URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants...
Submission: On August 14 via api from DE — Scanned from DE

Summary

This website contacted 18 IPs in 5 countries across 12 domains to perform 96 HTTP transactions. The main IP is 185.105.225.103, located in St Petersburg, Russian Federation and belongs to OOOVPS-AS, RU. The main domain is ics-cert.kaspersky.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on September 29th 2022. Valid for: a year.
This is the only time ics-cert.kaspersky.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
62 kaspersky.com
ics-cert.kaspersky.com
go.kaspersky.com
2 MB
7 gstatic.com
www.gstatic.com
fonts.gstatic.com
598 KB
7 google.com
www.google.com — Cisco Umbrella Rank: 3
region1.analytics.google.com — Cisco Umbrella Rank: 2770
adservice.google.com — Cisco Umbrella Rank: 116
34 KB
6 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 114
12346775.fls.doubleclick.net — Cisco Umbrella Rank: 407773
ad.doubleclick.net — Cisco Umbrella Rank: 194
3 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 368
www.linkedin.com — Cisco Umbrella Rank: 543
px4.ads.linkedin.com — Cisco Umbrella Rank: 5984
5 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 65
497 KB
5 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3840
onesignal.com — Cisco Umbrella Rank: 1426
83 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 5933
adservice.google.de — Cisco Umbrella Rank: 12711
1 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 54
21 KB
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 890
375 B
1 go2sdk.com
js.go2sdk.com — Cisco Umbrella Rank: 36541
18 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 819
5 KB
96 12
Domain Requested by
61 ics-cert.kaspersky.com ics-cert.kaspersky.com
6 www.gstatic.com www.google.com
www.gstatic.com
5 www.googletagmanager.com ics-cert.kaspersky.com
www.googletagmanager.com
www.google-analytics.com
4 www.google.com ics-cert.kaspersky.com
www.gstatic.com
www.google.com
3 px.ads.linkedin.com 3 redirects
3 12346775.fls.doubleclick.net 1 redirects www.googletagmanager.com
adservice.google.com
3 onesignal.com cdn.onesignal.com
2 ad.doubleclick.net 2 redirects
2 adservice.google.com 12346775.fls.doubleclick.net
2 www.google-analytics.com ics-cert.kaspersky.com
www.google-analytics.com
2 cdn.onesignal.com ics-cert.kaspersky.com
cdn.onesignal.com
1 adservice.google.de 1 redirects
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io snap.licdn.com
1 js.go2sdk.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 fonts.gstatic.com www.google.com
1 www.google.de ics-cert.kaspersky.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 go.kaspersky.com ics-cert.kaspersky.com
96 22

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
securelist.com
www.kaspersky.com
www.sei.cmu.edu
Subject Issuer Validity Valid
ics-cert.kaspersky.com
DigiCert TLS RSA SHA256 2020 CA1
2022-09-29 -
2023-10-30
a year crt.sh
www.google.com
GTS CA 1C3
2023-07-17 -
2023-10-09
3 months crt.sh
go.kaspersky.com
Cloudflare Inc ECC CA-3
2023-04-03 -
2024-04-02
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-03 -
2024-05-02
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-07-17 -
2023-10-09
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-07-17 -
2023-10-09
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-07-31 -
2023-10-23
3 months crt.sh
www.google.de
GTS CA 1C3
2023-07-17 -
2023-10-09
3 months crt.sh
*.google.com
GTS CA 1C3
2023-07-17 -
2023-10-09
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-02-01 -
2024-01-31
a year crt.sh
js.go2sdk.com
Amazon RSA 2048 M01
2023-08-06 -
2024-09-02
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2023-07-17 -
2023-10-09
3 months crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01
2023-06-08 -
2024-07-07
a year crt.sh

This page contains 6 frames:

