research.checkpoint.com Open in urlscan Pro
2a02:26f0:6c00:18d::38f0 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Submission: On May 09 via manual (May 9th 2019, 4:16:07 pm UTC) from US

Summary HTTP 79 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 25 IPs in 4 countries across 21 domains to perform 79 HTTP transactions. The main IP is 2a02:26f0:6c00:18d::38f0, located in European Union and belongs to AKAMAI-ASN1, US. The main domain is research.checkpoint.com.
TLS certificate: Issued by DigiCert ECC Secure Server CA on October 29th 2018. Valid for: a year.

This is the only time research.checkpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	2a02:26f0:6c0... 2a02:26f0:6c00:18d::38f0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
30	2a02:26f0:6c0... 2a02:26f0:6c00:19e::38f0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
1	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
8	2.19.32.109 2.19.32.109	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2.19.43.118 2.19.43.118	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:f1:... 2a02:26f0:f1:280::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.120.157 151.101.120.157	54113 (FASTLY) (FASTLY - Fastly)
3	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	95.100.185.219 95.100.185.219	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	2a00:1450:400... 2a00:1450:400c:c09::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2a00:1450:400... 2a00:1450:4001:81e::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
2 3	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2620:109:c002... 2620:109:c002::6cae:a0a	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
2	184.31.84.223 184.31.84.223	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.16.186.243 2.16.186.243	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	192.28.144.124 192.28.144.124	53580 (MARKETO) (MARKETO - MARKETO)
1 3	18.184.119.244 18.184.119.244	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	151.101.2.2 151.101.2.2	54113 (FASTLY) (FASTLY - Fastly)
1	64.74.236.19 64.74.236.19	22075 (AS-OUTBRAIN) (AS-OUTBRAIN - Outbrain)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER - Twitter Inc.)
2	23.38.58.100 23.38.58.100	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
79	25

4 2a02:26f0:6c00:18d::38f0 (European Union)

ASN20940 (AKAMAI-ASN1, US)

research.checkpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a02:26f0:6c00:19e::38f0 (European Union)

ASN20940 (AKAMAI-ASN1, US)

research.checkpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.19.32.109 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-32-109.deploy.static.akamaitechnologies.com

sc1.checkpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.19.43.118 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-43-118.deploy.static.akamaitechnologies.com

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f1:280::3adf (European Union)

ASN20940 (AKAMAI-ASN1, US)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.120.157 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.185.219 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-100-185-219.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c09::9d (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:11:101::b93f:9005 (Ireland) 2 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:109:c002::6cae:a0a (United States) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.84.223 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-84-223.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.243 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-243.deploy.static.akamaitechnologies.com

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

750-dqh-528.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.184.119.244 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-184-119-244.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.74.236.19 (United States)

ASN22075 (AS-OUTBRAIN - Outbrain, Inc., US)
PTR: chi.outbrain.com

amplifypixel.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.38.58.100 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-58-100.deploy.static.akamaitechnologies.com

t.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	checkpoint.com research.checkpoint.com sc1.checkpoint.com	3 MB
11	sharethis.com 1 redirects platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com platform-cdn.sharethis.com t.sharethis.com	35 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com	2 KB
4	google-analytics.com www.google-analytics.com	37 KB
3	outbrain.com amplify.outbrain.com tr.outbrain.com amplifypixel.outbrain.com	3 KB
3	facebook.net connect.facebook.net	71 KB
2	marketo.net munchkin.marketo.net	5 KB
2	facebook.com www.facebook.com	250 B
2	google.de www.google.de	220 B
2	google.com 2 redirects www.google.com	361 B
2	doubleclick.net 2 redirects stats.g.doubleclick.net	325 B
1	twitter.com analytics.twitter.com	268 B
1	t.co t.co	488 B
1	mktoresp.com 750-dqh-528.mktoresp.com	272 B
1	consensu.org c.sharethis.mgr.consensu.org
1	ads-twitter.com static.ads-twitter.com	2 KB
1	crazyegg.com script.crazyegg.com	687 B
1	bizographics.com sjs.bizographics.com	5 KB
1	googletagmanager.com www.googletagmanager.com	34 KB
1	jquery.com code.jquery.com	30 KB
1	fontawesome.com use.fontawesome.com	13 KB
79	21

	Domain	Requested by
34	research.checkpoint.com	research.checkpoint.com
8	sc1.checkpoint.com	research.checkpoint.com
4	platform-cdn.sharethis.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com research.checkpoint.com
3	l.sharethis.com	1 redirects
3	px.ads.linkedin.com	2 redirects research.checkpoint.com
3	connect.facebook.net	research.checkpoint.com connect.facebook.net
2	t.sharethis.com	platform-api.sharethis.com t.sharethis.com
2	munchkin.marketo.net	research.checkpoint.com munchkin.marketo.net
2	www.facebook.com	research.checkpoint.com connect.facebook.net
2	www.google.de	research.checkpoint.com
2	www.google.com	2 redirects
2	stats.g.doubleclick.net	2 redirects
1	analytics.twitter.com	static.ads-twitter.com
1	t.co	research.checkpoint.com
1	amplifypixel.outbrain.com	research.checkpoint.com
1	tr.outbrain.com	research.checkpoint.com
1	750-dqh-528.mktoresp.com	munchkin.marketo.net
1	c.sharethis.mgr.consensu.org	platform-api.sharethis.com
1	www.linkedin.com	1 redirects
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	amplify.outbrain.com	research.checkpoint.com
1	static.ads-twitter.com	www.googletagmanager.com
1	script.crazyegg.com	www.googletagmanager.com
1	sjs.bizographics.com	www.googletagmanager.com
1	www.googletagmanager.com	research.checkpoint.com
1	platform-api.sharethis.com	research.checkpoint.com
1	code.jquery.com	research.checkpoint.com
1	use.fontawesome.com	research.checkpoint.com
79	29

This site contains links to these domains. Also see Links.

Domain
www.checkpoint.com
www.facebook.com
plus.google.com
www.linkedin.com
twitter.com
threatemulation.checkpoint.com
www.cpcheckme.com
threatmap.checkpoint.com
securelist.com
github.com
blog.trendmicro.com
blog.checkpoint.com
bit.ly

Subject Issuer	Validity	Valid
*.checkpoint.com DigiCert ECC Secure Server CA	`2018-10-29` - `2020-01-28`	a year	crt.sh
*.fontawesome.com DigiCert SHA2 Secure Server CA	`2018-09-17` - `2019-11-21`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.sharethis.com DigiCert SHA2 Secure Server CA	`2018-12-16` - `2020-03-16`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2018-04-13` - `2020-04-17`	2 years	crt.sh
ssl945600.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-12-20` - `2019-09-18`	9 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2018-08-16` - `2019-08-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-03-08` - `2019-06-06`	3 months	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2018-12-14` - `2020-03-14`	a year	crt.sh
www.google.de Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-06-06` - `2019-06-11`	2 years	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
*.sharethis.mgr.consensu.org DigiCert ECC Secure Server CA	`2018-07-31` - `2019-07-31`	a year	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-04-01` - `2019-09-07`	5 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2019-03-07` - `2020-03-07`	a year	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-01-28` - `2020-01-28`	a year	crt.sh
cert1.a1.atm.aqfer.net Let's Encrypt Authority X3	`2019-02-21` - `2019-05-22`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Frame ID: AE14A49C4BD0C56E1D7B3BFA762D3F1D
Requests: 76 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 139D3A9B296A1CF2A9B3429F8BF2A41F
Requests: 1 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Frame ID: 7763AF98D19CC3113471BE720AA961C7
Requests: 1 HTTP requests in this frame

