 KB 213ms
212ms Script
text/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://gonow.threatconnect.com/analytics?conly=true&visitor_id=1284523498&visitor_id_sign=d395545b97b11182dc0f190accb53af35c6fcc35c31773a0fa773093095219b4f81887ef20c9eceb155bc89847d697a827135745&pi_opt_in=&campaign_id=12603&account_id=903141&title=Research%20Roundup:%20Activity%20on%20Previously%20Identified%20APT33%20Domains%20-%20ThreatConnect%20|%20Risk-Threat-Response&url=https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=12603&account_id=903141&title=Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains%20-%20ThreatConnect%20%7C%20Risk-Threat-Response&url=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&referrer=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
Date: Thu, 16 Jun 2022 14:47:46 GMT
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: User-Agent
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 293ms
293ms Image
image/gif 104.89.35.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=93a8d23d0f118df3aa7c62b57c94facc&svisitor=5de17b5cda1b00008e42ab62f1010000be735e00&session=b6481b8f-96ce-4c1b-8705-aa8eac7154e7&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2016%20Jun%202022%2014%3A47%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2016%20Jun%202022%2014%3A47%3A42%20GMT%22%2C%22timeSpent%22%3A%224254%22%2C%22totalTimeSpent%22%3A%224254%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20highlight%20in%20this%20Roundup%20is%20a%20number%20of%20APT33%20domains%20previously%20identified%20in%20a%20TrendMicro%20report%20on%20obfuscated%20command%20and%20control%20infrastructure%20began%20resolving%20to%20109.230.199%5B.%5D157%20starting%20in%20late%20July%202020%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Research%20Roundup%3A%20Activity%20on%20Previously%20Identified%20APT33%20Domains%20-%20ThreatConnect%20%7C%20Risk-Threat-Response%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fthreatconnect.com%2Fblog%2Fresearch-roundup-activity-on-previously-identified-apt33-domains%2F&pageViewId=b0985002-d175-4225-82b6-c2ab42e38dd1&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-35-64.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatconnect.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 14:47:47 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect Show response
l.clarity.ms/ Frame 42BD 0
49 B 92ms
92ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://gonow.threatconnect.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

access-control-allow-origin: https://gonow.threatconnect.com
date: Thu, 16 Jun 2022 14:47:46 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

