urlscan.io logo urlscan.io
SecurityTrails logo

www.deepinstinct.com Open in urlscan Pro
2a05:d014:58f:6202::64  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u33254697.ct.sendgrid.net/ls/click?upn=pHPJ8cv9bDtO2ykHr1a72hiH-2BrQ1-2BzfRoCuVqPf5hRtjSh9IIgznu59VKXOuPC8oTjd-2BM9ktmOoXZ...
Effective URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Submission: On November 10 via api from IL — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 48 IPs in 5 countries across 38 domains to perform 126 HTTP transactions. The main IP is 2a05:d014:58f:6202::64, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.deepinstinct.com.
TLS certificate: Issued by R3 on October 20th 2023. Valid for: 3 months.
This is the only time www.deepinstinct.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.28 11377 (SENDGRID)
3 52 2a05:d014:58f... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a02:26f0:780... 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
1 18.66.97.53 16509 (AMAZON-02)
1 13.32.27.65 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 146.75.116.157 54113 (FASTLY)
3 2a03:2880:f08... 32934 (FACEBOOK)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
4 152.195.15.58 15133 (EDGECAST)
1 2606:4700:440... 13335 (CLOUDFLAR...)
6 2606:4700::68... 13335 (CLOUDFLAR...)
3 151.101.0.143 54113 (FASTLY)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 104.244.42.133 13414 (TWITTER)
2 104.244.42.131 13414 (TWITTER)
1 13.227.219.71 16509 (AMAZON-02)
1 34.96.71.22 396982 (GOOGLE-CL...)
1 35.244.174.68 396982 (GOOGLE-CL...)
1 2001:4860:480... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 18.66.97.57 16509 (AMAZON-02)
2 34.111.208.231 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
4 5 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 54.72.40.201 16509 (AMAZON-02)
1 2 104.18.36.155 13335 (CLOUDFLAR...)
1 2600:1f18:612... 14618 (AMAZON-AES)
1 69.173.144.138 26667 (RUBICONPR...)
1 2600:9000:244... 16509 (AMAZON-02)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 169.63.31.200 36351 (SOFTLAYER)
1 54.211.230.249 14618 (AMAZON-AES)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 35.186.247.156 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
126 48
1    167.89.118.28 (Las Vegas, United States)

ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net
u33254697.ct.sendgrid.net
52    2a05:d014:58f:6202::64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
www.deepinstinct.com
1    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
4    2a02:26f0:780::210:a452 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
2    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
3    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    18.66.97.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-53.fra56.r.cloudfront.net
static.hotjar.com
1    13.32.27.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-65.fra56.r.cloudfront.net
tag.demandbase.com
1    2606:4700::6810:bd59 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
3    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
4    152.195.15.58 (United States)

ASN15133 (EDGECAST, US)
cdn.bizible.com
cdn.bizibly.com
1    2606:4700:4400::6812:24c4 (United States)

ASN13335 (CLOUDFLARENET, US)
trk.techtarget.com
6    2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)
js.qualified.com
assets.qualified.com
3    151.101.0.143 (United States)

ASN54113 (FASTLY, US)
s.swiftypecdn.com
3    2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
2    104.244.42.131 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    13.227.219.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-71.ams54.r.cloudfront.net
script.hotjar.com
1    34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com
s.company-target.com
1    35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    2606:4700::6812:7b0c (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    18.66.97.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-57.fra56.r.cloudfront.net
api.company-target.com
2    34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com
ibc-flow.techtarget.com
1    2a00:1450:400c:c0b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
5    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    54.72.40.201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-40-201.eu-west-1.compute.amazonaws.com
content.hotjar.io
2    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    2600:1f18:612b:4200:3683:4ea:82e2:31f (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
partners.tremorhub.com
1    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    2600:9000:2449:da00:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)
tag-logger.demandbase.com
2    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    169.63.31.200 (United States)

ASN36351 (SOFTLAYER, US)
PTR: c8.1f.3fa9.ip4.static.sl-reverse.com
cc.swiftype.com
1    54.211.230.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-211-230-249.compute-1.amazonaws.com
app.qualified.com
2    2606:4700::6812:1105 (United States)

ASN13335 (CLOUDFLARENET, US)
assets.qualified.com
1    35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com
sentry.io
2    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
1    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hubspot.com
1    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
52 deepinstinct.com
www.deepinstinct.com
815 KB
9 qualified.com
js.qualified.com — Cisco Umbrella Rank: 20121
app.qualified.com — Cisco Umbrella Rank: 20979
assets.qualified.com — Cisco Umbrella Rank: 22489
862 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 377
www.linkedin.com — Cisco Umbrella Rank: 629
px4.ads.linkedin.com — Cisco Umbrella Rank: 6003
5 KB
5 typekit.net
use.typekit.net — Cisco Umbrella Rank: 506
p.typekit.net — Cisco Umbrella Rank: 621
78 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2462
21 KB
3 hubspot.com
track.hubspot.com — Cisco Umbrella Rank: 2298
forms.hubspot.com — Cisco Umbrella Rank: 4747
4 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
3 swiftypecdn.com
s.swiftypecdn.com — Cisco Umbrella Rank: 10851
149 KB
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 24529
ibc-flow.techtarget.com — Cisco Umbrella Rank: 22103
2 KB
3 bizible.com
cdn.bizible.com — Cisco Umbrella Rank: 6659
26 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 366
14 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 174
124 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 110
216 B
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625
1 KB
2 company-target.com
s.company-target.com — Cisco Umbrella Rank: 1489
api.company-target.com — Cisco Umbrella Rank: 3814
2 KB
2 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 747
609 B
2 t.co
t.co — Cisco Umbrella Rank: 607
577 B
2 google.de
www.google.de — Cisco Umbrella Rank: 6862
562 B
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 778
19 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
2 KB
2 demandbase.com
tag.demandbase.com — Cisco Umbrella Rank: 4586
tag-logger.demandbase.com — Cisco Umbrella Rank: 4475
21 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 727
script.hotjar.com — Cisco Umbrella Rank: 901
60 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
177 KB
1 gstatic.com
www.gstatic.com
189 KB
1 sentry.io
sentry.io — Cisco Umbrella Rank: 171
324 B
1 swiftype.com
cc.swiftype.com — Cisco Umbrella Rank: 11597
279 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 376
239 B
1 tremorhub.com
partners.tremorhub.com — Cisco Umbrella Rank: 1279
392 B
1 hotjar.io
content.hotjar.io — Cisco Umbrella Rank: 6398
161 B
1 bizibly.com
cdn.bizibly.com — Cisco Umbrella Rank: 13040
204 B
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2155
16 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2150
21 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4568
88 KB
1 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 728
98 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 713
15 KB
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2386
1 KB
1 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1969
51 KB
1 sendgrid.net
u33254697.ct.sendgrid.net
316 B
126 38
Domain Requested by
52 www.deepinstinct.com 3 redirects www.deepinstinct.com
7 assets.qualified.com www.deepinstinct.com
app.qualified.com
4 px.ads.linkedin.com 3 redirects cdn.bizible.com
4 use.typekit.net www.deepinstinct.com
use.typekit.net
3 www.google.com www.deepinstinct.com
js.hsleadflows.net
3 s.swiftypecdn.com www.deepinstinct.com
cdn.bizible.com
s.swiftypecdn.com
3 cdn.bizible.com www.googletagmanager.com
www.deepinstinct.com
cdn.bizible.com
3 bat.bing.com www.deepinstinct.com
bat.bing.com
3 connect.facebook.net www.deepinstinct.com
connect.facebook.net
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.deepinstinct.com
2 track.hubspot.com
2 www.facebook.com www.deepinstinct.com
2 dsum-sec.casalemedia.com 1 redirects s.company-target.com
2 ibc-flow.techtarget.com cdn.bizible.com
2 analytics.twitter.com www.deepinstinct.com
2 t.co www.deepinstinct.com
2 www.google.de www.deepinstinct.com
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 www.googletagmanager.com www.deepinstinct.com
www.googletagmanager.com
1 www.gstatic.com www.google.com
1 forms.hubspot.com cdn.bizible.com
1 sentry.io assets.qualified.com
1 app.qualified.com js.qualified.com
1 cc.swiftype.com www.deepinstinct.com
1 tag-logger.demandbase.com cdn.bizible.com
1 pixel.rubiconproject.com s.company-target.com
1 partners.tremorhub.com s.company-target.com
1 content.hotjar.io cdn.bizible.com
1 px4.ads.linkedin.com www.deepinstinct.com
1 www.linkedin.com 1 redirects
1 stats.g.doubleclick.net cdn.bizible.com
1 api.company-target.com cdn.bizible.com
1 cdn.bizibly.com www.deepinstinct.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.hsleadflows.net js.hs-scripts.com
1 region1.google-analytics.com www.googletagmanager.com
1 id.rlcdn.com www.deepinstinct.com
1 s.company-target.com tag.demandbase.com
1 script.hotjar.com static.hotjar.com
1 js.qualified.com www.googletagmanager.com
1 trk.techtarget.com www.deepinstinct.com
1 static.ads-twitter.com www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 js.hs-scripts.com www.googletagmanager.com
1 tag.demandbase.com www.deepinstinct.com
1 static.hotjar.com www.googletagmanager.com
1 p.typekit.net use.typekit.net
1 www.googleoptimize.com www.deepinstinct.com
1 u33254697.ct.sendgrid.net 1 redirects
126 50
Subject Issuer Validity Valid
deepinstinct.com
R3		 2023-10-20 -
2024-01-18		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-21 -
2024-10-21		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
tag.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2023-08-23 -
2024-09-23		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-03 -
2024-05-02		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-08-19 -
2023-11-17		 3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01		 2023-10-24 -
2024-04-21		 6 months crt.sh
io.bizible.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-01 -
2024-07-01		 a year crt.sh
s.swiftypecdn.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-07-02 -
2024-08-02		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-10-29		 a year crt.sh
*.company-target.com
R3		 2023-10-20 -
2024-01-18		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
api.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2023-09-27 -
2024-09-26		 a year crt.sh
ibc-flow.techtarget.com
GTS CA 1D4		 2023-09-21 -
2023-12-20		 3 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2023-03-02 -
2024-03-30		 a year crt.sh
*.tremorhub.com
Amazon RSA 2048 M01		 2023-02-22 -
2024-03-23		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
*.demandbase.com
Amazon RSA 2048 M01		 2023-07-11 -
2024-08-08		 a year crt.sh
*.swiftype.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-21 -
2024-07-14		 a year crt.sh
app.qualified.com
R3		 2023-09-21 -
2023-12-20		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2023-11-03 -
2024-05-03		 6 months crt.sh
sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-08 -
2024-09-07		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2023-02-05 -
2024-02-05		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Frame ID: D1BEA783493E8235BE3D9CD302A86BEE
Requests: 114 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: 156F0C69134FC95FE396A874739C214C
Requests: 4 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/DxHYmKWTScn3buDp/messenger?uuid=466828c6-e3d6-44e8-a663-4dbc2d5763d2
Frame ID: 51FCC6517269C52F97E79498EA6E9794
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MuddyC2Go – Latest C2 Framework Used by Iranian APT MuddyWater Spotted in Israel | Deep Instinct Blog

Page URL History Show full URLs

  1. https://u33254697.ct.sendgrid.net/ls/click?upn=pHPJ8cv9bDtO2ykHr1a72hiH-2BrQ1-2BzfRoCuVqPf5hRtjSh9IIgznu59VKXO... HTTP 302
    https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

126
Requests

95 %
HTTPS

58 %
IPv6

38
Domains

50
Subdomains

48
IPs

5
Countries

2762 kB
Transfer

7933 kB
Size

44
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u33254697.ct.sendgrid.net/ls/click?upn=pHPJ8cv9bDtO2ykHr1a72hiH-2BrQ1-2BzfRoCuVqPf5hRtjSh9IIgznu59VKXOuPC8oTjd-2BM9ktmOoXZkgkK9UA4D5wZlOx3rxM08x6VRgH791PiPIc9UPkjaH8SmA5-2FoEqswDkTTlbKmtJhIjTAVJfcl5UQMcI7M8MrR9RDwWfI8o-3DHoRw_4H0sWtLs2R3mtZJT7nbblBlgipVcW6VZRY9gTMjZ1VrYtiF6C1YE7iAjPXrDtEVymv-2BK0G2woyoEc5fsAJ1ZbAo51-2BnQvGbi2q-2B5t-2BOCBwGBHTTw56kLda-2BrX37vUeDfzVjlaz1LnlpPxs2mja-2BuK7v0tfYTnWoHFV38tb0SiAvuz3ySennCQn1X5EOToxv7Vjc1-2BEtjI-2Fnmvi70ooMuw3R0JO6uRxxgHwBNR-2BxEFz8-3D HTTP 302
    https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55
  • https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg&w=1680&q=100 HTTP 301
  • https://www.deepinstinct.com/_ipx/w_1680,q_100/https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg&w=1680&q=100
Request Chain 56
  • https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75 HTTP 301
  • https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75
Request Chain 57
  • https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75 HTTP 301
  • https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75
Request Chain 90
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D316505%26time%3D1699635329606%26url%3Dhttps%253A%252F%252Fwww.deepinstinct.com%252Fblog%252Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&cookiesTest=true&liSync=true&e_ipv6=AQKr580Ts0pKNgAAAYu6KP2NU9ZzPwEUhuXSLlK3fqtz21wZkuAfhP7k9k-c0XfOxUp-jFo
Request Chain 99
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715360129&external_user_id=77ac33b9-4f51-4bf1-be6d-3dd131ea0218 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715360129&external_user_id=77ac33b9-4f51-4bf1-be6d-3dd131ea0218&C=1