Frame: https://t.sharethis.com/a/t_.htm?ver=0.244.10790&cid=c010&cls=B
Frame ID: C05646F161CF221FE26C87B125508FD7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^CE2$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i
env /^Munchkin$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

79
Requests

100 %
HTTPS

46 %
IPv6

21
Domains

29
Subdomains

25
IPs

4
Countries

3178 kB
Transfer

3977 kB
Size

0
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.checkpoint.com/
Title: CheckPoint.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/checkpointsoftware

Search URL Search Domain Scan URL

URL: https://plus.google.com/+checkpoint/posts

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/check-point-software-technologies

Search URL Search Domain Scan URL

URL: https://twitter.com/_cpresearch_

Search URL Search Domain Scan URL

URL: https://threatemulation.checkpoint.com/
Title: SandBlast File Analysis

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/urlcat/
Title: URL Categorization

Search URL Search Domain Scan URL

URL: http://www.cpcheckme.com/checkme/
Title: Instant Security Assessment

Search URL Search Domain Scan URL

URL: https://threatmap.checkpoint.com/ThreatPortal/livemap.html
Title: Live Threat Map

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/threatcloud-incident-response/

Search URL Search Domain Scan URL

URL: https://securelist.com/muddywater/88059/
Title: past

Search URL Search Domain Scan URL

URL: https://github.com/MalwareCantFly/Vba2Graph
Title: VBA2Graph

Search URL Search Domain Scan URL

URL: https://blog.trendmicro.com/trendlabs-security-intelligence/new-powershell-based-backdoor-found-in-turkey-strikingly-similar-to-muddywater-tools/
Title: documents

Search URL Search Domain Scan URL

URL: https://twitter.com/_CPResearch_/status/1112789106638184449
Title: discovered

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/products/threat-emulation-sandboxing/
Title: Check Point’s Threat Emulation

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/products/advanced-network-threat-prevention/
Title: SandBlast Network

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/zero-day-protection/
Title: SandBlast Zero-Day Protection

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/advisories/
Title: IPS ADVISORIES

Search URL Search Domain Scan URL

URL: http://blog.checkpoint.com/
Title: CHECK POINT BLOG

Search URL Search Domain Scan URL

URL: https://bit.ly/2Pmx8R2

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-194688-1&cid=1960457681.1557418544&jid=728874833&gjid=725890783&_gid=615346279.1557418544&_u=aGDAgEADQ~&z=1277854360 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-1&cid=1960457681.1557418544&jid=728874833&_v=j73&z=1277854360 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-1&cid=1960457681.1557418544&jid=728874833&_v=j73&z=1277854360&slf_rd=1&random=3818933049

Request Chain 56

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-194688-3&cid=1960457681.1557418544&jid=419302143&gjid=497969043&_gid=615346279.1557418544&_u=aGDAgEADQ~&z=249838359 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-3&cid=1960457681.1557418544&jid=419302143&_v=j73&z=249838359 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-3&cid=1960457681.1557418544&jid=419302143&_v=j73&z=249838359&slf_rd=1&random=3067340894

Request Chain 61

https://px.ads.linkedin.com/collect/?time=1557418545451&pid=51830&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1557418545451&pid=51830&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1557418545451%26pid%3D51830%26url%3Dhttps%253A%252F%252Fresearch.checkpoint.com%252Fthe-muddy-waters-of-apt-attacks%252F%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1557418545451&pid=51830&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&fmt=js&s=1&cookiesTest=true&liSync=true

Request Chain 66

https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&hostname=research.checkpoint.com&location=%2Fthe-muddy-waters-of-apt-attacks%2F&product=sticky-share-buttons&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&source=sharethis.js&fcmp=false&title=The%20Muddy%20Waters%20of%20APT%20Attacks%20-%20Check%20Point%20Research&publisher=5a3031770f16c70012a3c297&ts1557418545397=&sop=true HTTP 301
https://l.sharethis.com/sc?cm=ZGABE1zUUjcAAAARBBFBAw%3D%3D&uid=true&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&sop=true

79 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
research.checkpoint.com/the-muddy-waters-of-apt-attacks/ 37 KB
11 KB 2548ms
2522ms Document
text/html 2a02:26f0:6c00:18d::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:18d::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

da8a2c0cd0ee350c2be30a7fd31201a1028a7f965cc97e0c648c52829a7b0b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: research.checkpoint.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server: Apache
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Link: <http://research.checkpoint.com/?p=21193>; rel=shortlink
Cache-Control: private, max-age=600, must-revalidate
Content-Type: text/html; charset=UTF-8
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 09 May 2019 16:15:42 GMT
Content-Length: 10775
Connection: keep-alive
Set-Cookie: ROUTEID=.1; path=/;HttpOnly;Secure

GET
H/1.1 200
OK style.min.css
research.checkpoint.com/wp-includes/css/dist/block-library/ 25 KB
5 KB 50ms
49ms Stylesheet
text/css 2a02:26f0:6c00:18d::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-includes/css/dist/block-library/style.min.css?ver=5.1.1

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:18d::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

a72261a5191d1485620242b7d3b735501757aef23dedc6d27c84919af838e756

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 25 Feb 2019 23:52:54 GMT
Server: Apache
ETag: "629a-582c0a39f2180"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=600000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4258
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK style.css
research.checkpoint.com/wp-content/themes/research/ 16 KB
4 KB 38ms
14ms Stylesheet
text/css 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/style.css?ver=1.16

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

f6dafbf3df2e63d4f82554dd65d1746c683caebcef703efc7ca6443e5822378f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 03 May 2019 18:11:59 GMT
Server: Apache
ETag: "40e9-587ffafc6b9c0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=600000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4009
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.min.css
research.checkpoint.com/wp-content/themes/research/css/ 137 KB
21 KB 41ms
17ms Stylesheet
text/css 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/css/bootstrap.min.css?ver=4.1

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

34959e43e6ecf368807a84f92ad9aa6e2dcd5f0c5c1e57da55e8f3248d9d9255

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jul 2018 21:29:10 GMT
Server: Apache
ETag: "22485-57201cd647580"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=600000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21024
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK flickity.min.css
research.checkpoint.com/wp-content/themes/research/css/ 2 KB
1 KB 52ms
28ms Stylesheet
text/css 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/css/flickity.min.css?ver=1.1

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

a8da941d8a446516c824ebc9fb77b42e6b92c6deed1daed266bd821ed27bc516

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jul 2018 21:29:10 GMT
Server: Apache
ETag: "71d-57201cd647580"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=600000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 648
X-XSS-Protection: 1; mode=block

GET
H2 200 all.css
use.fontawesome.com/releases/v5.6.3/css/ 52 KB
13 KB 1046ms
12ms Stylesheet
text/css 23.111.9.35
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.6.3/css/all.css?ver=5.6.3
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 481a0574246e281316ffa0e15399bf5388bb81ae550ce0401a0353b6bb2d1e5a

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:43 GMT
content-encoding: gzip
last-modified: Thu, 20 Dec 2018 17:45:13 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"dc93d584e41f8417f6b7163320d34329"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
status: 200
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H/1.1 200
OK jquery-3.4.0.min.js Show response
code.jquery.com/ 86 KB
30 KB 1349ms
32ms Script
application/javascript 205.185.208.52
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.0.min.js?ver=5.1.1
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip052.ssl.hwcdn.net
Software: nginx /
Resource Hash: 0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Apr 2019 19:56:14 GMT
Server: nginx
ETag: W/"5cae4a5e-15857"
Vary: Accept-Encoding
X-HW: 1557418543.dop082.lo4.shc,1557418543.dop082.lo4.t,1557418543.cds087.lo4.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 30632