Verdicts & Comments Add Verdict or Comment

148 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.techtarget.com/	1970-01-20 03:49:52	Name: __cf_bm Value: gC.c_oUByislB3A89zqdRp9u4ttO6iI4IRkpuAxmRVU-1655390862-0-AcPBZa4UsdHvOXvJTzlAQxfJZCOPyTX326rEBrBzhoSoQYzpWOqpdK9gug5BL83KRfXkbASuriZYQyEhGfFNHiw=
.6sc.co/	1970-01-20 21:21:02	Name: 6suuid Value: 5de17b5cda1b00008e42ab62f1010000be735e00
.ws.zoominfo.com/	1970-01-20 12:35:26	Name: visitorId Value: 86531041d79cc1ad6d0500e4d3e80efadc205e6afb723f3a7ae8d3d7306bd73f
.threatconnect.com/	1970-01-20 05:59:26	Name: _gcl_au Value: 1.1.1506790527.1655390863
.threatconnect.com/	1970-01-20 21:21:02	Name: _ga Value: GA1.2.1920901713.1655390863
.threatconnect.com/	1970-01-20 03:51:17	Name: _gid Value: GA1.2.1782912057.1655390863
.threatconnect.com/	1970-01-20 03:49:50	Name: _dc_gtm_UA-42717170-1 Value: 1
.bing.com/	1970-01-20 13:11:26	Name: MUID Value: 1BCD2AEA85F161F82F4A3B2F849A6031
.linkedin.com/	1970-01-20 04:33:02	Name: UserMatchHistory Value: AQINhQfEImwUUgAAAYFs-_2k3j0Ha7DlrnfQPqvT2PMZSCxenYStQ4vNG5hbQUXwvM0TqcuDCwBWZQ
.linkedin.com/	1970-01-20 04:33:02	Name: AnalyticsSyncHistory Value: AQKJ5aS3yCpMNwAAAYFs-_2kFCgFbkEKWFiu0Mxfuq_lkzlntmwrZidkXsVhJazrBVQ9yBv16i2dyhxTOwQUKA
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 21:21:44	Name: bcookie Value: "v=2&278213cf-090e-46b0-8430-6fa3ac93ab13"
.linkedin.com/	1970-01-20 03:51:17	Name: lidc Value: "b=TGST01:s=T:r=T:a=T:p=T:g=2848:u=1:x=1:i=1655390862:t=1655477262:v=2:sig=AQEHGMemBFw-rdVYb0pCMqnhJCGaM2Qy"
.twitter.com/	1970-01-20 21:21:02	Name: personalization_id Value: "v1_VYh/9+CwucRQ9AMzpiotjw=="
.t.co/	1970-01-20 21:21:02	Name: muc_ads Value: e4d55499-749d-4818-b0a9-dc18abbc1d19
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 21:21:44	Name: bscookie Value: "v=1&202206161447427c9e58ff-f6e6-4de2-83b5-5b3fc2c2e13dAQHwsRuS8P5S9yK_CeAVQGLpDfo732ow"
.linkedin.com/	1970-01-20 21:16:52	Name: li_gc Value: MTswOzE2NTUzOTA4NjI7MjswMjHf8/RhVfAUSXLVKit/6uuvAKp1mp71eFRF/Kxx31s14w==
www.clarity.ms/	1970-01-20 12:35:26	Name: CLID Value: 26eb255e84d645e0a014ed8ad0fbf8b3.20220616.20230616
.threatconnect.com/	1969-12-31 23:59:59	Name: __gtm_referrer Value: https%3A%2F%2Fthreatconnect.com%2F
.threatconnect.com/	1970-01-20 12:35:26	Name: _clck Value: 19odz54\|1\|f2d\|0
.threatconnect.com/	1970-01-20 03:51:17	Name: _uetsid Value: 4754ed10ed8311ec902451febb0ff586
.threatconnect.com/	1970-01-20 13:11:26	Name: _uetvid Value: 4754f580ed8311ec988af568d409d282
threatconnect.com/	1970-01-20 21:21:02	Name: _gd_svisitor Value: 5de17b5cda1b00008e42ab62f1010000be735e00
threatconnect.com/	1970-01-20 21:21:02	Name: _gd_visitor Value: 614313a2-cb30-4202-8ae2-4afaf29e1b9a
threatconnect.com/	1970-01-20 03:50:05	Name: _gd_session Value: b6481b8f-96ce-4c1b-8705-aa8eac7154e7
threatconnect.com/	1970-01-20 03:59:55	Name: _an_uid Value: 0
.c.bing.com/	1970-01-20 13:11:26	Name: SRM_B Value: 1BCD2AEA85F161F82F4A3B2F849A6031
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 13:11:26	Name: MUID Value: 1BCD2AEA85F161F82F4A3B2F849A6031
.c.clarity.ms/	1970-01-20 03:49:51	Name: ANONCHK Value: 0
.threatconnect.com/	1970-01-20 03:51:17	Name: _clsk Value: l7mavk\|1655390866105\|2\|1\|l.clarity.ms/collect
.pardot.com/	1970-01-23 19:25:50	Name: visitor_id902141 Value: 1284523498
.pardot.com/	1970-01-23 19:25:50	Name: visitor_id902141-hash Value: d395545b97b11182dc0f190accb53af35c6fcc35c31773a0fa773093095219b4f81887ef20c9eceb155bc89847d697a827135745
pi.pardot.com/	1970-01-20 03:49:52	Name: lpv902141 Value: aHR0cHM6Ly90aHJlYXRjb25uZWN0LmNvbS9ibG9nL3Jlc2VhcmNoLXJvdW5kdXAtYWN0aXZpdHktb24tcHJldmlvdXNseS1pZGVudGlmaWVkLWFwdDMzLWRvbWFpbnMv
threatconnect.com/	1970-01-23 19:25:50	Name: visitor_id902141 Value: 1284523498
threatconnect.com/	1970-01-23 19:25:50	Name: visitor_id902141-hash Value: d395545b97b11182dc0f190accb53af35c6fcc35c31773a0fa773093095219b4f81887ef20c9eceb155bc89847d697a827135745
gonow.threatconnect.com/	1970-01-23 19:25:50	Name: visitor_id902141 Value: 1284523498
gonow.threatconnect.com/	1970-01-23 19:25:50	Name: visitor_id902141-hash Value: d395545b97b11182dc0f190accb53af35c6fcc35c31773a0fa773093095219b4f81887ef20c9eceb155bc89847d697a827135745