Primary Page: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Frame ID: 870C29C8B2D31DEDEA3B3D1F6461985E
Requests: 83 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq&co=aHR0cHM6Ly9pY3MtY2VydC5rYXNwZXJza3kuY29tOjQ0Mw..&hl=de&v=3kTz7WGoZLQTivI-amNftGZO&size=normal&cb=88lxoso6nf3c
Frame ID: 7651ECE5C353B39853BE3DA609064811
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=3kTz7WGoZLQTivI-amNftGZO&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq
Frame ID: 9EBD41698F4099B456B0273DAD30F204
Requests: 3 HTTP requests in this frame

Frame: https://12346775.fls.doubleclick.net/activityi;dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Frame ID: B18403811C5580022CDB3BCA33ACB212
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Frame ID: 315D3C7872884114BCBF10504E93B63D
Requests: 1 HTTP requests in this frame

Frame: https://12346775.fls.doubleclick.net/ddm/fls/r/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Frame ID: 8AD4003B4057C16355ECC63879799940
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Common TTPs of attacks against industrial organizations. Implants for remote access | Kaspersky ICS CERT

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com

Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

96
Requests

98 %
HTTPS

70 %
IPv6

12
Domains

22
Subdomains

18
IPs

5
Countries

2911 kB
Transfer

7148 kB
Size

17
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91
  • https://12346775.fls.doubleclick.net/activityi;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F HTTP 302
  • https://12346775.fls.doubleclick.net/activityi;dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Request Chain 93
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1692012923348%26url%3Dhttps%253A%252F%252Fics-cert.kaspersky.com%252Fpublications%252Freports%252F2023%252F07%252F20%252Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F&cookiesTest=true&liSync=true&e_ipv6=AQI2kBxPCldIpAAAAYnz1E0_yTvk5bDf41Z2RPJYCo0vmMWtWIX5wuQ2VWTkvEYBGH-T14LglASBcA
Request Chain 95
  • https://adservice.google.de/ddm/fls/i/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F HTTP 302
  • https://12346775.fls.doubleclick.net/ddm/fls/r/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Request Chain 96
  • https://ad.doubleclick.net/ddm/activity/src=13364882;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=4927660760729.657 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=13364882;dc_pre=CI62xaqH3IADFdFfDQod2rcO8A;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=4927660760729.657 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=13364882;dc_pre=CI62xaqH3IADFdFfDQod2rcO8A;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=4927660760729.657