GET
H/1.1 200
OK bootstrap.bundle.min.js Show response
research.checkpoint.com/wp-content/themes/research/js/lib/ 66 KB
19 KB 59ms
35ms Script
application/javascript 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/js/lib/bootstrap.bundle.min.js?ver=4.1

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

bb3d017273ed487674d9766d8401cf458228596adcc0c3a6024f44ae715090db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jul 2018 21:29:12 GMT
Server: Apache
ETag: "1089e-57201cd82fa00"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private, max-age=200000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19244
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK flickity.pkgd.min.js Show response
research.checkpoint.com/wp-content/themes/research/js/lib/ 54 KB
14 KB 54ms
13ms Script
application/javascript 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/js/lib/flickity.pkgd.min.js?ver=1.0.1

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

fe2df9f6df4b4a8d7174d259f563b8d9e28e4c03f8f4092fd9db6044e0e64c32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jul 2018 21:29:12 GMT
Server: Apache
ETag: "d7c9-57201cd82fa00"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private, max-age=200000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13838
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK single-post.js Show response
research.checkpoint.com/wp-content/themes/research/js/ 397 B
719 B 86ms
39ms Script
application/javascript 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/js/single-post.js?ver=1.0.2

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

cbfee73101feaeb8d3fb0c18c79b5b0b953cdbd32549473339e742d96886b5a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Tue, 14 Aug 2018 07:21:35 GMT
Server: Apache
ETag: "18d-573600f577dc0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private, max-age=200000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 218
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK inc-header.js Show response
research.checkpoint.com/wp-content/themes/research/header/ 1 KB
956 B 62ms
15ms Script
application/javascript 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/header/inc-header.js?v=1.1

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

ae3754c54a0880a98a94c423d3e67f39b5b6f3c63516dafa33866e3e74c9f97d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 15 Nov 2018 13:37:28 GMT
Server: Apache
ETag: "47a-57ab426d8d600"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private, max-age=200000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 455
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK style.css
research.checkpoint.com/wp-content/themes/research/header/ 9 KB
2 KB 45ms
22ms Stylesheet
text/css 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/header/style.css

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

0fe8bcbcd24ab838fbbd773001253fc0353956e81c5ba9c8e23951ebdbae305a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 27 Jul 2018 21:29:11 GMT
Server: Apache
ETag: "25cb-57201cd73b7c0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=600000, must-revalidate
Date: Thu, 09 May 2019 16:15:42 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1900
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK facebook.gif
sc1.checkpoint.com/sc1/inc/html/images/social/ 1 KB
2 KB 4599ms
19ms Image
image/gif 2.19.32.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sc1.checkpoint.com/sc1/inc/html/images/social/facebook.gif
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.32.109 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-32-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 791d8c8cb135d3d53915096e999d3857b6ee16966c20a019f38699f09f6aa2ff

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:46 GMT
Last-Modified: Mon, 25 Sep 2017 18:13:31 GMT
Server: AkamaiNetStorage
ETag: "7eb7015574801089503dd7095e1d4313:1506366539"
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1254

GET
H/1.1 200
OK google-plus.gif
sc1.checkpoint.com/sc1/inc/html/images/social/ 2 KB
2 KB 4644ms
44ms Image
image/gif 2.19.32.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sc1.checkpoint.com/sc1/inc/html/images/social/google-plus.gif
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.32.109 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-32-109.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1998582382fbf956231d65be84b76e08c0c86e5ced8a99c703bdec416d876d76

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:47 GMT
Last-Modified: Mon, 25 Sep 2017 18:13:31 GMT
Server: Apache
ETag: "eedd0b2cde10b6b1930d57a10c6d0422:1506366539"
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1653

GET
H/1.1 200
OK linkedin.gif
sc1.checkpoint.com/sc1/inc/html/images/social/ 1 KB
2 KB 3247ms
13ms Image
image/gif 2.19.32.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sc1.checkpoint.com/sc1/inc/html/images/social/linkedin.gif
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.32.109 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-32-109.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a22d6b8782097b7cd9588ab582e119bfd6290278275661e9d0f96b2baec0cb8e

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:47 GMT
Last-Modified: Mon, 25 Sep 2017 18:13:31 GMT
Server: Apache
ETag: "6789b034de6591b26bbd9b5fa6b451ca:1506366539"
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1416

GET
H/1.1 200
OK email.gif
sc1.checkpoint.com/sc1/inc/html/images/social/ 1 KB
2 KB 3263ms
11ms Image
image/gif 2.19.32.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sc1.checkpoint.com/sc1/inc/html/images/social/email.gif
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.32.109 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-32-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3643b2c826a615065303aa44b8f463eb854d77934f5f25dc1f74f60d4698f9f0

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:47 GMT
Last-Modified: Mon, 25 Sep 2017 18:13:31 GMT
Server: AkamaiNetStorage
ETag: "15f1e1004accdbc019365e658249f334:1506366539"
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1407

GET
H/1.1 200
OK rss.gif
sc1.checkpoint.com/sc1/inc/html/images/social/ 2 KB
2 KB 3286ms
21ms Image
image/gif 2.19.32.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sc1.checkpoint.com/sc1/inc/html/images/social/rss.gif
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.32.109 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-32-109.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b7cfb1c9430d90b22b3f4497543a4cfef719dc40a3cce130cad766171abe8bbe

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:47 GMT
Last-Modified: Mon, 25 Sep 2017 18:13:31 GMT
Server: Apache
ETag: "8cc18e3677ea53cc679e33e82bf9497a:1506366539"
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1620

GET
H/1.1 200
OK twitter.gif
sc1.checkpoint.com/sc1/inc/html/images/social/ 2 KB
2 KB 3307ms
20ms Image
image/gif 2.19.32.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sc1.checkpoint.com/sc1/inc/html/images/social/twitter.gif
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.32.109 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-32-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a59bba774218f207179b30aa8bbd21bad0f7355a52321e08138bd77a308c27d5

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:47 GMT
Last-Modified: Mon, 25 Sep 2017 18:13:31 GMT
Server: AkamaiNetStorage
ETag: "6b05f4fc9522afa0cdbeb1a2c0bccc2c:1506366539"
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1608

GET
H/1.1 200
OK check-point-research-logo.gif
sc1.checkpoint.com/sc1/inc/html/images/ 3 KB
3 KB 3065ms
12ms Image
image/gif 2.19.32.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sc1.checkpoint.com/sc1/inc/html/images/check-point-research-logo.gif
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.32.109 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-32-109.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1fd89254c5a1e26226d533849c501ce8d17f47d4271e907f0084d7a25f1f242

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:46 GMT
Last-Modified: Mon, 09 Jul 2018 21:15:16 GMT
Server: Apache
ETag: "c425f4400a5c9dfbaecb24275f494931:1531172224"
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2901

GET
H/1.1 200
OK under-attack.gif
research.checkpoint.com/wp-content/themes/research/img/lib/ 2 KB
2 KB 33ms
28ms Image
image/gif 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/themes/research/img/lib/under-attack.gif

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

fab08b60fa81a228f3dd0eb7678669844a4de6a1fd68683a28df73007fd74efa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Fri, 27 Jul 2018 21:29:12 GMT
Server: Apache
ETag: "682-57201cd82fa00"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/gif
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:43 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1666
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK MuddyWaters_blog_1021x580.jpg
research.checkpoint.com/wp-content/uploads/2019/04/ 205 KB
205 KB 668ms
662ms Image
image/jpeg 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/MuddyWaters_blog_1021x580.jpg