126 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
www.deepinstinct.com/blog/
Redirect Chain
  • https://u33254697.ct.sendgrid.net/ls/click?upn=pHPJ8cv9bDtO2ykHr1a72hiH-2BrQ1-2BzfRoCuVqPf5hRtjSh9IIgznu59VKXOuPC8oTjd-2BM9ktmOoXZkgkK9UA4D5wZlOx3rxM08x6VRgH791PiPIc9UPkjaH8SmA5-2FoEqswDkTTlbKmtJhI...
  • https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
109 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
ffe949841a356d3cfd5a3a73df4165d2b821ace7ac260a8c6b65477b97ab2312
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
199
cache-control
public,max-age=0,must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 10 Nov 2023 16:55:28 GMT
etag
"1b561-ffcAGOqylktj4E3V1cijj63l8F4-df-df"
server
Netlify
strict-transport-security
max-age=31536000
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-nextjs-cache
REVALIDATED
x-nf-render-mode
odb ttl=600
x-nf-request-id
01HEX2HX6FZ0PDXK0B68PA51RA
x-xss-protection
1

Redirect headers

Connection
keep-alive
Content-Length
135
Content-Type
text/html; charset=utf-8
Date
Fri, 10 Nov 2023 16:55:27 GMT
Location
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Server
nginx
X-Robots-Tag
noindex, nofollow
optimize.js
www.googleoptimize.com/ 		133 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-P298HTJ
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bb00614fc4b99cd65474e0bc17de4fb77e1380f689443fabd73508c48e1e8f9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
51716
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 10 Nov 2023 16:55:28 GMT
aa5019249c3508b6.css
www.deepinstinct.com/_next/static/css/ 		33 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/css/aa5019249c3508b6.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
51b4b8c58dc0511997889a77f471098b5a1c2d702f74ba23600b0f4c8b398679
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXKYVY783SZAKV764JT5
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
8193
etag
"0ce9170cacd077ca27fcc3c8eb9cb387-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
7194
x-xss-protection
1
2d4171153a738fd1.css
www.deepinstinct.com/_next/static/css/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/css/2d4171153a738fd1.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
6b31f4b8b0718aa065acf1bfed1a4e2752468dd49bc9a69958319e8bdda1662e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXKYNZ607D4R9JFKQA15
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
82806
etag
"c2b8dc2874d4fba1b21273311c775663-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
2653
x-xss-protection
1
e24af18bfed2b9e3.css
www.deepinstinct.com/_next/static/css/ 		889 B
978 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/css/e24af18bfed2b9e3.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
66aac9d3210f68de513a93e481d67dfa843665cdba4809f3bde13aefb77e71c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXKY8KMJ8MKBY3PR61BT
date
Fri, 10 Nov 2023 16:55:28 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
Netlify
age
8193
etag
"bd7e93eb05a1f3b205478b58828e61da-ssl"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
889
x-xss-protection
1
5935-c757cc9152444a3d.js
www.deepinstinct.com/_next/static/chunks/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/5935-c757cc9152444a3d.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
d619ebece095748eb92d409eaac19e4346f5d7380db0442021e0ef148bab686d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJYRSMD700YXADXBR4
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
79795
etag
"c07471b458f030ca1b91b0d182feb5d3-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
10237
x-xss-protection
1
6329-831a74148bce6612.js
www.deepinstinct.com/_next/static/chunks/ 		139 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/6329-831a74148bce6612.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
de90f9a4370cff2dafd0d322cf18b2d8c16baef1851c46e8d8624fa2b202fb18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJASK8B9FXKAJPNKE4
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
79795
etag
"c4bf0c1ca2bac66911bf38f3ff1168d9-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
37923
x-xss-protection
1
248.0db1e1c53eb42682.js
www.deepinstinct.com/_next/static/chunks/ 		2 KB
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/248.0db1e1c53eb42682.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
a650259b67fd9815669b3a36ce8881448e8d5ad989de4bcb18ecae6ca73cfabe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJYDKHAC11QPH615X3
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
8193
etag
"84bce3b710450039a2154f0e3fc18655-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
810
x-xss-protection
1
webpack-c3b37b2acfb2202f.js
www.deepinstinct.com/_next/static/chunks/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
411e8ca13318522f6b66a7d1bb6c812df06e6ee1f633b6199adafad4c6f43323
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJF4KA90Z43145W739
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
8193
etag
"3bf82df928ff92e26610a594db07c0b0-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
4010
x-xss-protection
1
framework-a070cbfff3c750c5.js
www.deepinstinct.com/_next/static/chunks/ 		127 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/framework-a070cbfff3c750c5.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
33dc89018fe5aed90ddd9f9615cba7412569abfad7d4995d81001e532aac79c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJ94QZF0RYXWZZP256
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
14340
etag
"b3ebca171d6bb590918cec87111d240e-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
40597
x-xss-protection
1
main-56046b3e412722f8.js
www.deepinstinct.com/_next/static/chunks/ 		120 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
fc3d502ace2503c2860416688a2fa238234df171764c9bdd3fef3f02cbe0e61c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJ9DXGSPD8GPJBNHPZ
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
18051
etag
"98ba29c66559ed9f7134e25bc71d56b3-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
33864
x-xss-protection
1
_app-de8101c0d8fecbbe.js
www.deepinstinct.com/_next/static/chunks/pages/ 		1 KB
597 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/pages/_app-de8101c0d8fecbbe.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
1bb11639b6fac45629437a0f8c465af729084e5ad3a70e61861cf170d25c1ffe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJQ8K218055CQCN3RW
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
25232
etag
"6a2fcc839874c29fae8c9aaf63624089-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
501
x-xss-protection
1
5675-33a595ecead4a5e3.js
www.deepinstinct.com/_next/static/chunks/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/5675-33a595ecead4a5e3.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
25701ff46a6938978e4b3a307406ea586727388fe86ed523c6edd4435ebd6c5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJPZ2W8HPYNKQDCFXW
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
79795
etag
"47476e6d969f5a04eae786640b9d8b13-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
4176
x-xss-protection
1
9366-e4dac70fdca9d72a.js
www.deepinstinct.com/_next/static/chunks/ 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/9366-e4dac70fdca9d72a.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
5904bc0d6e72fc3e0028407f78c13aebab8a5e20104018420e1009f7cd9d1526
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJES7E7JR2AC6Y5MY8
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
79795
etag
"d499ab13a5378951eac00d929a43db2e-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
9705
x-xss-protection
1
6116-82261edfdfac2b87.js
www.deepinstinct.com/_next/static/chunks/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/6116-82261edfdfac2b87.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
58a89518d54f5ab407ea7ccae375754e395a139d226e0e3643873eec5b74134e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXVJRJEY485M3Y0GZ8W7
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
79795
etag
"82d8bd86f253ba60d7351dfb354dbc85-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
10031
x-xss-protection
1
6804-693318409af478ce.js
www.deepinstinct.com/_next/static/chunks/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/6804-693318409af478ce.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
5d6a261605f748413f5c29c41e2de153baa2ddd4724684d1921b33adbd90bd3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXWSPB2CAHX3V3Z7K68P
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
76759
etag
"6658d214cc5310eca6fcd48baf3eca58-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
5575
x-xss-protection
1
%5Bpid%5D-cba4384301721ec6.js
www.deepinstinct.com/_next/static/chunks/pages/blog/ 		572 B
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/pages/blog/%5Bpid%5D-cba4384301721ec6.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
6ce00c492fc82a2a05b2a29ec95e50f42ba69d2974ed3f0c094bc0cfb3872ee7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXWS8RESDXVNQPKJV1NN
date
Fri, 10 Nov 2023 16:55:28 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
Netlify
age
14340
etag
"e9932037540bc6a1ffcc2e158988a451-ssl"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
572
x-xss-protection
1
_buildManifest.js
www.deepinstinct.com/_next/static/7xJ-RmLF38-VKhUkEeJOA/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/7xJ-RmLF38-VKhUkEeJOA/_buildManifest.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
e0a5ab31a6dcf260d67b1f4b919f65f84a00fd4fd82a3d025c6931d1aad18092
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXWSQYSY8KJE1DE7TJAD
date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
8193
etag
"0b11e214e7f31bb48bb7cda3503fe976-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
1501
x-xss-protection
1
_ssgManifest.js
www.deepinstinct.com/_next/static/7xJ-RmLF38-VKhUkEeJOA/ 		455 B
576 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/7xJ-RmLF38-VKhUkEeJOA/_ssgManifest.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
32cc58a56e1170810316c9cb82dd82a1fb379e2b82139b5ed039063bb40e4724
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXWS70H7XRWX1KVP6PRX
date
Fri, 10 Nov 2023 16:55:28 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
Netlify
age
8193
etag
"b2c43c3250da6099ef5c1a1380066e6b-ssl"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
455
x-xss-protection
1
zka3qml.css
use.typekit.net/ 		3 KB
993 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/zka3qml.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:a452 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
58cbce6773a86e5d812444badcc12a2b7da1bc9bd7508c777f67189a4a0ac6b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Fri, 10 Nov 2023 16:55:28 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
770
fig1-PowerGUI-Logo.png
www.deepinstinct.com/image/blt2e55ad6e0e12cbe2/654af2a5b42e39040a69a428/ 		82 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.deepinstinct.com/image/blt2e55ad6e0e12cbe2/654af2a5b42e39040a69a428/fig1-PowerGUI-Logo.png
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
e4d4c2cd56c1e449f5f9bc65e27a0cb358e546cc8e84b91c2773803cb7ee77b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXMZBZ6TR5MPRY8PPCS8
date
Fri, 10 Nov 2023 16:55:28 GMT
strict-transport-security
max-age=31536000
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
224730
fastly-io-served-by
vpop-haf2300708
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache
MISS, HIT
fastly-io-info
ifsz=105444 idim=491x300 ifmt=png ofsz=84453 odim=491x300 ofmt=png
content-disposition
inline; filename=fig1-PowerGUI-Logo.png
fastly-stats
io=1
x-xss-protection
1
x-request-id
eb9fd9ef77839b9815726586ea870375
x-served-by
cache-sjc1000125-SJC, cache-iad-kjyo7100169-IAD
x-runtime
97ms
server
Netlify
x-timer
S1699635329.866367,VS0,VE2
x-contentstack-organization
bltdec97706489ab5de
etag
"uZS1Jz7t9RdRMB3/xkoAE6m+UFx8mgf5LS2hi89UrlA"
x-nf-render-mode
ssr
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
content-disposition, content-type, cache-control, status, content-length
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1
fig2-Powershell-C2-Code.png
www.deepinstinct.com/image/blt0f5f4af3edeedf94/654af2a5b42e39040a69a424/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.deepinstinct.com/image/blt0f5f4af3edeedf94/654af2a5b42e39040a69a424/fig2-Powershell-C2-Code.png
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
d4191ce5d2905101adc080dc41c1899c7f10901809b001c27ac08629111f754b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXN0Q6P29TNSKT6RQBQR
date
Fri, 10 Nov 2023 16:55:28 GMT
strict-transport-security
max-age=31536000
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
224729
fastly-io-served-by
vpop-haf2300711
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache
MISS, HIT
fastly-io-info
ifsz=12613 idim=603x480 ifmt=png ofsz=6885 odim=603x480 ofmt=png
content-disposition
inline; filename=fig2-Powershell-C2-Code.png
fastly-stats
io=1
content-length
6885
x-xss-protection
1
x-request-id
25cfd208a817a0c07e580a8b1c17a9ee
x-served-by
cache-sjc1000110-SJC, cache-iad-kjyo7100117-IAD
x-runtime
167ms
server
Netlify
x-timer
S1699632390.548855,VS0,VE2
x-contentstack-organization
bltdec97706489ab5de
etag
"tr0jHBAOC+baIQW13wvoSNSk0vtKM3sxjxSDzMi/lAM"
x-nf-render-mode
ssr
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
content-disposition, content-type, cache-control, status, content-length
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1
fig3-KorekPro-VT.png
www.deepinstinct.com/image/bltaca79be7f5b4795d/654af2a5b3460c040a0b095a/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.deepinstinct.com/image/bltaca79be7f5b4795d/654af2a5b3460c040a0b095a/fig3-KorekPro-VT.png
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
e2129d99ed4c964a438653772ad69f2150d35bf92422ce1547be579148328582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HXP9EHKM75W09WG818DT
date
Fri, 10 Nov 2023 16:55:28 GMT
strict-transport-security
max-age=31536000
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
224730
fastly-io-served-by
vpop-haf2300702
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache
MISS, HIT
fastly-io-info
ifsz=100290 idim=602x301 ifmt=png ofsz=79428 odim=602x301 ofmt=png
content-disposition
inline; filename=fig3-KorekPro-VT.png
fastly-stats
io=1
x-xss-protection
1
x-request-id
6f7bd385297149925adaf91ff32f976c
x-served-by
cache-sjc1000096-SJC, cache-iad-kjyo7100168-IAD
x-runtime
119ms
server
Netlify
x-timer
S1699635329.804632,VS0,VE2
x-contentstack-organization
bltdec97706489ab5de
etag
"7mwynflJsizd3kmBDntjw7ylFbGtNnQNcSKP8CY2ZDM"
x-nf-render-mode
ssr
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
content-disposition, content-type, cache-control, status, content-length
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1
gtm.js
www.googletagmanager.com/ 		270 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
efd3f56e3104cdcd14285fd6b2430b3a18eb01bb332dedccf7e221dfc351c6be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:28 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95046
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 10 Nov 2023 16:55:28 GMT
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		78 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af144d639dc5c33722d3426bda462d68577e1c63ab319abf355da1ef73859495