96 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
87 KB
23 KB
Document
General
Full URL
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
d0108352b93a67363fcb569931b98241212255b7dedf0d382cd511da6dfc6bc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-expose-headers
Content-Length,Content-Range
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 14 Aug 2023 11:35:22 GMT
link
<https://ics-cert.kaspersky.com/wp-json/>; rel="https://api.w.org/" <https://ics-cert.kaspersky.com/wp-json/wp/v2/publications/7988>; rel="alternate"; type="application/json" <https://ics-cert.kaspersky.com/?p=7988>; rel=shortlink
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
sameorigin
x-xss-protection
1; mode=block
api.js
www.google.com/recaptcha/
850 B
875 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5c522f9116ea6ea47e03ca9f70125e37edc03ca979cee71d7e9a8c844d4de537
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
555
x-xss-protection
1; mode=block
expires
Mon, 14 Aug 2023 11:35:22 GMT
style.min.css
ics-cert.kaspersky.com/wp-includes/css/dist/block-library/
95 KB
16 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 28 Jun 2023 22:12:33 GMT
server
nginx
content-encoding
gzip
etag
W/"649cb051-17ced"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
classic-themes.min.css
ics-cert.kaspersky.com/wp-includes/css/
291 B
612 B
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-includes/css/classic-themes.min.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 28 Jun 2023 22:12:33 GMT
server
nginx
content-encoding
gzip
etag
W/"649cb051-123"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
swiper.min.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/
19 KB
4 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/swiper.min.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 13 Oct 2022 20:21:24 GMT
server
nginx
content-encoding
gzip
etag
W/"63487344-4d42"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
select2.min.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/
15 KB
3 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/select2.min.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
31e49ff119a0ddbe6a2c59628e7a7193a97e20992247dd7ffd818f0ab0a6a205
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 13 Oct 2022 20:21:24 GMT
server
nginx
content-encoding
gzip
etag
W/"63487344-3b4c"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
selectize.default.min.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/
9 KB
3 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/selectize.default.min.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
89bbd336534007854ca84e6e1659c1304ea19696ab8f9b04af5a2f67707f6cd0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 13 Oct 2022 20:21:24 GMT
server
nginx
content-encoding
gzip
etag
W/"63487344-24b5"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
tooltipster.min.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/
7 KB
2 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/tooltipster.min.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
a47d6b5e7293f77a4aaea5a7df20d3830b10acafcce2c54c14befbe3fa5f69ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 13 Oct 2022 20:21:23 GMT
server
nginx
content-encoding
gzip
etag
W/"63487343-1b22"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
tooltipster-light.min.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/
207 B
568 B
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/tooltipster-light.min.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
1745ea436aaa982c56ab869677fd4846dcd07ea2261fb573572b0af35bb13555
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 13 Oct 2022 20:21:23 GMT
server
nginx
content-encoding
gzip
etag
W/"63487343-cf"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
magnific-popup.min.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/
5 KB
2 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/cdn/magnific-popup.min.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 13 Oct 2022 20:21:23 GMT
server
nginx
content-encoding
gzip
etag
W/"63487343-148b"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
style.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/
249 KB
54 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
b2adb4f008e0cfee4d09dae8a1e4f5c19d2e492ca646326bc026cbcd9874a847
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 30 Jan 2023 07:34:35 GMT
server
nginx
content-encoding
gzip
etag
W/"63d7730b-3e469"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
service.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/
1 KB
803 B
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/service.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
63355ec0cc69d2bbc2fd4aedeec5d2eae03e8453192bff018c65da5493d6853a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 18 Apr 2022 12:28:43 GMT
server
nginx
content-encoding
gzip
etag
W/"625d597b-422"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
post.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/
71 KB
16 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/post.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
9011d877f13b080cfffe09ecf451453de5b60c1af56b35f488561d309edb32b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 06 Jul 2023 20:49:03 GMT
server
nginx
content-encoding
gzip
etag
W/"64a728bf-11cc5"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
simplebar.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/libs/
4 KB
2 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/libs/simplebar.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
c9e76321a30fe79540c5a5fe74410d3ca813e12e13065b2eb79ce4e969443d11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 19 Aug 2022 09:49:34 GMT