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

a473c1e18a84ccdf5800402eced715c110858bac5dc4ee61e402f3754487d61d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:48:19 GMT
Server: Apache
ETag: "3324e-586284b0536c0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 209486
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig1.png
research.checkpoint.com/wp-content/uploads/2019/04/ 114 KB
114 KB 644ms
638ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig1.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

8af6bb785c7ba9cfc9c37b6ef7618bbecfbb2ee5517c499802e16b566c1804cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:48:49 GMT
Server: Apache
ETag: "1c6a9-586284ccefa40"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 116393
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig2-1.png
research.checkpoint.com/wp-content/uploads/2019/04/ 58 KB
59 KB 692ms
685ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig2-1.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

b8c4c82a1c563212a28fe4850dc085751df37acd0f40d012fc63e763765b02e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:24 GMT
Server: Apache
ETag: "e8c9-586284ee50900"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 59593
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig3-1.png
research.checkpoint.com/wp-content/uploads/2019/04/ 32 KB
32 KB 194ms
193ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig3-1.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

48be0006d3fae65ad50f2ca7a69a99c284ec40c6924d818b0777d4254e488ca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:26 GMT
Server: Apache
ETag: "7ea7-586284f038d80"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32423
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig4-1.png
research.checkpoint.com/wp-content/uploads/2019/04/ 29 KB
29 KB 664ms
663ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig4-1.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

2c61fd77ec0d825764e3ecb5bd018eeff46f9d794819c2692abf17a0c35af9ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:28 GMT
Server: Apache
ETag: "7258-586284f221200"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29272
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig5.png
research.checkpoint.com/wp-content/uploads/2019/04/ 12 KB
13 KB 636ms
635ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig5.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

ce81a279dc624a35e61ee3b6c2f18cb7b544248de5f702ff5600de88fccaba95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:29 GMT
Server: Apache
ETag: "3079-586284f315440"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12409
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig6.png
research.checkpoint.com/wp-content/uploads/2019/04/ 48 KB
48 KB 696ms
696ms Image
image/png 2a02:26f0:6c00:18d::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig6.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:18d::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

fdc1f36bbe04cf76ce15134ccea1356d28e4f3ffe90902060f1cef02e37b44af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:30 GMT
Server: Apache
ETag: "bf0d-586284f409680"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 48909
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig7.png
research.checkpoint.com/wp-content/uploads/2019/04/ 34 KB
34 KB 645ms
644ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig7.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

67312baff3089df6f39b32eb9c259f0be28306008ce954092ac3a71b6c812119

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:31 GMT
Server: Apache
ETag: "8651-586284f4fd8c0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34385
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig8.png
research.checkpoint.com/wp-content/uploads/2019/04/ 33 KB
33 KB 186ms
183ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig8.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

cacfdd7b45b92a20a653bb6eb22d155d5e9a3b85ee91bf09d669de133e07087e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:32 GMT
Server: Apache
ETag: "8218-586284f5f1b00"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33304
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig9.png
research.checkpoint.com/wp-content/uploads/2019/04/ 144 KB
145 KB 187ms
186ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig9.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

df89592687e169f353027045cda91a9e683b88c2ded9daa3152a61040fa42f67

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:33 GMT
Server: Apache
ETag: "241f8-586284f6e5d40"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 147960
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig10.png
research.checkpoint.com/wp-content/uploads/2019/04/ 64 KB
64 KB 200ms
197ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig10.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

9cfe29ab21707208b225a40a4657465324ca309197167edbe10a4798638c515f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:34 GMT
Server: Apache
ETag: "ff6c-586284f7d9f80"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 65388
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig11-1.png
research.checkpoint.com/wp-content/uploads/2019/04/ 181 KB
182 KB 195ms
195ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig11-1.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

e85107bebede0e9dfbf138f4eff16c7efa39ffed8152f9edbd2dcd6082918685

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:36 GMT
Server: Apache
ETag: "2d50f-586284f9c2400"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 185615
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig12-1.png
research.checkpoint.com/wp-content/uploads/2019/04/ 130 KB
131 KB 215ms
214ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig12-1.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

6b3e9e6e773aa8c1a842d5df7daa6da8a3e45bc947dbacddd2a1b7d0bad2c93f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:38 GMT
Server: Apache
ETag: "20895-586284fbaa880"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 133269
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig13.png
research.checkpoint.com/wp-content/uploads/2019/04/ 131 KB
132 KB 222ms
221ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig13.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

52f38c5c7eb524f18e4253a53d55ccd7677e368304e1200150f3e82cea3933bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:40 GMT
Server: Apache
ETag: "20dc4-586284fd92d00"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 134596
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig14.png
research.checkpoint.com/wp-content/uploads/2019/04/ 62 KB
63 KB 183ms
183ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig14.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

230e4be21fea362b5a023a598ed1acaae4992cb3bd90b2b809d988952377f6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:41 GMT
Server: Apache
ETag: "f965-586284fe86f40"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 63845
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig15.png
research.checkpoint.com/wp-content/uploads/2019/04/ 265 KB
265 KB 699ms
698ms Image
image/png 2a02:26f0:6c00:18d::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig15.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:18d::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

4df6eeaf125bda2bfc1ba06e5b224549c08e1c3e9bc230d5cb7b58e4ea442561

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:43 GMT
Server: Apache
ETag: "422e3-586285006f3c0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 271075
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fig16.png
research.checkpoint.com/wp-content/uploads/2019/04/ 99 KB
100 KB 223ms
222ms Image
image/png 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/fig16.png

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

5f56eb0fdb729da6ae6ccf1ff1bf05871a35d58773a171851e806c744e6d3edf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 10 Apr 2019 07:49:45 GMT
Server: Apache
ETag: "18de6-5862850257840"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101862
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK OuterPlanetHackers_blog_1021x580.jpg
research.checkpoint.com/wp-content/uploads/2019/04/ 106 KB
106 KB 32ms
25ms Image
image/jpeg 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/OuterPlanetHackers_blog_1021x580.jpg

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

064afc5bb13ca96b1e6914a701cc5be847f177b65f7661c561894d192551aa54

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Tue, 23 Apr 2019 08:41:25 GMT
Server: Apache
ETag: "1a615-5872e8cdb9740"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 108053
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Data_Breaches.jpg
research.checkpoint.com/wp-content/uploads/2019/04/ 751 KB
751 KB 26ms
26ms Image
image/jpeg 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/04/Data_Breaches.jpg

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

eca3bafa27f8254899afa47d2a9a8bab1c39ac971143c79227332de19dff11f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Tue, 30 Apr 2019 07:51:10 GMT
Server: Apache
ETag: "bba6e-587baaa09f780"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 768622
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK control-panel-1021x580.jpg
research.checkpoint.com/wp-content/uploads/2019/05/ 142 KB
143 KB 19ms
18ms Image
image/jpeg 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/05/control-panel-1021x580.jpg

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

81dace21889845f24965228581063c267b882bb8f0a56f0ea542423758457363

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Wed, 01 May 2019 10:12:59 GMT
Server: Apache
ETag: "2387c-587d0c30e60c0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 145532
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK TI-Bulletins.jpg
research.checkpoint.com/wp-content/uploads/2019/03/ 5 KB
5 KB 24ms
23ms Image
image/jpeg 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2019/03/TI-Bulletins.jpg