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/svg+xml
p.css
p.typekit.net/ 		5 B
172 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=zka3qml&ht=tk&f=10954.13454.13466.28969&a=83637106&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
last-modified
Fri, 23 Jun 2023 17:09:47 GMT
server
nginx
etag
"6495d1db-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
js
www.googletagmanager.com/gtag/ 		243 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P5MMKMDSNW&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6e96b1e8dc2932febab8a5fd8306f98e7546a4292da63c3bd12526af4ec8455e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85997
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 10 Nov 2023 16:55:29 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 10 Nov 2023 15:51:30 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
3839
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 10 Nov 2023 17:51:30 GMT
hotjar-1665869.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1665869.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-53.fra56.r.cloudfront.net
Software
/
Resource Hash
99a0231f29505969b964dcf374fb5f41ca7e9bbbeacaf33c9d52329fcc85d686
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Fri, 10 Nov 2023 16:55:29 GMT
via
1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/0d6fd552b9acc1de6b9fbc552dc177b3
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
BFpACIlU0DkgAxhMKmIl5H9VR3DIuUMI_jq-02l7NiKuRqWBjt3Lew==
8430ce879b38826d.min.js
tag.demandbase.com/ 		74 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/8430ce879b38826d.min.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-65.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
948c588602a7867a3c788b2c462108cbd3f5a4855014800b5927c96b4107b09c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id
va7iofp66qHkXfx1VjqM9gkmgxHGTA4o
content-encoding
gzip
via
1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
date
Fri, 10 Nov 2023 16:37:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA56-C2
age
1373
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 02 Nov 2023 11:36:57 GMT
server
AmazonS3
etag
W/"7ed220dbe2013cff364decf0154cfa92"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id
k4FpMRtpuAWMu_Ic-6klkRZVuGSSq2yw_r_W02PJKIsgHmWnCptCqA==
2183098.js
js.hs-scripts.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/2183098.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:bd59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0236c1f7b39cc398973cfa0206daadef1b362720c36ad19d0c2209165a45cdfa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
01d113b7-bb03-4396-8cc1-b78cbe3cb24d
x-envoy-upstream-service-time
9
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
01d113b7-bb03-4396-8cc1-b78cbe3cb24d
last-modified
Fri, 10 Nov 2023 15:30:40 GMT
server
cloudflare
x-trace
2B35E73827EE3C9190E4BDECEB604315FE87740094000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.deepinstinct.com
x-evy-trace-virtual-host
all
cache-control
public, max-age=60
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5dc9ffbc55-hmxpd
cf-ray
823fd2c7a96291e1-FRA
expires
Fri, 10 Nov 2023 16:56:29 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/812608847/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812608847/?random=1699635329128&cv=11&fst=1699635329128&bg=ffffff&guid=ON&async=1&gtm=45He3b81v78451102&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&hn=www.googleadservices.com&frm=0&tiba=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&auid=1208908221.1699635329&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
478554a8c8468502a23cb6a3cd03b6f6ab8e6ffcd56a3fd04ed89cf12d42f2be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1370
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 08 Nov 2023 07:18:39 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=34508
accept-ranges
bytes
content-length
3840
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-eddf8230078-FRA
fbevents.js
connect.facebook.net/en_US/ 		202 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 10 Nov 2023 16:55:29 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54273
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
PG13EQ8lYpjYDru0u4Xyq5pVB/0K/TeVpA5/YZUZghHZlRPRSUyhf2ODNmZRSNRkOErcVBmciC8EFsOii2HbzA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0dc90421cbf6414c9f1ef5e93af3dbe48a4e51899452330f0ae0b2815e38be94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Fri, 10 Nov 2023 16:55:28 GMT
last-modified
Fri, 20 Oct 2023 01:13:24 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 40C2E4C844C144C7A39D05BCAC1F43CD Ref B: FRA31EDGE0517 Ref C: 2023-11-10T16:55:29Z
etag
"0125f9ff22da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13079
bizible.js
cdn.bizible.com/scripts/ 		67 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D4) /
Resource Hash
1ef794d2735aea1a72ecc51376a0dec90f188ed0031eb818ed3a71e863d245ce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
gzip
last-modified
Thu, 09 Nov 2023 19:35:04 GMT
server
ECS (frb/67D4)
age
70997
etag
"b7bd83d64313da1:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
25393
tracking.js
trk.techtarget.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:24c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
server
cloudflare
age
84597
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
823fd2c89fe63aa3-FRA
expires
Fri, 10 Nov 2023 17:15:29 GMT
qualified.js
js.qualified.com/ 		293 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.qualified.com/qualified.js?token=DxHYmKWTScn3buDp
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ca8d18e1742fd3db821d84cdf0ea3f21c88c9f2d83316b1d6a948c4bbf3c9f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
gzip
via
1.1 spaces-router (devel)
strict-transport-security
max-age=63072000; includeSubDomains
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
x-request-id
6433ec64-f825-1c8d-3a13-35c0e9ce0f16
pragma
no-cache
x-runtime
0.022214
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"4ca8d18e1742fd3db821d84cdf0ea3f2"
x-download-options
noopen
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
823fd2c8b8c02c4f-FRA
expires
Fri, 10 Nov 2023 20:55:29 GMT
l
use.typekit.net/af/04ec74/00000000000000000001205b/27/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/04ec74/00000000000000000001205b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:a452 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
8d0056dcc26b8dce6be00539697962adb12475fbf9cbf7fdcbc7c81b2ae7328d

Request headers

Referer
https://use.typekit.net/zka3qml.css
Origin
https://www.deepinstinct.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
server
nginx
etag
"1c4557ace28950fbc49487c3a85660222d5fe232"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
29588
l
use.typekit.net/af/1709eb/000000000000000000010b60/27/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/1709eb/000000000000000000010b60/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:a452 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
f94786fe65dcbc65b0099b471ae2bb89bbabd7fa7d8573dd3c4e0f5bbe555447

Request headers

Referer
https://use.typekit.net/zka3qml.css
Origin
https://www.deepinstinct.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
server
nginx
etag
"9bd0488a91630a3c738a4d950e0b0b7930bcb98f"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
24740
l
use.typekit.net/af/442215/000000000000000000010b5a/27/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/442215/000000000000000000010b5a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:a452 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
8d5da73586712159bb569fbfbd370f05a258113b2591ba238ef4e7bde1db13b7

Request headers

Referer
https://use.typekit.net/zka3qml.css
Origin
https://www.deepinstinct.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
server
nginx
etag
"9523c64514161c03124fab238b18113d17bad9eb"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
23800
2757.2159eeb22ad7f48b.js
www.deepinstinct.com/_next/static/chunks/ 		427 B
663 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/2757.2159eeb22ad7f48b.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
90aca30e747dbe0cd4ae4a29a0d588aff8693e295bb1d5c322188955608f658b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY5YFWQ2JCTW68E6XE9H
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
Netlify
age
18051
etag
"d6fad88b37da887ac06cebbf841586b2-ssl"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
427
x-xss-protection
1
5972.698bd1faa1f17a01.js
www.deepinstinct.com/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/5972.698bd1faa1f17a01.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
73de89ad27fa1fcfb8372b6656106165d4865b3ee287ad208f0074ef99f586b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY5ZJP1X4PWGQJB98V74
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
76761
etag
"961e07083360c63f7e6576d6f84061a3-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
1877
x-xss-protection
1
5518.80f4656ccdd1c449.js
www.deepinstinct.com/_next/static/chunks/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/5518.80f4656ccdd1c449.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
ba546f8a87a68abc792ddd24f67f1941f15f77e2605b6cad27d798cfd256df37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY62JKCY2YQ3S3Y6FWTV
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
14342
etag
"02c348297cb501340ec168c62a3162eb-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
9291
x-xss-protection
1
2f9e2c2f1c3b95ee.css
www.deepinstinct.com/_next/static/css/ 		1 KB
415 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/css/2f9e2c2f1c3b95ee.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
4574422b79a9d4a5793b41636bfcf680e171b4f050e4089b78c8fb48d16af49d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY621H9ZZX1C8JRH4AEM
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
25231
etag
"1316ddd92039eb23f085c84392c456b7-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
298
x-xss-protection
1
5285.9d8099bf125cc883.js
www.deepinstinct.com/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/5285.9d8099bf125cc883.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
2127e8d78f9fdf06128e950834caad94dcce05a128133818a9b32102aaa06b8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY62S5REEZYCNTF4XYPW
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
76761
etag
"7e7e9005be6508062b22c324286122f4-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
1557
x-xss-protection
1
8286.e06f0b67431c1f9c.js
www.deepinstinct.com/_next/static/chunks/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/8286.e06f0b67431c1f9c.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
24c48fd2d041715dacda429b49d2077dc9ea1e980a8168f0a0bba850a1381a7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY62RGZYWAAP7HSJCRRP
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
14342
etag
"1268ac6fb40fd7a5b28fa5b704295aab-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
1252
x-xss-protection
1
1264.1e83e2e3d087aa66.js
www.deepinstinct.com/_next/static/chunks/ 		1 KB
832 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/1264.1e83e2e3d087aa66.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
d90b93e7a6b3c90b899c78d766efd2ee94dca853b273313b8dbc333cbc328e25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY62J25RPR8S3SYWK4XF
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
14341
etag
"ad53536774991d1c54fd7524834e854e-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
733
x-xss-protection
1
3204.4d4bc288e26c86f6.js
www.deepinstinct.com/_next/static/chunks/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/3204.4d4bc288e26c86f6.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
551397ca1cc84b261fbfb4ec91a3be7e5cb4704f58bdc293808a2f06e904e8d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY6BNWH832HRFTBZCRXK
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
93194
etag
"f6887febc8342862c50c2ae05a5099cf-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
901
x-xss-protection
1
5500.a842325987ceada0.js
www.deepinstinct.com/_next/static/chunks/ 		560 B
653 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/5500.a842325987ceada0.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
df8d379a7d695bed8a2c8c58fa2b7b5c06837252815cf494b12e65d67c245060
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY6CXVK0GQRR4VB7K3Z6
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
Netlify
age
8193
etag
"9371147f950c6036a725a5fe163de70c-ssl"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
560
x-xss-protection
1
6773.39400dc36a5f8737.js
www.deepinstinct.com/_next/static/chunks/ 		1 KB
736 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/6773.39400dc36a5f8737.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
8908366014bb39af214d72a81154943df61d430966ae776aeda1e1bf094b10b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY6CHA8VBEPWZQZXZMR5
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
8193
etag
"cf7e9ebd2563670313dc86e73594182e-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
641
x-xss-protection
1
4082.f76b657326d5df42.js
www.deepinstinct.com/_next/static/chunks/ 		376 B
465 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/4082.f76b657326d5df42.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
9c0180fc3efb7e159a483e9f2c8ea7db1595a30cd8e3bd0f7b6f391405c3352a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY76GAEM4J9G3JF15XHM
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
Netlify
age
8193
etag
"c85b7e364c661bdd877e25fc5b9c5212-ssl"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
376
x-xss-protection
1
2030.f80c6d0379cfe528.js
www.deepinstinct.com/_next/static/chunks/ 		2 KB
907 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/2030.f80c6d0379cfe528.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
1b791f37e7cfac61b4b9e28963f4afbbc99fce9766fe8a872d8196dc7dc21375
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HY9TAP7SZ2NW4PA1QBSW
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
18051
etag
"69f32c00935925aae0b72c18cceb8c39-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
809
x-xss-protection
1
st.js
s.swiftypecdn.com/install/v2/ 		416 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.swiftypecdn.com/install/v2/st.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2d7c7930eb39d59cd8c2dc00652977da3ed72347e7cd465f7b540e10e2121c22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 16:55:29 GMT
Content-Encoding
gzip
Via
1.1 varnish
Age
210
X-Cache
HIT
Connection
keep-alive
Content-Length
112326
X-Served-By
cache-fra-etou8220077-FRA
X-Timer
S1699635329.459908,VS0,VE0
ETag
"644bc380-1b6c6"
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, public, max-age=300, public
Accept-Ranges
bytes
X-Cache-Hits
3
https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg
www.deepinstinct.com/_ipx/w_1680,q_100/
Redirect Chain
  • https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg&w=1680&q=100
  • https://www.deepinstinct.com/_ipx/w_1680,q_100/https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg?url=https%3A%2F%2Fwww.deepinsti...
265 KB
265 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.deepinstinct.com/_ipx/w_1680,q_100/https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg&w=1680&q=100
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
e527745ad15165b483c83bf7d6e745557615ee7357dd1785f4986eae41ebcdae
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYJT1F21PMJHEHW11J63
content-security-policy
default-src 'none'
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
server
Netlify
age
0
etag
"4226c-hvuphQ4CN0kjKI2BG5FTJJ7HTYg"
content-type
image/jpeg
cache-control
public,max-age=0,must-revalidate