server
nginx
content-encoding
gzip
etag
W/"62ff5cae-f32"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
fix.css
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/fix.css?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
1d3745f80b6110a92a9c4eb260a1f34c93b118e2898f0af2bc83d1894c67f63a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 06 Jul 2023 20:59:10 GMT
server
nginx
content-encoding
gzip
etag
W/"64a72b1e-b59"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
X27_enlighterjs.min.css
ics-cert.kaspersky.com/wp-content/plugins/enlighter/cache/
78 KB
12 KB
Stylesheet
General
Full URL
https://ics-cert.kaspersky.com/wp-content/plugins/enlighter/cache/X27_enlighterjs.min.css?ver=M75GyXRxHHGm8B9
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
2db9f73aadc19fc7a482d18f2ad3626268a76237e4d64f07d46214ca3fed20d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 14 Aug 2023 11:35:22 GMT
server
nginx
content-encoding
gzip
etag
W/"64da117a-1388a"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
logo-ics.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/
7 KB
3 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/logo-ics.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
55fb0a022d2809bd202995a210109bdd7ff494af4fd47336902b2fbd952c808a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 06 Oct 2021 14:27:01 GMT
server
nginx
content-encoding
gzip
etag
W/"615db235-1c7b"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
telegram.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/
1 KB
989 B
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/telegram.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
fc9310308aaf2b1b2b0dd07ac2458a8c27075f269107bae5c8d1523a1b433406
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 23 Mar 2022 22:19:08 GMT
server
nginx
content-encoding
gzip
etag
W/"623b9cdc-449"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
twitter.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/
2 KB
1 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/twitter.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
cb23d15260f981e96001c4ed717434452f702481486e3b181b11334e857044b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 09:44:34 GMT
server
nginx
content-encoding
gzip
etag
W/"60c08d82-850"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
in.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/
868 B
884 B
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/in.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
30960da3876f4fe08239419423e5f31d9715e50fac4c892f6d6087c2a817d752
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 12:34:17 GMT
server
nginx
content-encoding
gzip
etag
W/"611fa149-364"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
email.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/
1 KB
893 B
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/email.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
190615a6ddc58e11e24bce9d742205deac48e47037dd32bab36574536af1e7c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 09:44:31 GMT
server
nginx
content-encoding
gzip
etag
W/"60c08d7f-4c4"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
kruglov.jpg
ics-cert.kaspersky.com/wp-content/uploads/sites/27/2021/11/
250 KB
250 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/uploads/sites/27/2021/11/kruglov.jpg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
177fa440deacfe8aa6b3d01e431308c1cab3c165d2f9175ce4a3e63952dd6cb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 24 Nov 2021 13:02:31 GMT
server
nginx
etag
"619e37e7-3e6e3"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
255715
x-xss-protection
1; mode=block
kopeycev.jpg
ics-cert.kaspersky.com/wp-content/uploads/sites/27/2021/11/
33 KB
33 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/uploads/sites/27/2021/11/kopeycev.jpg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
1fbf65ee83992c5928497d41fbb6da61f884761dda468d2dbaa3c851c2a0b65a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 24 Nov 2021 13:08:10 GMT
server
nginx
etag
"619e393a-8301"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
33537
x-xss-protection
1; mode=block
snegirev.png
ics-cert.kaspersky.com/wp-content/uploads/sites/27/2022/06/
29 KB
30 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/uploads/sites/27/2022/06/snegirev.png
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
fa9df2917ec7c5bbb641eadbcf39890a04fcae497df7fd6b566db6f88e1b8f11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 23 Jun 2022 15:27:05 GMT
server
nginx
etag
"62b48649-74e9"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
29929
x-xss-protection
1; mode=block
table_of_contents.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
4 KB
2 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/table_of_contents.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
67c26a5fecf3cf8d59f0525c9026dddf05d60ff355b28380d0edaa39934ec850
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 20 Apr 2023 21:37:42 GMT
server
nginx
content-encoding
gzip
etag
W/"6441b0a6-e6c"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
rss-vector-footer.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/
779 B
856 B
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/rss-vector-footer.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
d0b124b8f696eba5c0d222ec4d34eea1d44e372001121a61f5048f34cda8840e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 19 Jan 2023 05:01:03 GMT
server
nginx
content-encoding
gzip
etag
W/"63c8ce8f-30b"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
key.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/
696 B
804 B