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.lightboxcdn.com/vendor/84603eb7-35c6-419f-a783-35e22b3de8e9/user.js?cb=637881441612827847(Line 152) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
analytics.twitter.com
apt.techtarget.com
b.6sc.co
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdnjs.cloudflare.com
d.adroll.com
fonts.googleapis.com
fonts.gstatic.com
gonow.threatconnect.com
ipv6.6sc.co
j.6sc.co
l.clarity.ms
lightboxapi.azurewebsites.net
pi.pardot.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.adroll.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
storage.pardot.com
t.co
threatconnect.com
trk.techtarget.com
ws.zoominfo.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.lightboxcdn.com
www.linkedin.com
104.244.42.3
104.244.42.69
104.89.35.64
13.107.42.14
185.33.221.87
192.124.249.3
199.232.136.157
20.120.65.166
20.234.93.27
20.40.202.0
206.19.49.24
2600:9000:2156:fc00:d:7e9b:1200:93a1
2600:9000:225e:c00:6:9280:1080:93a1
2606:4700:4400::6812:2a27
2606:4700::6810:50a5
2606:4700::6810:650c
2606:4700::6811:180e
2620:1ec:21::14
2620:1ec:22::14
2620:1ec:27::cafe:1686
2620:1ec:c11::200
2a00:1450:4001:810::2008
2a00:1450:4001:827::2003
2a00:1450:4001:827::200a
2a00:1450:4001:828::200e
2a00:1450:4001:829::2004
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2003
2a00:1450:400c:c1b::9a
2a00:1450:400e:800::200a
2a02:26f0:1700:18c::1c91
2a02:26f0:f7::5c7b:e024
3.92.120.28
52.54.96.194
63.32.81.235
004ea73ceb1e88719659c6428b6d2a586c216c8910bb2da786337fe957f658bd
013195661aee412200d59b8c7f79974b990c5a2098fff5e2b8f03b5b37f096e9
024e3c6164d3b326f9ea19767be8f24a85f9427680e21de3f015d5dfa7025d7a
0276ecc6eb34688965af8f6b186f9d79f97505a31dd0cc983c3a3c6182ce97fc
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03f2fab7a5b2b7b7953002a4f417606bdb6d110b0c07ebd42374542a231ebfd7
05448e9440e5f8a66395d7d66a9bfcb9614a80e4e181f6347cd742ec36725ca6
05a349c06ad17b08e976517762bdf968418485c6dd14d2407de595626654f58b
083f0ccac7b455fe86c16c28a831dc811a9153448fc3155af6ce4db36c669d1b
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b
0e2730d094b0aff3e895c0a60d6c6adf2ced2a3b8c635fe77ee18d9b5984bd15
0fd1b8d21b0f690304c0171e544e20ca7eba8be589126a27b265e7ba62e2bff4
1049fae50c8abfe96ebcf379914f9c2691aaeab24ccdc9654acf9930fda7a4bc
107fbb21d462c56b56e6d741c0c9135cbf87bd6e6d02a578a1ffc76c067b9c47
11787a8b7542fbe98867b211d0e9cea087163816cd3ec38ed231bbc41dc38479
1195c084eea93206b8f7a05ee84af2da0c3b19ff4d6591eb3184a67720fe90e2
120491441eca26b97638c2f63d39b1633a2d5ebbf4fe87890f7eba18d1e9f7f5
12b42fe6d39673c1e85c63df6ef2906ce0120d5fb1010142b49e9bc09f1bb68a
1405953ba31d896be3fc88ce1d8a815c0293cc56625e29fee2948f8fe452fdb2
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
167bb793e92dbe283c32ee3f83184f7c1acd17ee3e7bdba643a4e2d9acad9f5a
19e7eaf37821b33d420d4f637064880a2c6b499b9200bed5236ce05471b708f2
1a6c2c375f6cbb852581f444a2481cb1949bb0821546c3a771d7e6188835c39a
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1bd354070a2ae53ffa68a844ae4f8ff376d33bafdc7d5e9fb29b1aac6d22d432