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

b7fc664ed17cbb1375ccbed7319bf53598e908288a16913310b54b8b900f7eab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Thu, 07 Mar 2019 09:18:07 GMT
Server: Apache
ETag: "1426-5837d9590d1c0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5158
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sharethis.js Show response
platform-api.sharethis.com/js/ 91 KB
28 KB 1564ms
14ms Script
text/javascript 2.19.43.118
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.118 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-118.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e5c2f85b9e49be5acd30c8ba3767b124d8945f35000eef89902a0485c04e6040

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:45 GMT
Content-Encoding: gzip
ETag: W/"16d4e-SgmVDK5mv+C+DRaEIjQ3WYUSiQ4"
Vary: Accept-Encoding
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 27855

GET
H/1.1 200
OK CfP_1021x580_A.jpg
research.checkpoint.com/wp-content/uploads/2018/11/ 132 KB
132 KB 26ms
25ms Image
image/jpeg 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.checkpoint.com/wp-content/uploads/2018/11/CfP_1021x580_A.jpg

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

9a6f22e2d9bba0601021ffb3fb8e484336fdd3041f6675f900ffc8c320091f06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Fri, 02 Nov 2018 21:13:47 GMT
Server: Apache
ETag: "20f44-579b502d358c0"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public,max-age=2500000
Date: Thu, 09 May 2019 16:15:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 134980
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 155 KB
34 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

afe8966a178414732a640767da814920743e6d097272bd98b8dc8d8788043846

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:44 GMT
content-encoding: br
last-modified: Wed, 08 May 2019 18:26:02 GMT
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 34528
x-xss-protection: 0
expires: Thu, 09 May 2019 16:15:44 GMT

GET
H/1.1 200
OK search-icon.gif
sc1.checkpoint.com/sc1/inc/html/images/ 2 KB
2 KB 3050ms
66ms Image
image/gif 2.19.32.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sc1.checkpoint.com/sc1/inc/html/images/search-icon.gif
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.32.109 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-32-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 953d6908ab55929254e46c77e5c751a6e2df7ab84430f134edc3bb62d8f7d32f

Request headers

Referer: https://research.checkpoint.com/wp-content/themes/research/header/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:46 GMT
Last-Modified: Mon, 25 Sep 2017 18:13:31 GMT
Server: AkamaiNetStorage
ETag: "2e1aa25e7e77e6a393fd38efb413370f:1506366539"
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1755

GET
H/1.1 200
OK 34CA47_6_0.woff2
research.checkpoint.com/wp-content/themes/research/fonts/ 58 KB
59 KB 28ms
27ms Font
application/octet-stream 2a02:26f0:6c00:19e::38f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://research.checkpoint.com/wp-content/themes/research/fonts/34CA47_6_0.woff2

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19e::38f0 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Apache /

Resource Hash

0fc686423c26cb1030032fd7e4f2dd664c4b08517a8990c0b46269dd4e01910b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://research.checkpoint.com/wp-content/themes/research/style.css?ver=1.16
Origin: https://research.checkpoint.com

Response headers

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Last-Modified: Mon, 07 Jan 2019 16:17:09 GMT
Server: Apache
ETag: "e890-57ee08f822b40"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Cache-Control: max-age=86400
Date: Thu, 09 May 2019 16:15:43 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 59536
X-XSS-Protection: 1; mode=block
Expires: Fri, 10 May 2019 16:15:43 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 1728
date: Thu, 09 May 2019 15:46:56 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17543
expires: Thu, 09 May 2019 17:46:56 GMT

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 15 KB
5 KB 45ms
9ms Script
application/x-javascript 2a02:26f0:f1:280::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f1:280::3adf , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=29942
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 7614.js Show response
script.crazyegg.com/pages/scripts/0041/ 155 B
687 B 34ms
11ms Script
application/x-javascript 2606:4700::6813:9308
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0041/7614.js?432616
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e66d5c0b32b55fd27a1ff8c74bd88f63c1047603ea1685781539a0782d939b4

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:44 GMT
via: 1.1 c5ad7defce0694621f07129d852e42da.cloudfront.net (CloudFront)
cf-cache-status: HIT
cf-polished: origSize=156
x-cache: Hit from cloudfront
status: 200
content-encoding: gzip
last-modified: Tue, 09 Apr 2019 20:20:37 GMT
server: cloudflare
etag: W/"8872624abb9bee7082097e58c74fe2a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: private, max-age=300
cf-ray: 4d44f94d0aff9710-FRA
x-amz-cf-id: wc3Bx2ZFkrB0wevnLk_1hDhDTVWpMWx7ydtKB6EHRWPlW90BSJT-Uw==
cf-bgj: minify

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 3130ms
42ms Script
application/javascript 151.101.120.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.120.157 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:47 GMT
content-encoding: gzip
age: 482
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-cdg20780-CDG
last-modified: Tue, 23 Jan 2018 19:05:33 GMT
x-timer: S1557418547.261931,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 53 KB
15 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

fa59b1ed1b011e084474ad818b5f6986d84fc678e2f37fee9330eb52d86860b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 15397
x-xss-protection: 0
pragma: private
x-fb-debug: wAio1HeiWICUQOkO/IBP9N3BVTq6gZlHzwM33rDQm+3eEOW+Gg0K9ZuUJuIqyyLo4KCMHbjC7haf7qHhs8PYtg==
date: Thu, 09 May 2019 16:15:44 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: private
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 5 KB
3 KB 3079ms
21ms Script
application/x-javascript 95.100.185.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.185.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-100-185-219.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1c7927b3b67ac0b96d279dcc9b830963f7d3a16ab0b1cc02f346f5df0dac0ceb

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:47 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 May 2019 14:54:26 GMT
Server: Apache
ETag: "0eec214150d4f41d2863fa9dce77081d:1557240866"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2230
Expires: Thu, 09 May 2019 16:35:47 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 51 KB
20 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5L6CQT3&t=gtm1&cid=1960457681.1557418544

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

277f60c6cc5ee0bbbaf948c56636fda0d7453c7fa474ca1338f9d283ce9e05ad

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:44 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 19708
x-xss-protection: 0
expires: Thu, 09 May 2019 16:15:44 GMT

GET
H2 200 1692853834349189 Show response
connect.facebook.net/signals/config/ 207 KB
55 KB 119ms
119ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1692853834349189?v=2.8.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

fe5e48da3b0f3b3623dcbfe48180071f46f9d523ca6110b150f32623da84dc7d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: public
x-fb-debug: 9OjVGYanw4ysCpkgY8PgrFw08LLhDD5KjAnfQvcYBteBNstE1brkg4HSyDTR5qT2lgShsVn24LEuQB9AnvGdVA==
date: Thu, 09 May 2019 16:15:44 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
122 B 10ms
9ms Image
image/gif 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j73&a=1368191235&t=pageview&_s=1&dl=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&ul=en-us&de=UTF-8&dt=The%20Muddy%20Waters%20of%20APT%20Attacks%20-%20Check%20Point%20Research&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAgEADQ~&jid=728874833&gjid=725890783&cid=1960457681.1557418544&tid=UA-194688-1&_gid=615346279.1557418544&gtm=2wg4305JCRGP&z=2030347805

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2019 04:50:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5311517
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-194688-1&cid=1960457681.1557418544&jid=728874833&gjid=725890783&_gid=615346279.1557418544&_u=aGDAgEADQ~&z=1277854360
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-1&cid=1960457681.1557418544&jid=728874833&_v=j73&z=1277854360
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-1&cid=1960457681.1557418544&jid=728874833&_v=j73&z=1277854360&slf_rd=1&random=3818933049