Redirect headers

location
/_ipx/w_1680,q_100/https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblta405c7f1f8b1746b%2F654af169ecbd1c040a7ee276%2Fblog-image-muddyc2go.jpg&w=1680&q=100
x-nf-request-id
01HEX2HYE4MPCW27CWDRBTRCC2
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
server
Netlify
age
0
content-type
text/plain
https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png
www.deepinstinct.com/_ipx/w_64,q_75/
Redirect Chain
  • https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75
  • https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png?url=https%3A%...
3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
f9290eade0c1f3006d45aa71c8a1051c84257a9d019ee8c79e3969feef443e72
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYHPV35GB5Q5Y9GJYX9E
content-security-policy
default-src 'none'
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
server
Netlify
age
68103
etag
"c26-7W2fAKwE6o9yxUrQKmzhBj/i/74"
content-type
image/png
cache-control
public,max-age=0,must-revalidate
content-length
3110

Redirect headers

location
/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75
x-nf-request-id
01HEX2HYE4SGVMWMWAD757MZ54
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
server
Netlify
age
0
content-type
text/plain
https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png
www.deepinstinct.com/_ipx/w_64,q_75/
Redirect Chain
  • https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=...
  • https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png?url...
667 B
752 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
8fd4ce59a9d1e64d62c68a2abea4d2859757babb19c8032c04a4ab4c9926cf3e
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYJTAE7HMPPA4TJPG4V5
content-security-policy
default-src 'none'
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
server
Netlify
age
68103
etag
"29b-3YSIgYnl2n3svoll5wPkSuDKgr8"
content-type
image/png
cache-control
public,max-age=0,must-revalidate
content-length
667

Redirect headers

location
/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75
x-nf-request-id
01HEX2HYE49FQ3QCP68BJPA2M2
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=31536000
server
Netlify
age
0
content-type
text/plain
who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms.json
www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/blog/ 		29 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/blog/who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms.json?pid=who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
fb6493ea57bebb6060e90beff8e57ede458f2c89e45c0f6315794eed3cfbe4c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

purpose
prefetch
x-nextjs-data
1
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYEB37DSWED236QGNJGN
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-nextjs-matched-path
/en/blog/[pid]
age
281
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache
REVALIDATED
x-xss-protection
1
server
Netlify
etag
"7468-Yr4pUgcBnMmL0XLl+jylxzz/J/Y-df-df"
x-nf-render-mode
odb ttl=600
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
public,max-age=0,must-revalidate
blog.json
www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/ 		86 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/blog.json?pid=blog
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
ca06cd3abb75b09794e6a6bf9c0ec12937e1e0ce74ced72f9d701ad96d7fa18f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

purpose
prefetch
x-nextjs-data
1
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYEBPME84BJFXHQ9GJCT
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-nextjs-matched-path
/en/[pid]
age
53
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache
REVALIDATED
x-xss-protection
1
server
Netlify
etag
"156e5-kxT4SeTG9K6J9rdiH4bQtlG9dSA-df"
x-nf-render-mode
odb ttl=60
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
public,max-age=0,must-revalidate
%5Bpid%5D-e8101f9528849ba0.js
www.deepinstinct.com/_next/static/chunks/pages/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/pages/%5Bpid%5D-e8101f9528849ba0.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYEFN3X01M5PSR78KH1K
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
68103
etag
"65a83d78c9f8344de4cde5ac41144f3f-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
1261
x-xss-protection
1
1.json
www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/author/simon-kenin/page/ 		236 KB
58 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/author/simon-kenin/page/1.json
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
244ccada1b70efc6f385bac65906c91e4a4944acfc523f10ca11f1f6462504be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

purpose
prefetch
x-nextjs-data
1
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYEB29G01M4T4T6HYZ2P
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-nextjs-matched-path
/en/author/[uid]/page/[pid]
age
57
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache
REVALIDATED
x-xss-protection
1
server
Netlify
etag
"3b16b-TCpaZvyqkCxEPBDA/+AtDo78OX0-df-df"
x-nf-render-mode
odb ttl=60
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
public,max-age=0,must-revalidate
%5Bpid%5D-a925212826d2c176.js
www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/%5Bpid%5D-a925212826d2c176.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYEFN1YP5KECW069N65H
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
125074
etag
"24a31a798b0e930486fc4fb524eccf20-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
3535
x-xss-protection
1
1.json
www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/author/deep-instinct-research/page/ 		236 KB
59 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/author/deep-instinct-research/page/1.json
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
54bd67739adf83453497cd0c2f4865c03564e6f6d0ce20b3efdd4441c24ac01d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

purpose
prefetch
x-nextjs-data
1
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYEF6YTWVC1XNXK6EXEK
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-nextjs-matched-path
/en/author/[uid]/page/[pid]
age
57
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache
REVALIDATED
x-xss-protection
1
server
Netlify
etag
"3ae4c-NCqWl22aXKeX2PxQt+yoEAkDHdQ-df-df"
x-nf-render-mode
odb ttl=60
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
public,max-age=0,must-revalidate
partners.json
www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/ 		23 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/data/7xJ-RmLF38-VKhUkEeJOA/en/partners.json?pid=partners
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
414df3d1628d58b645d698da49275d3b1213c5bd4a48f6c180d40921861e06a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

purpose
prefetch
x-nextjs-data
1
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYEFJ2DFREJ9EDAVEDSW
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-nextjs-matched-path
/en/[pid]
age
545
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache
REVALIDATED
x-xss-protection
1
server
Netlify
etag
"5bca-IT5vZZO11c2yL1v61fwEf16DgMQ-df-df"
x-nf-render-mode
odb ttl=600
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
public,max-age=0,must-revalidate
insight.beta.min.js
snap.licdn.com/li.lms-analytics/ 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f1affc5a4519444738495286362e833214d11646998cd2d5ece5e4de75cd8b8e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 08 Nov 2023 07:18:40 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=34608
accept-ranges
bytes
content-length
15307
/
www.google.com/pagead/1p-user-list/812608847/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/812608847/?random=1699635329128&cv=11&fst=1699632000000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v78451102&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&frm=0&tiba=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&fmt=3&is_vtc=1&cid=CAQSGwDICaaN-8nnYwm2q8rCsDU4pGwjKbBDZFHmmw&random=3928912082&rmt_tld=0&ipr=y
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/812608847/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/812608847/?random=1699635329128&cv=11&fst=1699632000000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v78451102&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&frm=0&tiba=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&fmt=3&is_vtc=1&cid=CAQSGwDICaaN-8nnYwm2q8rCsDU4pGwjKbBDZFHmmw&random=3928912082&rmt_tld=1&ipr=y
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
17571311.js
bat.bing.com/p/action/ 		0
118 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/17571311.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Fri, 10 Nov 2023 16:55:28 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D8DC305DE5F34B6DB8092840CBF1FC8B Ref B: FRA31EDGE0517 Ref C: 2023-11-10T16:55:29Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=17571311&Ver=2&mid=1d12b8c4-0d87-4e43-b8ac-bf7d2fcff4d9&sid=f41f61607fe911eeb24f0f8bd5be4a16&vid=f41f68007fe911ee859947cd59dedd55&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&p=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&r=&lt=2134&evt=pageLoad&sv=1&rn=927521
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 10 Nov 2023 16:55:28 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 39FB33C10C5A438EB75EDADB078227DD Ref B: FRA31EDGE0517 Ref C: 2023-11-10T16:55:29Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/i/ 		43 B
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=8b3dac93-0acd-4366-b78a-f8b4e838a9f0&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=06cb50fa-7a43-454b-adab-95ee1388b4fb&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o61n5&type=javascript&version=2.3.29
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-response-time
110
date
Fri, 10 Nov 2023 16:55:28 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
3822057e5e05c89d
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
9a739b4038c019493b2acc4207998334e2df6ded6125197c3954d4ad269587d5
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=8b3dac93-0acd-4366-b78a-f8b4e838a9f0&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=06cb50fa-7a43-454b-adab-95ee1388b4fb&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o61n5&type=javascript&version=2.3.29
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-response-time
110
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
0b043232498dccaf
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
86e3e4bf126b8befc77fad4133bbaf835dcdf22085e39cf92d8cf80909553c65
content-length
43
adsct
t.co/i/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=24609397-71e7-4581-b54d-631cf88c86dd&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=06cb50fa-7a43-454b-adab-95ee1388b4fb&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzc8r&type=javascript&version=2.3.29
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-response-time
110
date
Fri, 10 Nov 2023 16:55:28 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
21b0afd507db2a02
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
9a739b4038c019493b2acc4207998334e2df6ded6125197c3954d4ad269587d5
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=24609397-71e7-4581-b54d-631cf88c86dd&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=06cb50fa-7a43-454b-adab-95ee1388b4fb&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzc8r&type=javascript&version=2.3.29
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-response-time
104
date
Fri, 10 Nov 2023 16:55:29 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
1ccff174c4aacab6
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
86e3e4bf126b8befc77fad4133bbaf835dcdf22085e39cf92d8cf80909553c65
content-length
43
modules.4fff30a11f83c70bc2a1.js
script.hotjar.com/ 		225 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.4fff30a11f83c70bc2a1.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1665869.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.227.219.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-227-219-71.ams54.r.cloudfront.net
Software
/
Resource Hash
a603b2b20c78990ff3b6b9e99a5d303b936d8885950ced8135df87c23eff4f20
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 12:03:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 c149c6b8a4d6f497cac6f2d9e9e6be40.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS54-C1
age
103943
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
57093
last-modified
Thu, 09 Nov 2023 12:03:05 GMT
etag
"90fe477ee0715709dc5b1153c76d0f7a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
zevaQdmo04_Gzp7ZGLJYGWIFz3pW5Ur657IvnqgaIVG0ZGC2GMBjsQ==
sync
s.company-target.com/s/ Frame 156F 		634 B
977 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.company-target.com/s/sync?exc=lr
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/8430ce879b38826d.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
22.71.96.34.bc.googleusercontent.com
Software
/
Resource Hash
6174d10d3e161101420ca50b5b7600ea8b72e37e18d1d2ba7390bf19e63f44a9