1ce3a489012358b2b5fd1cce6abdde430860f11a4ef8a300512c8c8912fe22de
1cee6086f4a0ccf93d14d55464a8f70ff156e7701dfcfedfa96f743a62d758bd
1d016509bcdceb392c3b04f2b3691b706b35c649046fe249b2dd9efc14b9e26b
1eb7c62fc51cfeb522b88696fb41115e5fa8a17bc99b4e906eb96d174b51403c
200d1514b6b8b14cec7f01edbe31a348ca8716022772c1936facf61a338aef0c
23f268342b56fd13378302feb75120a18aa63b8645fdd2122f95dc0c0699ed87
2618c8add84246e2cec2a0681b450a1d4f80e81efddcb601a40add7a585c2b1a
26dd8ee0547cb2a34952e131486bcadbcf89d330e2f82fa3167d9884f492a22b
27aa7481954dc0648d2b4feee75d5b8fae181c44897c9871f3317bdee5e9fdbf
2878e704dc99ab3f990ef40b6ea7ebd5faa20eb36b3acf566d650dca090ebf8a
29ed674055ed51be81f36c84c23c87a911775bcae6f8d158f4ec43b6f2bd606b
2a6fb021027df3628a394d95bb217f31bc1739932c0d581cdbefe88c78eebbd0
2ce46483e4d2c9082f980dcf933b4c40149d055540d392865de64f7016e620e8
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2efe0d8072659b087901323e1fdb18a0f57e6011cb9cb7edff6e1723fc2e8d70
2f559133e795138a9e4836a6c22f45a9192d8f60bc51d58648840e8150c760a3
310edb74bcdb96ff090db51276ab0ad4ee7ae5d6f3cb48ce2b6df0edc8ad8e4c
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
32433487862ac9ad79139eb776cd7f62fc01b316f4ece606168e058203d57efb
33d26fca67efa57efce74346f667635098726937f69c1f449865a8d6be750041
377546b16297589f4f83068790d091fc6837e0cf5efe1afbdf4294b68e0828f7
38f4e09b7008da42e7dc201a01bab4feb7dc9e66b7bf58ea0ccb0b9fe31c1060
394ff109b4d4b094dc40add2d0fb4ccc6d40d9a162b1bdc0ad968294c675d5e0
3b91e6a4b14493d67f9660e6d4a2e27c1eea54d97ccb7c30acf3b89998b3be99
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f0310c1ab27ea2a728f8d5adcc98460dfe171f20e96f03e43593338eda99acd
41121032744ae3e098d01b42d02ee46b3daccb5f691d97c1bc0fe62a514fea28
41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea
42622f4dc019baba5598912f40ac5569599e4a6347d9df58db1f99cabf508d5d
430319c3cfcd3004c407938b40b07ddbe6dd1f79356df8d2b3870da03bbef945
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
44a48bd1c9056a0f97589f463ffc47372006801121f53673fa4c74401b7b7664
46450f02e3c55e721a83dba608b41a1db458f0a6ce7def437485c427ea03e1ec
473c9f8075664906585eb391239137ee5b48b18e35882a7ce29c53674f78dc76
4764bf56ebd628c42087ce3ac42be83bdcb98fe904f502379e247e2d08b451e5
47d553572e2572b2df10e44a16a5e8acadcefc18fb416dfa0f508492380736f8
496e54253744f42929f9c3876419ce1d537ed140242470c4a69b70059528e2fd
49fec2b57002c08bfc89a2268899f5632751ae25e8fc415269f5a6f025dff48b
4a9dfce8b2543f8f89caf6b3d456bbbf4c4c66132a9e703b99c7413e83cef1cd
4adbe9a33d78be9a266af6391ca610a3ad16abe7cb7f0259e9f68f60d1fb4661
4bb3a0dfcdc1d59ac8b394bf493506ccf9854c7fd5fb878302801d867fa50727
4c586db3291b895fa8e2cbc534b7f4f3965c439fc4a9d30e3beb91b012414dc7
4d53b318a2ec7f8c8a151e1e73eab4f7b4b78c796032e48f7d0fc5081a9e47d8
4d900c5255ac8e336b38606f70a16748693db8f6cd5a374f4af5ab1e37c9eb11
4eeeaa4e345fef8be54d0a26426b4fb41a4fa9110bf30cba2254472189aca82c
4ef4686cbc3c797070a433201cdc9327fda1f4be0cc73b349c8f2b899ba49363