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/icons/key.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
fe9d09bad67180679d03b4770178e713030ed0f67118d9efa98f4f15165de2ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 09:05:02 GMT
server
nginx
content-encoding
gzip
etag
W/"60c0843e-2b8"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
footer_cert.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/
11 KB
4 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/footer_cert.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
31a1988204c7cd76f06d2dbd82b0ee536ce8f004f1e7afd8dfb411229bbb43c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 19 Nov 2021 18:28:44 GMT
server
nginx
content-encoding
gzip
etag
W/"6197ecdc-2b4e"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
kaspersky.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/
3 KB
2 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/img/kaspersky.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
13c01fc2e94ee7c569128355c1e85f6a8c85b6f34a26270215d4b1a3fe3f72ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 09:04:53 GMT
server
nginx
content-encoding
gzip
etag
W/"60c08435-d69"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
jquery-3.6.4.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
88 KB
36 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/jquery-3.6.4.min.js?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 20 Apr 2023 21:00:44 GMT
server
nginx
content-encoding
gzip
etag
W/"6441a7fc-15ec3"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
libs.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
478 KB
167 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
da924ffa322b79af0af2e0c4ac8ee6beb62e16c0313d723dda9f8d27c7bbdb96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 12 Jul 2022 20:37:33 GMT
server
nginx
content-encoding
gzip
etag
W/"62cddb8d-778a0"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
ScrollMagic.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/
17 KB
7 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/ScrollMagic.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 23 Aug 2022 13:26:17 GMT
server
nginx
content-encoding
gzip
etag
W/"6304d579-4416"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
debug.addIndicators.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/
7 KB
3 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/debug.addIndicators.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 23 Aug 2022 13:26:30 GMT
server
nginx
content-encoding
gzip
etag
W/"6304d586-1bb8"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
select2.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/
67 KB
23 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/select2.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
1870b7c456eb7af4346917168392449543a7717617c53b4c3ae03be1c5803d3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 23 Aug 2022 13:26:16 GMT
server
nginx
content-encoding
gzip
etag
W/"6304d578-10b24"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
selectize.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/
45 KB
18 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/selectize.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
f82d00e4896a9aee107123f1ae51a9699c49d38563b118cabbe1bcda49795099
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 23 Aug 2022 13:26:15 GMT
server
nginx
content-encoding
gzip
etag
W/"6304d577-b309"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
jquery.tooltipster.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/
17 KB
6 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/jquery.tooltipster.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
95e9e3ea5a0771d7eeead1503d41cde92d8eec6da0bfbc97fcff4e9d173c967a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 23 Aug 2022 13:26:20 GMT
server
nginx
content-encoding
gzip
etag
W/"6304d57c-4473"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
jquery.magnific-popup.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/
20 KB
8 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/jquery.magnific-popup.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 23 Aug 2022 13:26:22 GMT
server
nginx
content-encoding
gzip
etag
W/"6304d57e-4ef8"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
inputmask.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
93 KB
33 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/inputmask.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
0f24ca5085d2d3181b6d4b20158b5282e9f0cf024afce687f8b9611833a17405
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 21 Sep 2021 07:58:20 GMT
server
nginx
content-encoding
gzip
etag
W/"6149909c-17329"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
forms2.min.js
go.kaspersky.com/js/forms2/js/
208 KB
70 KB
Script
General
Full URL
https://go.kaspersky.com/js/forms2/js/forms2.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63113904
last-modified
Thu, 13 Jul 2023 18:50:22 GMT
server
cloudflare
cf-cache-status
HIT
age
3630
etag
"341723-34099-60062cdee3780"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
7f68e4dccdbb195c-FRA
expires
Mon, 14 Aug 2023 15:35:22 GMT
simplebar.min.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/
64 KB
24 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/libs/simplebar.min.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
b6e9507fb570c499c7f80306e10f49aedc4b83ace08371c4024e1ebd04aa7b8b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 19 Aug 2022 09:41:19 GMT
server
nginx
content-encoding
gzip
etag
W/"62ff5abf-10140"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
script.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
277 KB
77 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/script.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