Request headers

Referer
https://www.deepinstinct.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-methods
GET,OPTIONS
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
634
content-type
text/html; charset=UTF-8
date
Fri, 10 Nov 2023 16:55:29 GMT
via
1.1 google
464526.gif
id.rlcdn.com/ 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=277726493&t=pageview&_s=1&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&ul=en-us&de=UTF-8&dt=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAACAAI~&jid=1082971068&gjid=957979602&cid=452048155.1699635330&tid=UA-69598329-1&_gid=81396721.1699635330&_r=1&_slc=1&gtm=45He3b81n8152PC3MWv78451102&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=598772034
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.deepinstinct.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.deepinstinct.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
468591697375107
connect.facebook.net/signals/config/ 		133 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/468591697375107?v=2.9.138&r=stable&domain=www.deepinstinct.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d00d5db194be9a2ea7f7879a6bd33b835e2ee9f1db26f72dddfcf36e8ffdd039
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 10 Nov 2023 16:55:29 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
dqRBv3kWXezVo7KY+ClgIY/rO2Ttj4Tx1Kgwyp+Jm9H9C6lsH1cITNnUWZD+XD78WW7T8rNnOPorPQCmnrnU2w==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-P5MMKMDSNW&gtm=45je3b81v868549395z878451102&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=452048155.1699635330&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699635329&sct=1&seg=0&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&dt=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&en=page_view&_fv=1&_ss=1&tfd=2265
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P5MMKMDSNW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.deepinstinct.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
leadflows.js
js.hsleadflows.net/ 		551 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:7b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee041148b4d2b4bfb2a9dbff837265a3484bb6ef80a18174ee45309237654c74
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.deepinstinct.com/
Origin
https://www.deepinstinct.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
age
33798
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1275/bundle/main/lead-flows-release.js&cfRay=823c99a4bce61945-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"df7c200fc1e8a1a0c9d50df4fbec7e86"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1275/bundle/main/lead-flows-release.js
date
Fri, 10 Nov 2023 16:55:29 GMT
x-amz-version-id
RTyeMetKvg_dT1r75rKZucXAeC83sdPJ
via
1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
3887efb1-0c65-44a6-952e-c301dc43ed91
x-cache
RefreshHit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
36
x-evy-trace-route-configuration
listener_https/all
x-request-id
3887efb1-0c65-44a6-952e-c301dc43ed91
last-modified
Wed, 25 Oct 2023 14:35:17 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-59f9889544-968f6
cf-ray
823fd2ca7a6c37f1-FRA
x-amz-cf-id
F7RZucFdVEXq1IGdsq5cSi25FTnxa7bwNM1Ts9_x438V0-zH_MKmZQ==
2183098.js
js.hs-analytics.net/analytics/1699635300000/ 		66 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1699635300000/2183098.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5441d39b27f984962c1ec13d1135823d873b4be6863d60e8c172d0ae03a57dd6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
GGW6YC8HJPXBKF40
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
3c939347-ea6b-4f77-b019-398e77d6e04d
x-envoy-upstream-service-time
21
x-amz-id-2
bjqAEl+qzhL5jpO9dQAsf3f4kmgZOLq6EydEjNBI5fwclZJkPAS4QqBVY+1HQ/1YNfJVl2mpUJF+X5JKZMfHq5toi3lPYkOUoXCpEL78pRQ=
x-evy-trace-listener
listener_https
x-request-id
3c939347-ea6b-4f77-b019-398e77d6e04d
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 12 Oct 2023 14:57:10 GMT
server
cloudflare
etag
W/"e8cd368ba34cc8caada0df8c6d9a741d"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-576b4d6667-htrdg
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
823fd2cacb409b1b-FRA
expires
Fri, 10 Nov 2023 17:00:29 GMT
2183098.js
js.hs-banner.com/ 		62 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/2183098.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
781c8a27510830055826971efdbb0d1284811e2c84664559a57698ae6c8e5e9f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:30 GMT
x-amz-version-id
5U7khN0c6ImN66SffDN46Xc._o57ZICo
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
M2DM3PW3DARH3C1F
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
b4414c58-4ae9-409d-b4c6-8a66f607571e
x-envoy-upstream-service-time
44
x-amz-id-2
ut+0QB4Nqwdo8N980BGXntuxhtb3mxHC9/tvyoYe8g/nu5vLVVglvKuTn4s83xLNRENF5ZggDdg=
x-evy-trace-listener
listener_https
x-request-id
b4414c58-4ae9-409d-b4c6-8a66f607571e
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 17 Apr 2023 15:03:31 GMT
server
cloudflare
etag
W/"54bd990a23daa4e471eca6de0c3967b2"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://info.deepinstinct.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-jgkmt
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
823fd2caee2b30c0-FRA
expires
Fri, 10 Nov 2023 17:00:29 GMT
ipv
cdn.bizible.com/ 		43 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=c0333c570cee4ddff5f450ed3b6a8a37&_biz_l=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&_biz_t=1699635329559&_biz_i=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&_biz_n=0&rnd=401780&cdn_o=a&_biz_z=1699635329560
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BA) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
last-modified
Tue, 07 Nov 2023 17:44:12 GMT
server
ECS (frb/67BA)
age
256277
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/gif
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
43
expires
-1
u
cdn.bizibly.com/ 		43 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizibly.com/u?_biz_u=c0333c570cee4ddff5f450ed3b6a8a37&_biz_l=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&_biz_t=1699635329563&_biz_i=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&rnd=692345&cdn_o=a&_biz_z=1699635329563
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6752) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
last-modified
Tue, 07 Nov 2023 17:44:11 GMT
server
ECS (frb/6752)
age
256278
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/gif
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
43
expires
-1
ip.json
api.company-target.com/api/v2/ 		456 B
953 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&page_title=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-57.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
a8bf87e9954ff307c0ed5aff9e697455b1e6f85882d395847990883f1276ff16

Request headers

Referer
https://www.deepinstinct.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
identification-source
CENTRAL
content-encoding
gzip
via
1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
x-cache
Miss from cloudfront
request-id
7c2bdbf9-8916-4de1-9beb-6975c4b173e9
pragma
no-cache
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.deepinstinct.com
access-control-expose-headers
x-amz-cf-id
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding, Origin
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
BLMZXe5zzJkNI3m1YL70YScRWx6lTGg18A26cQzrTQQQUg5CaDUqwQ==
expires
Thu, 09 Nov 2023 16:55:29 GMT
gif.gif
ibc-flow.techtarget.com/a/ 		43 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16780454&r=1699635329573&ref=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&version=2.4
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
16780454
Referer
https://www.deepinstinct.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
via
1.1 google
x-guploader-uploadid
ABPtcPrz8Zfd4wW2bSZXI8Py8LKXDxY_bXmIfihUaPEpvEU-_-nqJEA8uMVB5txbntUJIusPAh8
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Fri, 10 Nov 2023 17:55:29 GMT
gif.gif
ibc-flow.techtarget.com/a/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16780454&r=1699635329573&ref=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.deepinstinct.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Fri, 10 Nov 2023 16:55:29 GMT
expires
Fri, 10 Nov 2023 16:55:29 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
ABPtcPqQhfrvvynxloFTPt5AxmlBv-ehXNv0Z3oP4TXc-QSSGnhNjC_ppZvMtp2_zhmUuTdin0nY_ltGGQ
1259.2c2ed873ed26db49.js
www.deepinstinct.com/_next/static/chunks/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/1259.2c2ed873ed26db49.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-c3b37b2acfb2202f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
66452618423fb997d299a94cd1373cd8d9ecc3c3976be0a6dbe3adf78113768e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYJ9A9V9847AAANQGPMM
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
76760
etag
"ab8ef07af7d4624e3bd97c72df973ae5-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
937
x-xss-protection
1
collect
stats.g.doubleclick.net/j/ 		4 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-69598329-1&cid=452048155.1699635330&jid=1082971068&gjid=957979602&_gid=81396721.1699635330&_u=YGBACEAABAAAACAAI~&z=1024812937
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.deepinstinct.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 10 Nov 2023 16:55:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.deepinstinct.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D316505%26time%3D1699635329606%26url%3Dhttps%253A%252F%252Fwww.deepinstinct.com%25...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&cookiesTest=true&liSync=true&e_ipv6=AQKr580Ts0pKNgAAAYu6KP2NU9ZzPwEUhuXSLlK3fqtz21wZkuAfhP7k9k-c0XfOxUp-jFo
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:30 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 2851F59D7AC24491A50CCAD726DDAE1A Ref B: FRAEDGE1713 Ref C: 2023-11-10T16:55:30Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYJzzAisQkfeVSd5heFcQ==

Redirect headers

date
Fri, 10 Nov 2023 16:55:30 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 7C3C9AE665C5423B8760C1A9EEBCB5F3 Ref B: FRAEDGE1315 Ref C: 2023-11-10T16:55:30Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1699635329606&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&cookiesTest=true&liSync=true&e_ipv6=AQKr580Ts0pKNgAAAYu6KP2NU9ZzPwEUhuXSLlK3fqtz21wZkuAfhP7k9k-c0XfOxUp-jFo
x-li-proto
http/2
content-length
0
x-li-uuid
AAYJzzAeVTX4dactmfL9iQ==
NW3rMrxBqJx71BachJFa.json
s.swiftypecdn.com/install/v2/config/ 		19 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.swiftypecdn.com/install/v2/config/NW3rMrxBqJx71BachJFa.json
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9a496e8b9da307a0d817e4104c0418c6ff0c8841c6bbb8e426a424d304ac3296
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.deepinstinct.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 16:55:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Via
1.1 varnish
X-Permitted-Cross-Domain-Policies
none
Age
0
X-Cache
HIT
Connection
keep-alive
Content-Length
4251
X-XSS-Protection
1; mode=block
X-Request-Id
f32594c91a693f8abd60e6615bd9cf77
X-Served-By
cache-fra-etou8220041-FRA
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 16 May 2023 16:51:29 GMT
X-Timer
S1699635330.739196,VS0,VE402
ETag
W/"0b4dc992c692095d33a1f63f87bd38a6"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Access-Control-Max-Age
7200
Access-Control-Allow-Methods
GET, POST
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
max-age=300, public
Access-Control-Allow-Credentials
true
Vary
Accept-Encoding, Origin
Accept-Ranges
bytes
X-Cache-Hits
1
xdc.js
cdn.bizible.com/ 		116 B
324 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bizible.com/xdc.js?_biz_u=c0333c570cee4ddff5f450ed3b6a8a37&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.11.09
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6711) /
Resource Hash
4951488ad4a05a3db018d42b6073a30375aa837c4ead90a790ffe6544c1f5b99

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
gzip
server
ECS (frb/6711)
etag
AFA48559
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
content-length
218
2d4171153a738fd1.css
www.deepinstinct.com/_next/static/css/ 		12 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/css/2d4171153a738fd1.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
6b31f4b8b0718aa065acf1bfed1a4e2752468dd49bc9a69958319e8bdda1662e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYM5ZR7VCSJVDQJA3QH2
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
82807
etag
"c2b8dc2874d4fba1b21273311c775663-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
2653
x-xss-protection
1
%5Bpid%5D-a925212826d2c176.js
www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/%5Bpid%5D-a925212826d2c176.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
edf4b08b41a717a075bdc5d59065035fa94234ca5da24007f29a448801f18370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYM8YYNP16VDMT2PM5V9
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
125074
etag
"24a31a798b0e930486fc4fb524eccf20-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
3535
x-xss-protection
1
342e76a12e9c3fc6.css
www.deepinstinct.com/_next/static/css/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/css/342e76a12e9c3fc6.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
7efb5d9b18e1bef83db80644900955f21963b722c52029d52fe20bba429892cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYM8Q1KJNRN9WKN1QZ31
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
125074
etag
"06784b7518dfc7e9a4709916db0ebded-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
2830
x-xss-protection
1
%5Bpid%5D-e8101f9528849ba0.js
www.deepinstinct.com/_next/static/chunks/pages/ 		6 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/chunks/pages/%5Bpid%5D-e8101f9528849ba0.js
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
b773cec295db3c25fc71b55ef9af457715a381bdb4cd25f31c7782e6b92bd929
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYM8STMRR0GSDMSA93PP
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
68103
etag
"65a83d78c9f8344de4cde5ac41144f3f-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
1261
x-xss-protection
1
294699dc84197aa3.css
www.deepinstinct.com/_next/static/css/ 		11 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.deepinstinct.com/_next/static/css/294699dc84197aa3.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6202::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
2ef43ede35399537b9dfc7c34d67b708229ed3b1968116126c7690a61eca7117
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nf-request-id
01HEX2HYM8PF0AS1KDW8GZGRSJ
date
Fri, 10 Nov 2023 16:55:29 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
25233
etag
"6a09b960ad0b062e3973fcf805973cc0-ssl-df"
surrogate-control
max-age=300, stale-while-revalidate=900, stale-if-error=900
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
content-length
2342
x-xss-protection
1
/
content.hotjar.io/ 		56 B
161 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.hotjar.io/?gzip=1
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.72.40.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-40-201.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
19ff3872385e1bd1fa475c3103f9d5c07a37522bbd92225eb6d501cd2bdda836