42 B
110 B

24ms
24ms

Image
image/gif

2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-1&cid=1960457681.1557418544&jid=728874833&_v=j73&z=1277854360&slf_rd=1&random=3818933049

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 May 2019 16:15:44 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 09 May 2019 16:15:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-1&cid=1960457681.1557418544&jid=728874833&_v=j73&z=1277854360&slf_rd=1&random=3818933049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 10ms
10ms Image
image/gif 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j73&a=1368191235&t=pageview&_s=1&dl=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&ul=en-us&de=UTF-8&dt=The%20Muddy%20Waters%20of%20APT%20Attacks%20-%20Check%20Point%20Research&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAgEADQ~&jid=419302143&gjid=497969043&cid=1960457681.1557418544&tid=UA-194688-3&_gid=615346279.1557418544&gtm=2wg4305JCRGP&z=1806039859

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2019 04:50:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5311517
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-194688-3&cid=1960457681.1557418544&jid=419302143&gjid=497969043&_gid=615346279.1557418544&_u=aGDAgEADQ~&z=249838359
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-3&cid=1960457681.1557418544&jid=419302143&_v=j73&z=249838359
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-3&cid=1960457681.1557418544&jid=419302143&_v=j73&z=249838359&slf_rd=1&random=3067340894

42 B
110 B

23ms
22ms

Image
image/gif

2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-3&cid=1960457681.1557418544&jid=419302143&_v=j73&z=249838359&slf_rd=1&random=3067340894

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 May 2019 16:15:44 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 09 May 2019 16:15:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-194688-3&cid=1960457681.1557418544&jid=419302143&_v=j73&z=249838359&slf_rd=1&random=3067340894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 1 KB
897 B 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.8.47

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 772
x-xss-protection: 0
pragma: public
x-fb-debug: 3jb66gxNqpLMeDUWMwntZpf34fxS9KSOY66LwCwfT2mPg0kCTMYVDlt2sT/N2BFlLsTSqxqNwqVcQGtuDzSsBw==
date: Thu, 09 May 2019 16:15:44 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
250 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1692853834349189&ev=PageView&dl=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&rl=&if=false&ts=1557418544349&sw=1600&sh=1200&v=2.8.47&r=stable&ec=0&o=30&fbp=fb.1.1557418544347.1018708108&it=1557418544176&coo=false&rqm=GET

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:44 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 09 May 2019 16:15:44 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame 139D 0
0 6ms
6ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 1889
pragma: no-cache
cache-control: no-cache
origin: https://research.checkpoint.com
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
accept-encoding: gzip, deflate, br
cookie: fr=0P9KBUhkvhub0WbrA..Bc1FIw...1.0.Bc1FIw.
Origin: https://research.checkpoint.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Response headers

status: 200
content-type: text/plain
access-control-allow-origin: https://research.checkpoint.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0
server: proxygen-bolt
date: Thu, 09 May 2019 16:15:44 GMT

GET
H/1.1 200
OK 5a3031770f16c70012a3c297.js Show response
buttons-config.sharethis.com/js/ 525 B
946 B 4324ms
15ms Script
text/javascript 2.19.43.118
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5a3031770f16c70012a3c297.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.118 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-118.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: eee6d8fe37122ba1538560131fe5c95f9a4b6c45e2059076a7a92513fcb12f20

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:49 GMT
Last-Modified: Tue, 12 Dec 2017 19:43:54 GMT
Server: AmazonS3
x-amz-request-id: D3529B3C78164014
ETag: "29c30155cdf2eaa96943948b94d537b6"
Content-Type: text/javascript
Cache-Control: public, max-age=60
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 525
x-amz-id-2: eJNqWXqB2b39A27+1tdwSVe/7cDnRptAKPhPbWbb2WQ/jKaJ6Liiwner2WtOvRJ03JDYYanJ+gA=

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1557418545451&pid=51830&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&fmt=js&s=1
https://px.ads.linkedin.com/collect/?time=1557418545451&pid=51830&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&fmt=js&s=1&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1557418545451%26pid%3D51830%26url%3Dhttps%253A%252F%252Fresearch.checkpoint.com%252Fthe-muddy-wa...
https://px.ads.linkedin.com/collect/?time=1557418545451&pid=51830&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&fmt=js&s=1&cookiesTest=true&liSync=true

0
103 B

170ms
168ms

Script
application/javascript

2a05:f500:11:101::b93f:9005
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1557418545451&pid=51830&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&fmt=js&s=1&cookiesTest=true&liSync=true
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:46 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 20
x-li-uuid: 6NzGNesPnRWAd0mUhSsAAA==

Redirect headers

date: Thu, 09 May 2019 16:15:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-edc2
content-length: 20
x-li-uuid: BxQceOoPnRWgmetGwCoAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect/?time=1557418545451&pid=51830&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 74ms
13ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H/1.1 200
OK portal.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame 7763 0
0 1130ms
32ms Document
text/html 2.16.186.243
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.243 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-243.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: c.sharethis.mgr.consensu.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
ETag: W/"26b-4977387000"
Last-Modified: Tue, 01 Jan 1980 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 334
Cache-Control: public, max-age=3600
Date: Thu, 09 May 2019 16:15:46 GMT
Connection: keep-alive

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 15ms
14ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: Apache
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Sat, 17 Aug 2019 16:15:45 GMT

GET
H/1.1 200
OK visitWebPage Show response
750-dqh-528.mktoresp.com/webevents/ 2 B
272 B 1574ms
102ms XHR
text/plain 192.28.144.124
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://750-dqh-528.mktoresp.com/webevents/visitWebPage?_mchNc=1557418545589&_mchCn=&_mchId=750-DQH-528&_mchTk=_mch-checkpoint.com-1557418545588-64905&_mchHo=research.checkpoint.com&_mchPo=&_mchRu=%2Fthe-muddy-waters-of-apt-attacks%2F&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/155/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software: spray-can/1.3.3 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Origin: https://research.checkpoint.com

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 09 May 2019 16:15:47 GMT
Content-Encoding: gzip
Server: spray-can/1.3.3
Content-Length: 22
X-Request-Id: 1fbb7f4b-697c-450f-aad4-44487ad4653d
Content-Type: text/plain; charset=UTF-8

GET
H/1.1

301
Moved Permanently

sc Show response
l.sharethis.com/
Redirect Chain

https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&hostname=research.checkpoint.com&location=%2Fthe-muddy-waters-of-apt-attacks%2F&product=sticky-share-buttons&url=https%3A%2F%2Fre...
https://l.sharethis.com/sc?cm=ZGABE1zUUjcAAAARBBFBAw%3D%3D&uid=true&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&sop=true

0
-1 B

4856ms
15ms

XHR
text/html

18.184.119.244
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGABE1zUUjcAAAARBBFBAw%3D%3D&uid=true&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&sop=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.119.244 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-184-119-244.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:51 GMT
Location: /sc?cm=ZGABE1zUUjcAAAARBBFBAw%3D%3D&uid=true&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&sop=true
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin: https://research.checkpoint.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 179
Stid: ZGABE1zUUjcAAAARBBFBAw==

Redirect headers

Date: Thu, 09 May 2019 16:15:51 GMT
Access-Control-Allow-Origin: https://research.checkpoint.com
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=ZGABE1zUUjcAAAARBBFBAw%3D%3D&uid=true&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&sop=true
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 179
Stid: ZGABE1zUUjcAAAARBBFBAw==

GET
H2 200 pixel
tr.outbrain.com/ 43 B
360 B 169ms
117ms Image
image/gif 151.101.2.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.outbrain.com/pixel?marketerId=007281ee64432ffe21cc9ba8667dd68bed&obApiVersion=1.0.11&name=PAGE_VIEW&dl=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&optOut=false&bust=09368840561735259