c4c16e7aaba6f1771a33267ffa6a2edb3147ee8654e119794419219fed6c3061
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 06 Jul 2023 20:43:42 GMT
server
nginx
content-encoding
gzip
etag
W/"64a7277e-454b7"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
post.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
14 KB
5 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/post.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
802201fb0c8df6708dfc7f2425f573e040cd4a4ce277a5e834972c5a70bc49bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 05 Jul 2023 22:43:49 GMT
server
nginx
content-encoding
gzip
etag
W/"64a5f225-3922"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
search.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
376 KB
131 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/search.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
a81fd0cb9f98399373bd142e503674322f3ece668d07731663da3fa925451030
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 06 Jul 2023 20:43:42 GMT
server
nginx
content-encoding
gzip
etag
W/"64a7277e-5e071"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
ajax.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
0
411 B
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/ajax.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 18 Jun 2021 10:35:22 GMT
server
nginx
etag
"60cc76ea-0"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
0
x-xss-protection
1; mode=block
cvsscalc30.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
20 KB
7 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/cvsscalc30.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
515bc9f8975260083cab2128b2fd713331077149edfb309b08e8a3a9a4bba885
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Jun 2021 10:58:44 GMT
server
nginx
content-encoding
gzip
etag
W/"60d1c264-4f08"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
commit.js
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/
50 KB
11 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/js/commit.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
b657648fea8dfd40797f82706fd82b2771a7c18aedac16ceaa3a64851f38b9b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 06 Jul 2023 20:54:17 GMT
server
nginx
content-encoding
gzip
etag
W/"64a729f9-c743"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
X27_enlighterjs.min.js
ics-cert.kaspersky.com/wp-content/plugins/enlighter/cache/
62 KB
21 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-content/plugins/enlighter/cache/X27_enlighterjs.min.js?ver=M75GyXRxHHGm8B9
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
b2d31599822dae1353d655633c6dbd9454ef2138d172798f4a91119eedd6d89d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 14 Aug 2023 11:35:22 GMT
server
nginx
content-encoding
gzip
etag
W/"64da117a-f756"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
OneSignalSDK.js
cdn.onesignal.com/sdks/
9 KB
3 KB
Script
General
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0d7eace6de7a123701ad163455f50ea9f6f51c5985a49f4d1f6e797009fbdb1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
894
etag
W/"2a3bbde818bef34d53a0df862ead5d5f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7f68e4dcba2130e2-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Thu, 17 Aug 2023 11:35:22 GMT
gtm.js
www.googletagmanager.com/
496 KB
123 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3a613e6de2f1fecb49edad90ffdca6731518c6476e3196f7c202e691651cc6e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
125948
x-xss-protection
0
last-modified
Mon, 14 Aug 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 14 Aug 2023 11:35:22 GMT
wp-emoji-release.min.js
ics-cert.kaspersky.com/wp-includes/js/
18 KB
6 KB
Script
General
Full URL
https://ics-cert.kaspersky.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 28 Jun 2023 22:12:33 GMT
server
nginx
content-encoding
gzip
etag
W/"649cb051-4904"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
recaptcha__de.js
www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/
441 KB
178 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d005e54c557c7b45e4dbbe2abb05bf33bb52631faed17189da60940b07c25ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ics-cert.kaspersky.com/
Origin
https://ics-cert.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 05:01:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23646
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
181564
x-xss-protection
0
last-modified
Sun, 06 Aug 2023 12:02:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 13 Aug 2024 05:01:16 GMT
search.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/
2 KB
1 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/search.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
7fc0056c4e8fb3c755fa7ae276931566ae8b635948b6f663ae6812b9fafc8742
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 17:44:02 GMT
server
nginx
content-encoding
gzip
etag
W/"611fe9e2-789"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
breadcrumbs-arrow.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/
1 KB
1 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/breadcrumbs-arrow.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
aa60c8b27a9a97424a86c8ac244c0d6b6986e0062ecde772de2a07aa446959d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 17:44:04 GMT
server
nginx
content-encoding
gzip
etag
W/"611fe9e4-54e"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
pdf_white.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/
566 B
712 B
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/pdf_white.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