Request headers

Referer
https://www.deepinstinct.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 10 Nov 2023 16:55:30 GMT
content-length
56
vary
Origin
content-type
application/json
rum
dsum-sec.casalemedia.com/ Frame 156F
Redirect Chain
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715360129&external_user_id=77ac33b9-4f51-4bf1-be6d-3dd131ea0218
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715360129&external_user_id=77ac33b9-4f51-4bf1-be6d-3dd131ea0218&C=1
43 B
561 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715360129&external_user_id=77ac33b9-4f51-4bf1-be6d-3dd131ea0218&C=1
Requested by
Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:30 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vptZzG6zW6256RmHJJ%2B6BniVanvdJLFO1OvwuGX0vqTCQWsRql6W6U0YK6YDPvrrK8A3y%2Bps234bPSvhV6bbWgD2QmIOOEQ3Xh91cZ5eqJkEjCXnfs9rmAZaShKuUfKLQ7TX%2BiR85%2B7n4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
823fd2cc684b7188-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMzZoSf93XTkwNxqGQefDi0phNUZriyOxH6V0DA8hO1ntLiPAELDUGzD%2BkrL2LQhe%2BdaApFYOpxRF%2FJnhpGaNTgGcKTKQJvZNLOClkKaq50eIjaSACBPF7Vp5k9LhnpMiAeNaSjteGmzbA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=18&expiry=1715360129&external_user_id=77ac33b9-4f51-4bf1-be6d-3dd131ea0218&C=1
cache-control
no-cache
cf-ray
823fd2cbff947188-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
sync
partners.tremorhub.com/ Frame 156F 		43 B
392 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://partners.tremorhub.com/sync?UIDM=77ac33b9-4f51-4bf1-be6d-3dd131ea0218
Requested by
Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4200:3683:4ea:82e2:31f Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Fri, 10 Nov 2023 16:55:30 GMT
server
nginx
content-type
image/gif
tap.php
pixel.rubiconproject.com/ Frame 156F 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?nid=5578&put=77ac33b9-4f51-4bf1-be6d-3dd131ea0218&v=1181926
Requested by
Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
bg9s
tag-logger.demandbase.com/ 		0
417 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=BLMZXe5zzJkNI3m1YL70YScRWx6lTGg18A26cQzrTQQQUg5CaDUqwQ==&api-version=v2
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2449:da00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id
8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
date
Fri, 10 Nov 2023 16:23:04 GMT
via
1.1 3a5e4105e7e14b13dcdcd3f0d9062fa0.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
age
1958
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
content-length
0
last-modified
Tue, 07 Mar 2023 20:47:02 GMT
server
AmazonS3
etag
"d41d8cd98f00b204e9800998ecf8427e"
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
accept-ranges
bytes
x-amz-cf-id
gKa8z7tXKgYYwK8B2EQ-KE9fe_t0srJyb7gOhgGjWGK-XQT4B4Do6A==
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=277726493&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&ul=en-us&de=UTF-8&dt=MuddyC2Go%20%E2%80%93%20Latest%20C2%20Framework%20Used%20by%20Iranian%20APT%20MuddyWater%20Spotted%20in%20Israel%20%7C%20Deep%20Instinct%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBACEABBAAAACAAI~&jid=&gjid=&cid=452048155.1699635330&tid=UA-69598329-1&_gid=81396721.1699635330&gtm=45He3b81n8152PC3MWv78451102&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=Residential&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=DE&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd13=(Non-Company%20Visitor)&z=1539672894
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 10:01:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
24814
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69598329-1&cid=452048155.1699635330&jid=1082971068&_u=YGBACEAABAAAACAAI~&z=888975457
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69598329-1&cid=452048155.1699635330&jid=1082971068&_u=YGBACEAABAAAACAAI~&z=888975457
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 16:55:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
332937911623471
connect.facebook.net/signals/config/ 		133 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/332937911623471?v=2.9.138&r=stable&domain=www.deepinstinct.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eb92daae08096abd9391669dd975060a5c37b4404475830cce0ed7dd878c719e
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 10 Nov 2023 16:55:29 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
a3XKLLprOXrgmyE8tHzgCwvUvqdy9ixFny9qUH3yEsxCNuK5bo+uu2lZ2IwYmYLivAZRtTDUA3p4slytumUdlQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
321e2550-2e27-4dc8-bac7-6782f6811804
https://www.deepinstinct.com/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://www.deepinstinct.com/321e2550-2e27-4dc8-bac7-6782f6811804
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=468591697375107&ev=PageView&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&rl=&if=false&ts=1699635330026&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1699635330025.1033480164&ler=empty&it=1699635329534&coo=false&rqm=GET
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 10 Nov 2023 16:55:30 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=332937911623471&ev=PageView&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&rl=&if=false&ts=1699635330027&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1699635330025.1033480164&ler=empty&it=1699635329534&coo=false&rqm=GET
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 10 Nov 2023 16:55:30 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
s.swiftypecdn.com/assets/ 		89 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s.swiftypecdn.com/assets/new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
Requested by
Host: s.swiftypecdn.com
URL: https://s.swiftypecdn.com/install/v2/st.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

X-Cache-Hits
1205
Date
Fri, 10 Nov 2023 16:55:30 GMT
Content-Encoding
gzip
Via
1.1 varnish
Age
154515
X-Cache
HIT
Connection
keep-alive
Content-Length
33983
X-Served-By
cache-fra-etou8220077-FRA
X-Timer
S1699635330.184835,VS0,VE0
ETag
"62b9d075-84bf"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000, public
Accept-Ranges
bytes
Expires
Thu, 07 Nov 2024 22:00:14 GMT
cc.js
cc.swiftype.com/ 		43 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cc.swiftype.com/cc.js?engine_key=zPgdszsQivuSeQwTEHrm&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
169.63.31.200 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
c8.1f.3fa9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/gif
Date
Fri, 10 Nov 2023 16:55:30 GMT
Cache-Control
no-cache
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Connection
keep-alive
Content-Length
43
Expires
Fri, 10 Nov 2023 16:55:29 GMT
messenger
app.qualified.com/w/1/DxHYmKWTScn3buDp/ Frame 51FC 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.qualified.com/w/1/DxHYmKWTScn3buDp/messenger?uuid=466828c6-e3d6-44e8-a663-4dbc2d5763d2
Requested by
Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=DxHYmKWTScn3buDp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.211.230.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-211-230-249.compute-1.amazonaws.com
Software
/
Resource Hash
cccb2e9f78c5e58ef16019c6435cef84c25f0e2856156a3e9927d63c1a7081fd
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.deepinstinct.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, private, must-revalidate
Content-Encoding
gzip
Content-Length
1613
Content-Security-Policy
Content-Type
text/html; charset=utf-8
Date
Fri, 10 Nov 2023 16:55:30 GMT
Etag
W/"cccb2e9f78c5e58ef16019c6435cef84"
Link
<https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
Accept-Encoding
Via
1.1 spaces-router (devel)
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
a1a4c690-7410-edec-8d5c-ccc1aa4d76bb
X-Runtime
0.017845
X-Xss-Protection
1; mode=block
/
px.ads.linkedin.com/wa/ 		0
198 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://www.deepinstinct.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 10 Nov 2023 16:55:30 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 69DDEC85CCC3459296612B9486A4939D Ref B: FRAEDGE1315 Ref C: 2023-11-10T16:55:30Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
access-control-allow-origin
https://www.deepinstinct.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYJzzAljabntjlUpTZOkg==
messenger-94e6eccc.chunk.css
assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame 51FC 		35 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.qualified.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
x-amz-version-id
RF4VOXHksQKQSRxJS1GMoTF3HPWvoFud
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
61S179T19G9EG0FC
age
3705
x-amz-server-side-encryption
AES256
x-amz-id-2
flo9L8sm5fEHx5iKp5YWqreNGgjVKQZfdwHzfm65VOziYyQ5wIbPmFqUgFK29woOYsmJILLkVdbpt9CPuH7iT/ggqV3z5DWqZcnrNT/y/aE=
last-modified
Mon, 30 Oct 2023 21:52:55 GMT
server
cloudflare
etag
W/"a788ecf510f83ee517cbaf79306145dd"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
cf-ray
823fd2d3583e2c4f-FRA
expires
Fri, 10 Nov 2023 20:55:31 GMT
messenger-ea37ea0f.chunk.css
assets.qualified.com/packs/css/widget/sandboxed/ Frame 51FC 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css
Requested by
Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.qualified.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
x-amz-version-id
GNNoEytZ9HzQl9NdhfvaMxkWW2jXCoSs
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
B0Y5932KV3280P3W
age
3726
x-amz-server-side-encryption
AES256
x-amz-id-2
xlzuxbmWosjJv0LOm9S6NeXciN2dmjlv+m0wL0iv6hvF4n4qA5tWXdgw2hkTARHooArzdYvKa9I=
last-modified
Wed, 01 Nov 2023 22:33:45 GMT
server
cloudflare
etag
W/"22d5f23e695250d3c5a5b1e76a015c5e"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
cf-ray
823fd2d3583d2c4f-FRA
expires
Fri, 10 Nov 2023 20:55:31 GMT
messenger~runtime-eb63247738aa7d0c7743.js
assets.qualified.com/packs/js/widget/sandboxed/ Frame 51FC 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-eb63247738aa7d0c7743.js
Requested by
Host: app.qualified.com
URL: https://app.qualified.com/w/1/DxHYmKWTScn3buDp/messenger?uuid=466828c6-e3d6-44e8-a663-4dbc2d5763d2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4efb70a90e9081fbe3151af50158e71ac04eaefc8f3ccf80ea6f6b4a60ccc8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.qualified.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
x-amz-version-id
gL5TQIdolmDrOJZ2ZsoX24M65XiFpkhF
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
3YA6BXR1AMMV728V
age
5986
x-amz-server-side-encryption
AES256
x-amz-id-2
4TWTCXOtli38+BKtfVQnbbIoIBjBS4tvtL24eqKGvCyijg1QaA4NClQmtP/QrfCjQF90oJJTfBs=
last-modified
Fri, 10 Nov 2023 03:07:33 GMT
server
cloudflare
etag
W/"770c2c18fef59722e878ae35ce95c80f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
823fd2d358442c4f-FRA
expires
Fri, 10 Nov 2023 20:55:31 GMT
messenger-f78fd0ffe7bd818ee4e0.chunk.js
assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame 51FC 		1 MB
368 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-f78fd0ffe7bd818ee4e0.chunk.js
Requested by
Host: app.qualified.com
URL: https://app.qualified.com/w/1/DxHYmKWTScn3buDp/messenger?uuid=466828c6-e3d6-44e8-a663-4dbc2d5763d2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
240172a49ade5747e91ac57801bbfc57f4314a510ddceb371a7bd60e2640440c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.qualified.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
x-amz-version-id
N7llWKRev0_7ZrM3.rErP7lnXo1noiVt
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
XPGBS7PDVBY4BFSR
age
3467
x-amz-server-side-encryption
AES256
x-amz-id-2
BXDo3GbIbQsHgDgt1GrFrVHg73T3hd8cG5Jc3rmwgZVs58oo9l//gOa0pNiWJZ2wslYm+R60Q1y4DW7alwcaEB7uJdZDWPIF5nO4JKgg9Ew=
last-modified
Mon, 06 Nov 2023 19:28:56 GMT
server
cloudflare
etag
W/"d5492d372b24438516f0185a4ac2ef2b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
823fd2d358402c4f-FRA
expires
Fri, 10 Nov 2023 20:55:31 GMT
messenger-7b42551dd75090b8d4c5.chunk.js
assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame 51FC 		844 KB
189 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-7b42551dd75090b8d4c5.chunk.js
Requested by
Host: app.qualified.com
URL: https://app.qualified.com/w/1/DxHYmKWTScn3buDp/messenger?uuid=466828c6-e3d6-44e8-a663-4dbc2d5763d2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72682c773eba7d652ca7b23c8259a52220862f0b48c34a2954dc69dbd567cb0b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.qualified.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
x-amz-version-id
ntvQ7geLNj8ByJr3MoldQk_5IY8F_mpW
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
ZYPV37HVPKYT9HRB
age
5986
x-amz-server-side-encryption
AES256
x-amz-id-2
RVUHvOL0Xxm4KUqGXZmkzC0uQ2wzD3xTKBXWVKPqYQwZ7im7wNgdQPj/+1UVVAh9JcZvnK9/cCY=
last-modified
Fri, 10 Nov 2023 03:07:33 GMT
server
cloudflare
etag
W/"412c6dd1c9516247c18521ea3b03df8f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
823fd2d3b8c82c4f-FRA
expires
Fri, 10 Nov 2023 20:55:31 GMT
Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 51FC 		97 KB
97 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
Requested by
Host: app.qualified.com
URL: https://app.qualified.com/w/1/DxHYmKWTScn3buDp/messenger?uuid=466828c6-e3d6-44e8-a663-4dbc2d5763d2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer
https://app.qualified.com/
Origin
https://app.qualified.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
x-amz-version-id
Ts0p7fbKsZIFu_VEk6HOvm9iYpTRKuos
cf-cache-status
HIT
x-amz-request-id
FAPX6SQN6211Z29Z
age
29085208
content-length
98868
x-amz-id-2
iVHxNBUxDsBjZePojI4rKO3FuW55Pbxi+Wjl60hXgxyZAzE71JVtTCcWY82D4AF13FFljcEhKBI=
last-modified
Thu, 08 Dec 2022 23:17:25 GMT
server
cloudflare
etag
"dc131113894217b5031000575d9de002"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=31557600
accept-ranges
bytes
cf-ray
823fd2d3eb5a9000-FRA
expires
Sat, 09 Nov 2024 22:55:31 GMT
Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 51FC 		103 KB
104 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
Requested by
Host: app.qualified.com
URL: https://app.qualified.com/w/1/DxHYmKWTScn3buDp/messenger?uuid=466828c6-e3d6-44e8-a663-4dbc2d5763d2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