4f15165c519a5b39ca782e60dbc18b9d40f4c79ef56b39102ee91f2b8666792f
4f573b2b417cb161284550811b7427c10311fb3e0203d2ddd786ac562131d6a6
506336914f02f937120502bd21ebe49d3720829c2a09f6bc7f933baba246e14c
5359f6e24d75b783a04e0bc597ae59d66acce61dc74d124beaca24061dd18e0c
54cd7e9d4f76bf5b89b26b84c09d4bccabd9dc6f1afcce81ac0945cdb9bd8c8e
5573215b2e6b57e790b8e3ff2f7d6100d147a3fcc66af8ffe4caeaabcdf27006
55fa00568c08afcbe795b405a8b872fb20d0e7c05c9e2361171297b8b518f7c4
58b13bfca0bbad87c5d6e119fbde85a1659884be01dc9bb5c1e91abc627dcb78
5ac9abec0cbe62b1dd67c7cde82cdefec6f8f4e25dd36f4ee59369365b5732ce
5b438219488cb104cc30a2e5ce6dc29a0bc3fa7ebe6d101d7fab1feec1952b06
5c4b117010b00385033194b7d448d1f2c6ecdcb49334b41561776dd38a2f9413
5d9ccc96ded6b593317eced6f7dcf8b6a49cb2d7f9632d7b64df1bee868eac11
5db82c8597446f4cf4eb225f222a0249538d12ebefa8cc7d33833c062fd56ded
5dce54cb694a11d2c69ab01a584ad4d9b7e038f4a267573bda717c720d2f8d4f
5f952e0af917764aca917688a5efeb8dd9141093f15369bd1ccf0dc0d9077970
608809605af2e55d53fb2fba4aea30c6f5303560206b4cc918be70c3c4823411
645c85c47a096414f80fb2a589c4086ea33b22204c08c2c2db86f45d3bda9ad6
64eb8d62bcda3664ae8d92e808d0952e3ae9f21b95562d348ef3ef9f1666866b
67fa468a84ce7bfa85023710993cc547a001f1e2027ab188327506eedb16cfc3
68bc5b50da1c099955bc5c074dc9be6f7d6e30ad87b4749db8402ca7212b8211
68c2740b42187f9ac9924af6d8e4422e8771dc01e4b6ca5f96052a19830479c1
6d489ed7659a9807cebb71e700fb6ae6ae8b8be566ea5d116be3c4470f57cf1b
6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559
6e0de530a601c3f100fee7910c9924ab4c63d78e6057c309b312aa53111c99dc
70d4828c15265b95a042b7291dff56fde6ee443acf271da1b1a34723849ddf0b
72ed935c2a96b8129608d78bf823e3aaff4e49401f6c77cc5972436a28a43aaa
731b609ecc2fd6ae347f0bcf9e65a473efb611c545366d15fde1cab038ef194b
732a85650cf73f86d42d3b89bf9139c2f1bd66db55555c4778ebf4e78e8a0dce
73708e205ef125b31e5811dde0f5a7bfb685bd0b0bc604fdbba9a5355e19accc
75a1b5d61298818bc4c7b95408af9c263f552ab4e084db2c4a439a8b6f9ef75e
76f2c8d87b8acec6dad3f12ad4ef2e95cc2757f032222238a1c1b65e5e9e70ad
7b8bdda9988ce6669dcc430230ad33fa88053d2e2a04fd5de2482eec7a56f585
7c21577ff6936d2933a6a57aa499fcdde4ae87d5a9749639861585ad23deaafa
7f260ff280b2e54e84e6f9c2790da49cc9abadc457b77d1df4dea121a8c8ab6e
8250d2a6499c7acb5683013a9d90ba1a0799dadb948b5c7dbf62bfa3eabe56d3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8410dde9f5fbec6e77d68820847fb4d518d1556d825d843441a6e8a6e10b56a1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87e1ed8c94d134e4e068a17891d3dad0d122ee052bf061da0ca0e87b3da75069
884fb63655c87934d3b52b108f13b8939e3f9a4241c88dd7d7e5d2dd6de0d3bb
8d893952943dd9e0850f8c7505f8c0d11871d1deefa4b68468e5a3071201b58b
8da4913a5c9bf5dd3d94adb8fae3108a36083fe53e1f317bdade0f95c1ce4a50
8ded5c193148b101466930d55f68fdab3d3580145476210d4cbe814395798a50
8dededb218d6b97a05c568f21187d7cea8be1451badf973ca5f619727e4e43b4
8e038b564510a45dc11799f74da367733f3db7f9c0a0434f1e90c44ec5168278
91144fbcc0e3f609b021e362ec29d2a9b58f15e840f229eb99ea2c04d927882b
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