70ba6d4d54217bc2d539a1bbee55ce4aac3e73ec717fc802784cbe767442f35e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 17:44:03 GMT
server
nginx
content-encoding
gzip
etag
W/"611fe9e3-236"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
arrow-up_green.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/
294 B
630 B
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/arrow-up_green.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
5c713c5088e6e5670a082c76b5945af0bdf14874cabc5f3cbf2f967c2ace0ed9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 17:44:10 GMT
server
nginx
content-encoding
gzip
etag
W/"611fe9ea-126"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
MuseoSansCyrl-500.woff
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/
44 KB
45 KB
Font
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/MuseoSansCyrl-500.woff
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
91612bae01a48954d84ad43d0753b720742d72730d13582f2d315fd21dadb561
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Origin
https://ics-cert.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 11:57:26 GMT
server
nginx
etag
"611f98a6-b060"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
font/woff
access-control-allow-origin
https://ics-cert.kaspersky.com
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
45152
x-xss-protection
1; mode=block
KasperskySans-Medium.woff
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/
45 KB
46 KB
Font
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/KasperskySans-Medium.woff
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
5d08cf4192fbf7d68490f54b84f4d4d784126d0c7e3a72a95f9014eb07cbc92f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Origin
https://ics-cert.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 05 Apr 2022 12:44:38 GMT
server
nginx
etag
"624c39b6-b500"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
font/woff
access-control-allow-origin
https://ics-cert.kaspersky.com
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
46336
x-xss-protection
1; mode=block
KasperskySans-Light.woff
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/
45 KB
46 KB
Font
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/KasperskySans-Light.woff
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
e6c4ea7a876a3217a3ed3b77f102bcf88b06334e573b145af0c6018c78ce308a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Origin
https://ics-cert.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 05 Apr 2022 12:43:27 GMT
server
nginx
etag
"624c396f-b5b4"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
font/woff
access-control-allow-origin
https://ics-cert.kaspersky.com
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
46516
x-xss-protection
1; mode=block
KasperskySans-Bold.woff
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/
45 KB
45 KB
Font
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/KasperskySans-Bold.woff
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
2d223e51ec208d5f2b3c41dc05814044632a911344fd0031d5986c3d5bae35df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Origin
https://ics-cert.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 11:57:24 GMT
server
nginx
etag
"611f98a4-b2ec"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
font/woff
access-control-allow-origin
https://ics-cert.kaspersky.com
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
45804
x-xss-protection
1; mode=block
1-768x253.png
ics-cert.kaspersky.com/wp-content/uploads/sites/27/2023/07/
79 KB
79 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/uploads/sites/27/2023/07/1-768x253.png
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
e450049c9e4e1dfd882ae376f116e000cf68f874a3ccffe206db68736983fcdc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 14 Jul 2023 13:14:43 GMT
server
nginx
etag
"64b14a43-13a8b"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
80523
x-xss-protection
1; mode=block
2.png
ics-cert.kaspersky.com/wp-content/uploads/sites/27/2023/07/
72 KB
73 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/uploads/sites/27/2023/07/2.png
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
8aee5ad4986c68e223c3e62e29fe79acf333f6a8ece7ce56e66189dab68b072e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 14 Jul 2023 13:16:11 GMT
server
nginx
etag
"64b14a9b-121d1"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
74193
x-xss-protection
1; mode=block
3.png
ics-cert.kaspersky.com/wp-content/uploads/sites/27/2023/07/
6 KB
7 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/uploads/sites/27/2023/07/3.png
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
397a131877c0d7c027c8eeabfca007f0e120f11a09aa200cd4e800c3681439e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 14 Jul 2023 13:16:56 GMT
server
nginx
etag
"64b14ac8-18fc"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
6396
x-xss-protection
1; mode=block
4-768x564.png
ics-cert.kaspersky.com/wp-content/uploads/sites/27/2023/07/
131 KB
131 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/uploads/sites/27/2023/07/4-768x564.png
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
825a78cdf53b8d8861a4e9edafe55cf8ad6572a13385135950e28817a426c724
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 14 Jul 2023 13:20:09 GMT
server
nginx
etag
"64b14b89-20a99"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
133785
x-xss-protection
1; mode=block
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 14 Aug 2023 09:49:43 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
6339
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 14 Aug 2023 11:49:43 GMT
check_white.svg
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/
2 KB
1 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/images/icons/check_white.svg