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=0; includeSubDomains;
content-encoding: gzip
traffic-path: NYDC1, JFK, HHN, Europe1
x-cache: MISS, MISS
status: 200
x-traceid: 96c8d7f03d1673ebf1f2c4b0958edfef
content-length: 60
x-served-by: cache-jfk8143-JFK, cache-hhn1535-HHN
x-timer: S1557418547.291212,VS0,VE105
date: Thu, 09 May 2019 16:15:47 GMT
content-type: image/gif;
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache
backend-ip: 104.156.90.43
accept-ranges: bytes, bytes
x-cache-hits: 0, 0

GET
H/1.1 200
OK pixel
amplifypixel.outbrain.com/ 43 B
314 B 1529ms
117ms Image
image/gif 64.74.236.19
Outbrain

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://amplifypixel.outbrain.com/pixel?mid=007281ee64432ffe21cc9ba8667dd68bed&dl=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&bust=08075052188980958

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

64.74.236.19 , United States, ASN22075 (AS-OUTBRAIN - Outbrain, Inc., US),

Reverse DNS

chi.outbrain.com

Software

Resource Hash

33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:48 GMT
Cache-Control: no-cache
X-TraceId: 31e0653fa80e18abc725d7f322de4e99
content-encoding: gzip
Content-Length: 60
Strict-Transport-Security: max-age=0; includeSubDomains;
Content-Type: image/gif;

GET
H2 200 adsct
t.co/i/ 43 B
488 B 723ms
146ms Image
image/gif 104.244.42.133
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxi3o&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: research.checkpoint.com
URL: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=0
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 118
pragma: no-cache
last-modified: Thu, 09 May 2019 16:15:47 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 2b99401c3698b1de6988703b098487b7
x-transaction: 001356f900407a60
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
268 B 143ms
143ms Script
application/javascript 104.244.42.3
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxi3o&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 09 May 2019 16:15:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 112
pragma: no-cache
last-modified: Thu, 09 May 2019 16:15:49 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 4e0d39e4327cf0b53fc12b413d224682
x-transaction: 00c72ca50062cf49
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK whatsapp.svg
platform-cdn.sharethis.com/img/ 832 B
1 KB 2836ms
14ms Image
image/svg+xml 2.19.43.118
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/whatsapp.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.118 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-118.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:52 GMT
Last-Modified: Fri, 04 Jan 2019 18:31:20 GMT
Server: AmazonS3
x-amz-request-id: 978706B8B4A2B27A
ETag: "afe7fc60ed757db39a88d2950fce69c9"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 832
x-amz-id-2: u8PbN4cIl4FkDaFIUjegmiixoYhjtiEuuiHprvV9HB5f4JovpMJXL1+W4z8Dp2FiRI00S4NFNRU=

GET
H/1.1 200
OK reddit.svg
platform-cdn.sharethis.com/img/ 910 B
922 B 2851ms
15ms Image
image/svg+xml 2.19.43.118
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/reddit.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.118 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-118.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: dadbb59b37bfea4c78c6e15c8cbb96dfba84526e43a0767dc244fd062a841aba

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:52 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Jan 2019 18:31:14 GMT
Server: AmazonS3
x-amz-request-id: 0585C26F6E06F944
ETag: "78d796ca648d8a5e665b48ed0217c56a"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 491
x-amz-id-2: yFu9LU3z3WmTxX5HtjVxlx81UgnQ/eC1zq4iQKxmrEvS4dYcCTLrqFpotSdMM/IFfnasZL6W7Jo=

GET
H/1.1 200
OK arrow_left.svg
platform-cdn.sharethis.com/img/ 565 B
949 B 2864ms
13ms Image
image/svg+xml 2.19.43.118
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/arrow_left.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.118 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-118.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:52 GMT
Last-Modified: Fri, 04 Jan 2019 18:31:05 GMT
Server: AmazonS3
x-amz-request-id: 860C7676964A89BA
ETag: "b55d8d2b9321e381a3c38a4bddb74037"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 565
x-amz-id-2: bWt/rpQHMsaVK+6zHgk7ji0FeUWLugR5wpok0TBQAb9iaseGRZ3GIhxcnN373+KibvdwFljjYqQ=

GET
H/1.1 200
OK arrow_right.svg
platform-cdn.sharethis.com/img/ 565 B
949 B 2878ms
15ms Image
image/svg+xml 2.19.43.118
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/arrow_right.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.118 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-118.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:52 GMT
Last-Modified: Fri, 04 Jan 2019 18:31:05 GMT
Server: AmazonS3
x-amz-request-id: BECE9179367F8EC9
ETag: "9928d025bd5792b718ee0a185f62e67c"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 565
x-amz-id-2: h6lE2cepykY/qBF4SDzfV/ywkiWBvlLZQDlhK1dJRZKTE3psDaN74Cvr4MIculViiryAUjznxuY=

GET
H/1.1 200
OK sc Show response
l.sharethis.com/ 51 B
481 B 16ms
16ms XHR
text/plain 18.184.119.244
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGABE1zUUjcAAAARBBFBAw%3D%3D&uid=true&url=https%3A%2F%2Fresearch.checkpoint.com%2Fthe-muddy-waters-of-apt-attacks%2F&sop=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.119.244 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-184-119-244.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 2eae387951c2dc4807a4130d1ecdb2279312f1f0743831e039088673697a6123

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Origin: https://research.checkpoint.com

Response headers

Date: Thu, 09 May 2019 16:15:51 GMT
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://research.checkpoint.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Stid: ZGABE1zUUjcAAAARBBFBAw==
Access-Control-Allow-Headers: *
Content-Length: 51

GET
H/1.1 200
OK t.dhj Show response
t.sharethis.com/1/d/ 2 KB
1 KB 3573ms
14ms Script
application/javascript 23.38.58.100
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sharethis.com/1/d/t.dhj?cid=c010&cls=B&dmn=research.checkpoint.com&rnd=1557418551530

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.38.58.100 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-38-58-100.deploy.static.akamaitechnologies.com

Software

Resource Hash

552587d1d127f2d6b2f9735ba8847a4eeb81b713b911df385485701faa0a9754

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 09 May 2019 16:15:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="DSP LAW NID OUR DEL SAM BUS UNI PUR COM NAV INT STA PRE LOC OTC"
Cache-Control: private, max-age=3600
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 958
Expires: Thu, 09 May 2019 17:15:55 GMT

GET
H/1.1 200
OK t_.htm
t.sharethis.com/a/ Frame C056 0
0 15ms
7ms Document
text/html 23.38.58.100
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://t.sharethis.com/a/t_.htm?ver=0.244.10790&cid=c010&cls=B
Requested by: Host: t.sharethis.com
URL: https://t.sharethis.com/1/d/t.dhj?cid=c010&cls=B&dmn=research.checkpoint.com&rnd=1557418551530
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.58.100 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-58-100.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: t.sharethis.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

Response headers

Content-Encoding: gzip
Content-Length: 849
Cache-Control: max-age=604800
Expires: Thu, 16 May 2019 16:15:55 GMT
Date: Thu, 09 May 2019 16:15:55 GMT
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="DSP LAW NID OUR DEL SAM BUS UNI PUR COM NAV INT STA PRE LOC OTC"
Content-Type: text/html
Vary: Accept-Encoding