Request headers

Referer
https://app.qualified.com/
Origin
https://app.qualified.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
x-amz-version-id
36YvGivbsHjAoawOZR_CMZ3.HfwAMHK1
cf-cache-status
HIT
x-amz-request-id
N95SJVTAKEXDMS0W
age
746651
x-amz-server-side-encryption
AES256
content-length
105804
x-amz-id-2
KtTLC7+80gzG+/N6TfTR6o8OBwtxrwbzOA7KtMJjFUE04r1p39f2/UyZuTebTvCY2weOgOAWDgQ=
last-modified
Wed, 01 Nov 2023 22:33:50 GMT
server
cloudflare
etag
"007ad31a53f4ab3f58ee74f2308482ce"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=31557600
accept-ranges
bytes
cf-ray
823fd2d3eb569000-FRA
expires
Sat, 09 Nov 2024 22:55:31 GMT
/
sentry.io/api/1332833/envelope/ Frame 51FC 		2 B
324 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.io/api/1332833/envelope/?sentry_key=b5158ee3382d49b28a864fb2b91bcaaf&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.11.1
Requested by
Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-f78fd0ffe7bd818ee4e0.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.186.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.qualified.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
__ptq.gif
track.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=972325071&v=1.1&a=2183098&rcu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&pu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&t=MuddyC2Go+%E2%80%93+Latest+C2+Framework+Used+by+Iranian+APT+MuddyWater+Spotted+in+Israel+%7C+Deep+Instinct+Blog&cts=1699635331408&vi=d4f458ca1c7669631e4950384e356dd8&nc=true&u=160033954.d4f458ca1c7669631e4950384e356dd8.1699635331401.1699635331401.1699635331401.1&b=160033954.1.1699635331402&pt=0&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
883ab811-74c9-4b73-8e7c-3c76ef14e6a4
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
883ab811-74c9-4b73-8e7c-3c76ef14e6a4
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=65vruXfAt5xIaxfdUVUkEwYHyeWFVjXI3JPwf3kYkAWcqnjfQVravCK46EaqQiOyey%2Fq6ykgNFtCc8cKF9Qj8%2FQB0ErDNZe94OuXa7i1vki01vcGLI7EeZWa36GrmfE4D%2F2OE12zh4WliqadP9sR"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7d556d9994-cw8xv
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
823fd2d5e85cbbaf-FRA
x-robots-tag
none
json
forms.hubspot.com/lead-flows-config/v1/config/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2183098&utk=d4f458ca1c7669631e4950384e356dd8&__hstc=160033954.d4f458ca1c7669631e4950384e356dd8.1699635331401.1699635331401.1699635331401.1&__hssc=160033954.1.1699635331402&currentUrl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1a60fd146d89fdcb34955d0c41ae4d9b63df21fef4827e80ede6576504a2480
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
94cfc3a6-c192-497e-8b49-1aa2b3e37154
content-encoding
br
x-envoy-upstream-service-time
37
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
94cfc3a6-c192-497e-8b49-1aa2b3e37154
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.deepinstinct.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYHEuRCrBBtM2AAtH81spBHG5cft%2FlE2fX9bAE%2BjJ%2FuvoClx66srXR9dVYlDA0HPI6j1Bc%2B8YsyZsjm8W8KOM8AhVAbOAX06Epjia5AuOeda161vOZq4ZL6KqcKRN3oiyUr%2F2PxdQTmdFl%2B6Hy0z"}],"group":"cf-nel","max_age":604800}
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
823fd2d5fb793837-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-fd659ccfb-klgzd
enterprise.js
www.google.com/recaptcha/ 		1 KB
888 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?render=explicit
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f096fe9103014442c96f3547b43b59f6a15d9e79bd454f0ba5a7e1c7a9a719c7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Fri, 10 Nov 2023 16:55:31 GMT
__ptq.gif
track.hubspot.com/ 		45 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=edf3154a-9058-41f2-8bd8-5f0fc6bddce4&lfi=2584648&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=972325071&v=1.1&a=2183098&rcu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&pu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fmuddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel&t=MuddyC2Go+%E2%80%93+Latest+C2+Framework+Used+by+Iranian+APT+MuddyWater+Spotted+in+Israel+%7C+Deep+Instinct+Blog&cts=1699635331707&vi=d4f458ca1c7669631e4950384e356dd8&nc=true&u=160033954.d4f458ca1c7669631e4950384e356dd8.1699635331401.1699635331401.1699635331401.1&b=160033954.1.1699635331402&pt=0&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.deepinstinct.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 16:55:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
025908f2-7363-48ca-8b69-7113fab1a29c
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
5
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
025908f2-7363-48ca-8b69-7113fab1a29c
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V11ERpTfdwdzmYk%2BlHm0Z9yU8V5MZ8E9s8K%2FZ1n%2BY7eK5ePQJqYFuaoxyzcTupBKw4qIS1BYDl9vNYHvrOt9rdZl9P82UNUWu1S7ieiVgolztNm1%2F%2Fj2C0a6iV1BWi9efq2JTmakTogSxR%2FC3%2F4T"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7d556d9994-skbdp
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
823fd2d74acbbbaf-FRA
x-robots-tag
none
recaptcha__de.js
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/ 		470 KB
189 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7da2c78aebbd6e2db645e5b97424ed43196e116ef824980565996bdc513550a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.deepinstinct.com/
Origin
https://www.deepinstinct.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 11:48:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
18441
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
192495
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 03:03:27 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 09 Nov 2024 11:48:10 GMT

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| documentPictureInPicture object| google_tag_manager object| google_tag_data object| dataLayer object| google_optimize string| GoogleAnalyticsObject function| ga function| hj object| _hjSettings object| GooglebQhCsO string| _linkedin_data_partner_id function| twq function| fbq function| _fbq object| uetq object| techtargetic string| QualifiedObject function| qualified object| webpackChunk_N_E object| regeneratorRuntime function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MANIFEST function| __BUILD_MANIFEST_CB string| SwiftypeObject function| _st object| __BUILD_MANIFEST object| __SSG_MANIFEST object| process function| UET function| UET_init function| UET_push object| ueto_d6865de86f object| twttr object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| Demandbase object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady object| _hsp object| Bizible object| BizTrackingA object| BizA object| _vis_opt_queue object| LC_API function| lintrk boolean| _already_called_lintrk undefined| __st_moment undefined| __st_rome undefined| $ undefined| jQuery function| $stjq undefined| Cookies object| _InternalSwiftype object| Hashcode function| IntlMessageFormat undefined| moment undefined| rome object| Placeholders function| __st_ro function| __st_mt function| _InternalSwiftypeError object| globalRoot undefined| hns function| bindToWindowOnError object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive object| _hsq undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| _paq function| sanitizeKey boolean| _hstc_loaded boolean| _q_widgetInitialized string| _q_lastClientActivityAt boolean| _hspb_ran boolean| _hspb_loaded undefined| _st_tmp_global_locale object| ORIBILI boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| LEAD_FLOW_DOCUMENT_READY_RAN object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha

44 Cookies

Domain/Path Name / Value
.deepinstinct.com/ Name: _gcl_au
Value: 1.1.1208908221.1699635329
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.techtarget.com/ Name: __cf_bm
Value: y4cbzZ_7JxfVp2ymvzNn09LgANvVKGCyZNKOkg2ukJY-1699635329-0-AaVS3F8WRzl6bhv0FqG/pxEEeOe5PW52TDLENUO2o4qS/ukMtslgZHpin0OlsyTpDcT2NGpCESXIW0u5gV4lju4=
.deepinstinct.com/ Name: _uetsid
Value: f41f61607fe911eeb24f0f8bd5be4a16
.deepinstinct.com/ Name: _uetvid
Value: f41f68007fe911ee859947cd59dedd55
.deepinstinct.com/ Name: _gid
Value: GA1.2.81396721.1699635330
.deepinstinct.com/ Name: _gat_UA-69598329-1
Value: 1
.deepinstinct.com/ Name: _ga_P5MMKMDSNW
Value: GS1.1.1699635329.1.0.1699635329.0.0.0
.deepinstinct.com/ Name: _ga
Value: GA1.1.452048155.1699635330
.deepinstinct.com/ Name: _biz_uid
Value: c0333c570cee4ddff5f450ed3b6a8a37
.deepinstinct.com/ Name: _biz_nA
Value: 1
.bing.com/ Name: MUID
Value: 3368B2DD889A6B9F2B71A11889116A73
.bizible.com/ Name: _BUID
Value: c0333c570cee4ddff5f450ed3b6a8a37
.deepinstinct.com/ Name: _biz_pendingA
Value: %5B%5D
.bizibly.com/ Name: _BUID
Value: 382f9ef35bdfeef60721074d86b489d7
.deepinstinct.com/ Name: _hjFirstSeen
Value: 1
.deepinstinct.com/ Name: _hjIncludedInSessionSample_1665869
Value: 1
.deepinstinct.com/ Name: _hjSession_1665869
Value: eyJpZCI6IjZjZmUxNTRiLTRjMzctNDAxNC1iMjMzLTA5NWVhNzg4NTQzZSIsImNyZWF0ZWQiOjE2OTk2MzUzMjk3MjMsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjp0cnVlfQ==
.deepinstinct.com/ Name: _hjSessionUser_1665869
Value: eyJpZCI6IjUzYzc5MjU1LWU3NzEtNWJlOC1hMzZmLWEyZWU2ZDAwYTQ2OSIsImNyZWF0ZWQiOjE2OTk2MzUzMjk3MjMsImV4aXN0aW5nIjp0cnVlfQ==
.deepinstinct.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.twitter.com/ Name: personalization_id
Value: "v1_h1q01vWTPcDXluyr3lQUFg=="
.t.co/ Name: muc_ads
Value: 89c6b74e-616b-4030-aa2d-af7b76baf9b3
.company-target.com/ Name: tuuid
Value: 77ac33b9-4f51-4bf1-be6d-3dd131ea0218
.company-target.com/ Name: tuuid_lu
Value: 1699635329|ix:0|mctv:0|rp:0
.deepinstinct.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.casalemedia.com/ Name: CMID
Value: ZU5ggRj7PKpTER4kVf9oaQAA
.casalemedia.com/ Name: CMPS
Value: 2217
.casalemedia.com/ Name: CMPRO
Value: 2217
.linkedin.com/ Name: li_sugr
Value: 485703ac-ba33-4de0-9b39-2bfab762208c
.linkedin.com/ Name: bcookie
Value: "v=2&f5f9b1c8-fd26-4e94-81a7-d858903eae89"
.linkedin.com/ Name: lidc
Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2634:u=1:x=1:i=1699635329:t=1699721729:v=2:sig=AQHrNgaLNeeXHqCOnKwiuHHb088JyyyC"
.deepinstinct.com/ Name: __q_state_DxHYmKWTScn3buDp
Value: eyJ1dWlkIjoiNDY2ODI4YzYtZTNkNi00NGU4LWE2NjMtNGRiYzJkNTc2M2QyIiwiY29va2llRG9tYWluIjoiZGVlcGluc3RpbmN0LmNvbSJ9
.deepinstinct.com/ Name: _fbp
Value: fb.1.1699635330025.1033480164
.linkedin.com/ Name: UserMatchHistory
Value: AQIvXbr7UkYtBQAAAYu6KPwPwJsjnEgu6cFEJ9UQwTcIvkQLLsYCTapSHqI7aJVSkxxmXmNyst411g
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQL89Fq4uAHFYgAAAYu6KPwPiFl1Qccab37L6ZqWJEvLnUaBjC6-mJKlPgeOhrEIOMTxf4cnLyi4Xu05bkz1pw
.tremorhub.com/ Name: tvid
Value: 3d3b9a73be7c432e9f3ec8dd18053e00
.tremorhub.com/ Name: tv_UIDM
Value: 77ac33b9-4f51-4bf1-be6d-3dd131ea0218
.www.linkedin.com/ Name: bscookie
Value: "v=1&20231110165530bcd006c4-10e6-41bd-80a5-3241d53f3caaAQFryEMySe7jdCm51Qabm0eXusrcL9t_"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTk2MzUzMzA7MjswMjEtTB1B3/mR6kAYrF1ALNBRLTPHoEPaMQfYVBxtHgmrxw==
.deepinstinct.com/ Name: __hstc
Value: 160033954.d4f458ca1c7669631e4950384e356dd8.1699635331401.1699635331401.1699635331401.1
.deepinstinct.com/ Name: hubspotutk
Value: d4f458ca1c7669631e4950384e356dd8
.deepinstinct.com/ Name: __hssrc
Value: 1
.deepinstinct.com/ Name: __hssc
Value: 160033954.1.1699635331402
.hubspot.com/ Name: __cf_bm
Value: mpAVVplxXD5i69JKMo9BnfyU4spL6N0w0RgOWBe6p34-1699635331-0-AfiJBOxAtl0SsznQhjZpTcBN+reLW9qXkg975sfsQHl4pyK8tlSt7lIE/30lcjTM9CQA3W9UCW414Y3WmGUeH84=