929937a67f4200f5df7d383e95fe4ede9b399b5516842aaf55de33aec6689f60
95965900d54c7e7f0ca243ae8770ed860f2eded07a9a2e873e29cc4c44ab486c
960a028119de25b821135e4a69085a780c5ffe9161ca4eca572fc36380605577
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a4cfb61aa5cf0606b4b1a8430d0b433fa53164acaa36b568435f485690dbc09
9b40b4e15bbfbeb39a2d4a8bb39532cd080251484a1ae5e97a077ab19e000340
9c5db6ce4dc5dd7260f21f7fcde1b035cfcca54224da6b394cf15e97096d8c80
9ed807755f1565eb7e790c85e2628d946ce5ae770783d96831431c86a2af6f2b
a00e9d206b80a089b22ff80579fe9750df9d593cfb2925e710734ac862c2e60b
a057d4d81423ee04344bfb8d43d3c8e8eb157efc4a0fb3be3c77b845263e6986
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a28f7b51eecc453bfa4b7794290a3d75918d3983ec835f0089b5a92d90ba9961
a5ad8b502a890049da65110581eb8cddacfce2bc9b0e017b8f17bf26993ab7a1
a682c87a5ce2d04cd9a5924b0a175302c1fdd7f5a699342471fa4be74d866655
a77ce3a51aa38669b59928125facee4ea3d346c2b609abf7a39014943c5c2458
aa5199b6566e6f3193819bafc32cae6e0032675a299c0143a6b869eaa27e0f94
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b006914505301660045e65aaea7381bf33c1d8e3d15263bb6556231d5df05784
b0806c302d41468915d96296138d82a352b260c1597ea02f9dd34272e7f57f58
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b431ef2eeb9c3a8b19e66b398d5cf7897f6d3392b52508bd8ca600e09da68b65
b9a3829921f030601d923482197968bd87d9e00904316282225e02756ddf3014
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bdf2548659475edf6d8a64f3995611a01e349e330783ea5a1aeba2c18b04266e
c0fb22b093b05d9f8c0a5f98cc475cdaab7d89d69b580f5c60ef4d01945aee77
c3897ad6f1800bf468cf4acfa7e224b686d22f3789edce13f055e9fc9332c159
c40f3f11a889bda8635602d5ae0369fdde07c3518a8cefc9dc9ad1cdbee01cdc
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c4a2abc89986ca24c4fdb9cac3ff1f75b696844db6cdfa5b0c775a7e1a214634
c5ec3b8830ed916eebffd15f4518f9a87333b50c3b0c10d108ed239b795c0b2a
c5fda6f6dd4ae8253f226d3b89620b627476bf2fb89b117543d62775e7932790
c69f90b943a7938cb62b883f1d5c9f70a9382ec362b14efa013bb75e34c29d27
c82b672b61cdcd6c5e0b6544ea37a6e000709c1246ac1bfa3ff582d4185c5832
c94fa37035f8be8283034b9f11043d4ab39298aa59ab0e6ca8f5ff9dc35cdb2a
c97db88c5a2a205647caed9e1333c74014eb6d63c07793eb2c2b27765c852fbf
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
cacbbb7f3cef11f7c7285558291685348abab2396fc8da6ef1388792942cb724
cc2fc51fc5ade58e3350056a062f6817c41544909061ca953f4aaa41c1ea6d1b
cc31b7dada6cd9516e31bd92bfc4637c46ffc4c8144ecd82ef6fbba88da710e2
ce1e463aaccb4f7c001e0c4bb32ffc32cd7fcf268941bf74c0832a5a85f81ed4
d157d2ba0c32933b0a924c4de710fd7fd0de8159975d1790c0ae9b93f9dd4fa6
d3fd4756c0c2aba21e31da8c374368bfd9a3176440a43de3a80420f6325317e8
d54d3649797b02d6d84921f1d262b8e825d8a61ddf068470d8877e3b05d6d028
d5f94071a3eed52c0a80d2fac134d524036484ffc92a28381ab2a00a80ff7efd
d637dae1aa80d0dd5ba985ac364cf9d541e3152949a4f234c010319c8e1f0a02
d77f2bc29b21dcd3e2656f073dd09cc1a658da77bd8d9ab0fcefda0a21fa7fb3
d8202c5456e90866f259d384d7d5af0d79a0e72eff8b59a1de6cd622081e92b4