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

750-dqh-528.mktoresp.com
amplify.outbrain.com
amplifypixel.outbrain.com
analytics.twitter.com
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
code.jquery.com
connect.facebook.net
l.sharethis.com
munchkin.marketo.net
platform-api.sharethis.com
platform-cdn.sharethis.com
px.ads.linkedin.com
research.checkpoint.com
sc1.checkpoint.com
script.crazyegg.com
sjs.bizographics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
t.sharethis.com
tr.outbrain.com
use.fontawesome.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
104.244.42.133
104.244.42.3
151.101.120.157
151.101.2.2
18.184.119.244
184.31.84.223
192.28.144.124
2.16.186.243
2.19.32.109
2.19.43.118
205.185.208.52
23.111.9.35
23.38.58.100
2606:4700::6813:9308
2620:109:c002::6cae:a0a
2a00:1450:4001:815::2008
2a00:1450:4001:81e::2004
2a00:1450:4001:81f::2003
2a00:1450:4001:825::200e
2a00:1450:400c:c09::9d
2a02:26f0:6c00:18d::38f0
2a02:26f0:6c00:19e::38f0
2a02:26f0:f1:280::3adf
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
64.74.236.19
95.100.185.219
0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8
064afc5bb13ca96b1e6914a701cc5be847f177b65f7661c561894d192551aa54
0e66d5c0b32b55fd27a1ff8c74bd88f63c1047603ea1685781539a0782d939b4
0fc686423c26cb1030032fd7e4f2dd664c4b08517a8990c0b46269dd4e01910b
0fe8bcbcd24ab838fbbd773001253fc0353956e81c5ba9c8e23951ebdbae305a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1998582382fbf956231d65be84b76e08c0c86e5ced8a99c703bdec416d876d76
1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e
1c7927b3b67ac0b96d279dcc9b830963f7d3a16ab0b1cc02f346f5df0dac0ceb
230e4be21fea362b5a023a598ed1acaae4992cb3bd90b2b809d988952377f6bd
277f60c6cc5ee0bbbaf948c56636fda0d7453c7fa474ca1338f9d283ce9e05ad
2c61fd77ec0d825764e3ecb5bd018eeff46f9d794819c2692abf17a0c35af9ae
2eae387951c2dc4807a4130d1ecdb2279312f1f0743831e039088673697a6123
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
34959e43e6ecf368807a84f92ad9aa6e2dcd5f0c5c1e57da55e8f3248d9d9255
3643b2c826a615065303aa44b8f463eb854d77934f5f25dc1f74f60d4698f9f0
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
481a0574246e281316ffa0e15399bf5388bb81ae550ce0401a0353b6bb2d1e5a
48be0006d3fae65ad50f2ca7a69a99c284ec40c6924d818b0777d4254e488ca2
4df6eeaf125bda2bfc1ba06e5b224549c08e1c3e9bc230d5cb7b58e4ea442561
52f38c5c7eb524f18e4253a53d55ccd7677e368304e1200150f3e82cea3933bd
552587d1d127f2d6b2f9735ba8847a4eeb81b713b911df385485701faa0a9754
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38
5f56eb0fdb729da6ae6ccf1ff1bf05871a35d58773a171851e806c744e6d3edf
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
67312baff3089df6f39b32eb9c259f0be28306008ce954092ac3a71b6c812119
6b3e9e6e773aa8c1a842d5df7daa6da8a3e45bc947dbacddd2a1b7d0bad2c93f
791d8c8cb135d3d53915096e999d3857b6ee16966c20a019f38699f09f6aa2ff
81dace21889845f24965228581063c267b882bb8f0a56f0ea542423758457363
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c
8af6bb785c7ba9cfc9c37b6ef7618bbecfbb2ee5517c499802e16b566c1804cf
953d6908ab55929254e46c77e5c751a6e2df7ab84430f134edc3bb62d8f7d32f
9a6f22e2d9bba0601021ffb3fb8e484336fdd3041f6675f900ffc8c320091f06
9cfe29ab21707208b225a40a4657465324ca309197167edbe10a4798638c515f
a22d6b8782097b7cd9588ab582e119bfd6290278275661e9d0f96b2baec0cb8e
a473c1e18a84ccdf5800402eced715c110858bac5dc4ee61e402f3754487d61d
a59bba774218f207179b30aa8bbd21bad0f7355a52321e08138bd77a308c27d5
a72261a5191d1485620242b7d3b735501757aef23dedc6d27c84919af838e756
a8da941d8a446516c824ebc9fb77b42e6b92c6deed1daed266bd821ed27bc516
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae3754c54a0880a98a94c423d3e67f39b5b6f3c63516dafa33866e3e74c9f97d
afe8966a178414732a640767da814920743e6d097272bd98b8dc8d8788043846
b1fd89254c5a1e26226d533849c501ce8d17f47d4271e907f0084d7a25f1f242
b7cfb1c9430d90b22b3f4497543a4cfef719dc40a3cce130cad766171abe8bbe
b7fc664ed17cbb1375ccbed7319bf53598e908288a16913310b54b8b900f7eab
b8c4c82a1c563212a28fe4850dc085751df37acd0f40d012fc63e763765b02e3
bb3d017273ed487674d9766d8401cf458228596adcc0c3a6024f44ae715090db
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
cacfdd7b45b92a20a653bb6eb22d155d5e9a3b85ee91bf09d669de133e07087e
cbfee73101feaeb8d3fb0c18c79b5b0b953cdbd32549473339e742d96886b5a9
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
ce81a279dc624a35e61ee3b6c2f18cb7b544248de5f702ff5600de88fccaba95
da8a2c0cd0ee350c2be30a7fd31201a1028a7f965cc97e0c648c52829a7b0b19
dadbb59b37bfea4c78c6e15c8cbb96dfba84526e43a0767dc244fd062a841aba
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df89592687e169f353027045cda91a9e683b88c2ded9daa3152a61040fa42f67
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c2f85b9e49be5acd30c8ba3767b124d8945f35000eef89902a0485c04e6040
e85107bebede0e9dfbf138f4eff16c7efa39ffed8152f9edbd2dcd6082918685
eca3bafa27f8254899afa47d2a9a8bab1c39ac971143c79227332de19dff11f0
eee6d8fe37122ba1538560131fe5c95f9a4b6c45e2059076a7a92513fcb12f20
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f6dafbf3df2e63d4f82554dd65d1746c683caebcef703efc7ca6443e5822378f
fa59b1ed1b011e084474ad818b5f6986d84fc678e2f37fee9330eb52d86860b3
fab08b60fa81a228f3dd0eb7678669844a4de6a1fd68683a28df73007fd74efa
fdc1f36bbe04cf76ce15134ccea1356d28e4f3ffe90902060f1cef02e37b44af
fe2df9f6df4b4a8d7174d259f563b8d9e28e4c03f8f4092fd9db6044e0e64c32
fe5e48da3b0f3b3623dcbfe48180071f46f9d523ca6110b150f32623da84dc7d

research.checkpoint.com Open in urlscan Pro 2a02:26f0:6c00:18d::38f0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

79 Requests

100 %HTTPS

46 %IPv6

21 Domains

29 Subdomains

25 IPs

4 Countries

3178 kBTransfer

3977 kBSize

0 Cookies

20 Outgoing links

Redirected requests

79 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

research.checkpoint.com Open in urlscan Pro
2a02:26f0:6c00:18d::38f0 Public Scan

Screenshot
Live screenshot

Full Image

79
Requests

100 %
HTTPS

46 %
IPv6

21
Domains

29
Subdomains

25
IPs

4
Countries

3178 kB
Transfer

3977 kB
Size

0
Cookies

79 HTTP transactions
0 data transactions