1 Console Messages

Source Level URL
Text
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.company-target.com
app.qualified.com
assets.qualified.com
bat.bing.com
cc.swiftype.com
cdn.bizible.com
cdn.bizibly.com
connect.facebook.net
content.hotjar.io
dsum-sec.casalemedia.com
forms.hubspot.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
id.rlcdn.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
js.qualified.com
p.typekit.net
partners.tremorhub.com
pixel.rubiconproject.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.company-target.com
s.swiftypecdn.com
script.hotjar.com
sentry.io
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag-logger.demandbase.com
tag.demandbase.com
track.hubspot.com
trk.techtarget.com
u33254697.ct.sendgrid.net
use.typekit.net
www.deepinstinct.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
104.18.36.155
104.244.42.131
104.244.42.133
13.107.42.14
13.227.219.71
13.32.27.65
146.75.116.157
151.101.0.143
152.195.15.58
167.89.118.28
169.63.31.200
18.66.97.53
18.66.97.57
2001:4860:4802:32::36
2600:1f18:612b:4200:3683:4ea:82e2:31f
2600:9000:2449:da00:1d:8d6d:3b40:93a1
2606:4700:4400::6812:24c4
2606:4700:4400::ac40:991b
2606:4700::6810:50ba
2606:4700::6810:bd59
2606:4700::6812:1005
2606:4700::6812:1105
2606:4700::6812:7b0c
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:808::2002
2a00:1450:4001:808::2008
2a00:1450:4001:80b::2004
2a00:1450:4001:813::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2003
2a00:1450:400c:c0b::9d
2a02:26f0:3500:16::215:1495
2a02:26f0:3500:16::215:149b
2a02:26f0:780::210:a452
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a05:d014:58f:6202::64
34.111.208.231
34.96.71.22
35.186.247.156
35.244.174.68
54.211.230.249
54.72.40.201
69.173.144.138
0236c1f7b39cc398973cfa0206daadef1b362720c36ad19d0c2209165a45cdfa
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0dc90421cbf6414c9f1ef5e93af3dbe48a4e51899452330f0ae0b2815e38be94
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
19ff3872385e1bd1fa475c3103f9d5c07a37522bbd92225eb6d501cd2bdda836
1b791f37e7cfac61b4b9e28963f4afbbc99fce9766fe8a872d8196dc7dc21375
1bb11639b6fac45629437a0f8c465af729084e5ad3a70e61861cf170d25c1ffe
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1ef794d2735aea1a72ecc51376a0dec90f188ed0031eb818ed3a71e863d245ce
2127e8d78f9fdf06128e950834caad94dcce05a128133818a9b32102aaa06b8c
240172a49ade5747e91ac57801bbfc57f4314a510ddceb371a7bd60e2640440c
244ccada1b70efc6f385bac65906c91e4a4944acfc523f10ca11f1f6462504be
24c48fd2d041715dacda429b49d2077dc9ea1e980a8168f0a0bba850a1381a7f
2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241
25701ff46a6938978e4b3a307406ea586727388fe86ed523c6edd4435ebd6c5e
2d7c7930eb39d59cd8c2dc00652977da3ed72347e7cd465f7b540e10e2121c22
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ef43ede35399537b9dfc7c34d67b708229ed3b1968116126c7690a61eca7117
32cc58a56e1170810316c9cb82dd82a1fb379e2b82139b5ed039063bb40e4724
33dc89018fe5aed90ddd9f9615cba7412569abfad7d4995d81001e532aac79c9
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
411e8ca13318522f6b66a7d1bb6c812df06e6ee1f633b6199adafad4c6f43323
414df3d1628d58b645d698da49275d3b1213c5bd4a48f6c180d40921861e06a6
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4574422b79a9d4a5793b41636bfcf680e171b4f050e4089b78c8fb48d16af49d
478554a8c8468502a23cb6a3cd03b6f6ab8e6ffcd56a3fd04ed89cf12d42f2be
4951488ad4a05a3db018d42b6073a30375aa837c4ead90a790ffe6544c1f5b99
4ca8d18e1742fd3db821d84cdf0ea3f21c88c9f2d83316b1d6a948c4bbf3c9f6
51b4b8c58dc0511997889a77f471098b5a1c2d702f74ba23600b0f4c8b398679
5441d39b27f984962c1ec13d1135823d873b4be6863d60e8c172d0ae03a57dd6
54bd67739adf83453497cd0c2f4865c03564e6f6d0ce20b3efdd4441c24ac01d
551397ca1cc84b261fbfb4ec91a3be7e5cb4704f58bdc293808a2f06e904e8d4
58a89518d54f5ab407ea7ccae375754e395a139d226e0e3643873eec5b74134e
58cbce6773a86e5d812444badcc12a2b7da1bc9bd7508c777f67189a4a0ac6b5
5904bc0d6e72fc3e0028407f78c13aebab8a5e20104018420e1009f7cd9d1526
5d6a261605f748413f5c29c41e2de153baa2ddd4724684d1921b33adbd90bd3d
6174d10d3e161101420ca50b5b7600ea8b72e37e18d1d2ba7390bf19e63f44a9
66452618423fb997d299a94cd1373cd8d9ecc3c3976be0a6dbe3adf78113768e
66aac9d3210f68de513a93e481d67dfa843665cdba4809f3bde13aefb77e71c6
6b31f4b8b0718aa065acf1bfed1a4e2752468dd49bc9a69958319e8bdda1662e
6ce00c492fc82a2a05b2a29ec95e50f42ba69d2974ed3f0c094bc0cfb3872ee7
6e96b1e8dc2932febab8a5fd8306f98e7546a4292da63c3bd12526af4ec8455e
6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb
72682c773eba7d652ca7b23c8259a52220862f0b48c34a2954dc69dbd567cb0b
73de89ad27fa1fcfb8372b6656106165d4865b3ee287ad208f0074ef99f586b7
781c8a27510830055826971efdbb0d1284811e2c84664559a57698ae6c8e5e9f
7da2c78aebbd6e2db645e5b97424ed43196e116ef824980565996bdc513550a5
7efb5d9b18e1bef83db80644900955f21963b722c52029d52fe20bba429892cb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8908366014bb39af214d72a81154943df61d430966ae776aeda1e1bf094b10b3
8d0056dcc26b8dce6be00539697962adb12475fbf9cbf7fdcbc7c81b2ae7328d
8d5da73586712159bb569fbfbd370f05a258113b2591ba238ef4e7bde1db13b7
8fd4ce59a9d1e64d62c68a2abea4d2859757babb19c8032c04a4ab4c9926cf3e
90aca30e747dbe0cd4ae4a29a0d588aff8693e295bb1d5c322188955608f658b
948c588602a7867a3c788b2c462108cbd3f5a4855014800b5927c96b4107b09c
99a0231f29505969b964dcf374fb5f41ca7e9bbbeacaf33c9d52329fcc85d686
9a496e8b9da307a0d817e4104c0418c6ff0c8841c6bbb8e426a424d304ac3296
9c0180fc3efb7e159a483e9f2c8ea7db1595a30cd8e3bd0f7b6f391405c3352a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1a60fd146d89fdcb34955d0c41ae4d9b63df21fef4827e80ede6576504a2480
a603b2b20c78990ff3b6b9e99a5d303b936d8885950ced8135df87c23eff4f20
a650259b67fd9815669b3a36ce8881448e8d5ad989de4bcb18ecae6ca73cfabe
a8bf87e9954ff307c0ed5aff9e697455b1e6f85882d395847990883f1276ff16
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af144d639dc5c33722d3426bda462d68577e1c63ab319abf355da1ef73859495
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b773cec295db3c25fc71b55ef9af457715a381bdb4cd25f31c7782e6b92bd929
ba546f8a87a68abc792ddd24f67f1941f15f77e2605b6cad27d798cfd256df37
bb00614fc4b99cd65474e0bc17de4fb77e1380f689443fabd73508c48e1e8f9d
c4efb70a90e9081fbe3151af50158e71ac04eaefc8f3ccf80ea6f6b4a60ccc8d
c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758
ca06cd3abb75b09794e6a6bf9c0ec12937e1e0ce74ced72f9d701ad96d7fa18f
cccb2e9f78c5e58ef16019c6435cef84c25f0e2856156a3e9927d63c1a7081fd
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d00d5db194be9a2ea7f7879a6bd33b835e2ee9f1db26f72dddfcf36e8ffdd039
d4191ce5d2905101adc080dc41c1899c7f10901809b001c27ac08629111f754b
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
d619ebece095748eb92d409eaac19e4346f5d7380db0442021e0ef148bab686d
d90b93e7a6b3c90b899c78d766efd2ee94dca853b273313b8dbc333cbc328e25
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de90f9a4370cff2dafd0d322cf18b2d8c16baef1851c46e8d8624fa2b202fb18
df8d379a7d695bed8a2c8c58fa2b7b5c06837252815cf494b12e65d67c245060
e0a5ab31a6dcf260d67b1f4b919f65f84a00fd4fd82a3d025c6931d1aad18092
e2129d99ed4c964a438653772ad69f2150d35bf92422ce1547be579148328582
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d4c2cd56c1e449f5f9bc65e27a0cb358e546cc8e84b91c2773803cb7ee77b2
e527745ad15165b483c83bf7d6e745557615ee7357dd1785f4986eae41ebcdae
eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611
eb92daae08096abd9391669dd975060a5c37b4404475830cce0ed7dd878c719e
edf4b08b41a717a075bdc5d59065035fa94234ca5da24007f29a448801f18370
ee041148b4d2b4bfb2a9dbff837265a3484bb6ef80a18174ee45309237654c74
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd3f56e3104cdcd14285fd6b2430b3a18eb01bb332dedccf7e221dfc351c6be
f096fe9103014442c96f3547b43b59f6a15d9e79bd454f0ba5a7e1c7a9a719c7
f1affc5a4519444738495286362e833214d11646998cd2d5ece5e4de75cd8b8e
f9290eade0c1f3006d45aa71c8a1051c84257a9d019ee8c79e3969feef443e72
f94786fe65dcbc65b0099b471ae2bb89bbabd7fa7d8573dd3c4e0f5bbe555447
fb6493ea57bebb6060e90beff8e57ede458f2c89e45c0f6315794eed3cfbe4c2
fc3d502ace2503c2860416688a2fa238234df171764c9bdd3fef3f02cbe0e61c
ffe949841a356d3cfd5a3a73df4165d2b821ace7ac260a8c6b65477b97ab2312