da76d8f1241294c7497a43751591fced11c8ebcf61512710249ef34bde7f8846
daf004d0f11bce6ec02c6cc7561dd54638244758725f9b441210d6804261ad63
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
dd1ce67e4a8d5cfa3cc3c7b3382172bbbceeabc2facf51e1cfe0f1537aab725c
dda1d592ee93c534549248a26efc13cf993cc1cef1b84af542a4c1f8ea3943b2
de9dcd951b7dd88f17da2fd7a573b3bf63dd16c9ecada6b61a93acfba7fc299d
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfb6795a9ca2b442ca3364e40c39bbc6ce3b91ff6971d935b98377028dec9e31
dfb99dee1e029d51d6cfb672d847929890b1585402de17f5ed092edd72a688b4
dfced0621406b56297852f394a4b93825c69defcd20ce9e67b439bea504405cb
e076c728f80af0f1311f2e9048b18818119d27c14a0db3d0b505edaff3a5138c
e1f41bb78a8a9451cf6f10d13ba92fc879d0139070fce0307d7d62ae75ee73f2
e2db6493cc4a606dd658a7859c64d725083e1c463b38005a761bab49d9cf27d5
e3a5a586af5ef83742d786d0013be78b79bc5ebad17f9e5901fb4a39aa48143e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e62e8fe4252bf270d3984c4e3f4be5ff5c19667dd195d5bbb9e404f3267f0981
e7c62d6fd132c8e5711c2d158748d8420e77d06751842caa45a659705ce49d91
e82554f8b229e3285bac722e99343412587a0dd4ca5f0337d58525de39bf4615
e8842c27c61e73fea7a9a0d8dc2bc740c9477363f068aceacdaac5db8574547a
e9c5b1987a9c832d022b74eeeb75ad59e6d5192cb85584932da668f9d7f6f5c1
ea13c6084b0f4de44cde4353682875ad2f41d4ab30b20fc4148d4916777467fb
eaf2cbcb9061cf17bb962055e284183ca0c35721de558646f999bea875cd8538
eb282821d139e8aae406d42e71d10579bd35732d21278be253ec492fd3380f6a
ebf53dd58a55e83488b68c74386041da4b497d872f0c70f25857898fac8cad80
ebf58be00925b63196df30db7702d649c33078a859023695351b629559cc58d0
ec5a6f0d403ad9ca46d8e112259e29e6d6960b01a4ea6788040b700ff5d164a6
ecdc3e1733b4465431016227c1c31cd75bb931a284b9728a4478217e8a57eee0
edd8cb44b94fb76d6a2713f78db132e5623b417b3d26beb0a55e5106ad4efb53
ee6d0c97d172af9620f1ad82be2d15d3a2109ca8ab96f25b644814f34247557a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef539b1c10e2bb2cb1a9c7564589eec478a211e37c6827dd5eadffcd41772e5b
f45b2fd1030d6c507a36b79938473a7e605b46d19eb98ae29fb3a190180f427c
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f5f8618aa6b70e822faa78b79891f20470f31bd3b4234f38315151501ec39b17
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f8c7234f71ee95d38313af50d48515f0e5cfc5b1a98eb0639282bbc8207aa510
fab5572c01cd671e1a92d8ffda83b65c5276089a5d8f7cec2105ba034a55a98e
fcc8a30d38eeacb30158d0d90764bb7a725996874d5884b5017b10cc9ff14a34

threatconnect.com Open in urlscan Pro 192.124.249.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

240 Requests

97 %HTTPS

60 %IPv6

24 Domains

38 Subdomains

34 IPs

5 Countries

2177 kBTransfer

6788 kBSize

39 Cookies

40 Outgoing links

Redirected requests

240 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatconnect.com Open in urlscan Pro
192.124.249.3 Public Scan

Screenshot
Live screenshot

Full Image

240
Requests

97 %
HTTPS

60 %
IPv6

24
Domains

38
Subdomains

34
IPs

5
Countries

2177 kB
Transfer

6788 kB
Size

39
Cookies

240 HTTP transactions
3 data transactions