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
0778cd2f1eba0c56ac2c8995079e044d7c80c67345a51799a2e86f70d6ff5f7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 17:44:10 GMT
server
nginx
content-encoding
gzip
etag
W/"611fe9ea-7e3"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-xss-protection
1; mode=block
collect
www.google-analytics.com/j/
15 B
226 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=847062081&t=pageview&_s=1&dl=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F&ul=en-us&de=UTF-8&dt=Common%20TTPs%20of%20attacks%20against%20industrial%20organizations.%20Implants%20for%20remote%20access%20%7C%20Kaspersky%20ICS%20CERT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=669953935&gjid=1375065992&cid=1313779484.1692012922&tid=UA-88685013-1&_gid=1556335043.1692012922&_r=1&_slc=1&z=1456241505
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b29d761d258ea9026f97b4470609b066558fe004a8e42199a5e40b1116d79b98
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ics-cert.kaspersky.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 14 Aug 2023 11:35:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ics-cert.kaspersky.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
gtm.js
www.googletagmanager.com/
556 KB
143 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7c9aabcb9f1a689b7c464f3db600654058bb425d1db1fa05e59b2b18584c70a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
145807
x-xss-protection
0
last-modified
Mon, 14 Aug 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 14 Aug 2023 11:35:22 GMT
js
www.googletagmanager.com/gtag/
233 KB
81 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-93LQN8J8DF&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0605c24da72dd3b9613c08462f918a4b4206e41085520b6fc2d950a780707eb6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
82862
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 14 Aug 2023 11:35:22 GMT
collect
region1.analytics.google.com/g/
0
259 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-93LQN8J8DF&gtm=45je3890&_p=847062081&_gaz=1&ul=en-us&sr=1600x1200&cid=1313779484.1692012922&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F&dt=Common%20TTPs%20of%20attacks%20against%20industrial%20organizations.%20Implants%20for%20remote%20access%20%7C%20Kaspersky%20ICS%20CERT&sid=1692012922&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-93LQN8J8DF&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Aug 2023 11:35:22 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ics-cert.kaspersky.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
259 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-93LQN8J8DF&cid=1313779484.1692012922&gtm=45je3890&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-93LQN8J8DF&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Aug 2023 11:35:22 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ics-cert.kaspersky.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-93LQN8J8DF&cid=1313779484.1692012922&gtm=45je3890&aip=1&z=652586006
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Aug 2023 11:35:22 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/
284 KB
68 KB
Script
General
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.2.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
425197a561a2dc98259d7e284f708115b672f426a8adc0955f6f42fbaa61d7ae
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
2742
etag
W/"7f9669464fe15e6a516c0eb693b26dbb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7f68e4df3e7030e2-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Thu, 17 Aug 2023 11:35:22 GMT
MuseoSansCyrl-300.woff
ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/
44 KB
44 KB
Font
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/fonts/MuseoSansCyrl-300.woff
Requested by
Host: ics-cert.kaspersky.com
URL: https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
8d5cd94631173b6f37f652afe93483949846d80d76afe1c5fa2d9a561182c066
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ics-cert.kaspersky.com/wp-content/themes/new_ics_cert/assests/css/style.css?ver=6.2.2
Origin
https://ics-cert.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 20 Aug 2021 11:57:25 GMT
server
nginx
etag
"611f98a5-aeb4"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
font/woff
access-control-allow-origin
https://ics-cert.kaspersky.com
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
44724
x-xss-protection
1; mode=block
anchor
www.google.com/recaptcha/api2/ Frame 7651
55 KB
31 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq&co=aHR0cHM6Ly9pY3MtY2VydC5rYXNwZXJza3kuY29tOjQ0Mw..&hl=de&v=3kTz7WGoZLQTivI-amNftGZO&size=normal&cb=88lxoso6nf3c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__de.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0975c8441eae22eee9165c045c23aacc57f9929064b3b6bedc09cb5e930fb7c3
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-caULLh_-V3Dw3jcr8wKI_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ics-cert.kaspersky.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
31421
content-security-policy
script-src 'report-sample' 'nonce-caULLh_-V3Dw3jcr8wKI_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 14 Aug 2023 11:35:22 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
destination
www.googletagmanager.com/gtag/
260 KB
87 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=G-NSVBRC7S52&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
71d72904f051ae9f033d1c7de9da184609132b28fae5acc84c3401b7305d100d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
89485
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 14 Aug 2023 11:35:22 GMT
web
onesignal.com/api/v1/sync/422be36b-503e-4627-a36f-992622a95746/
3 KB
2 KB
Script
General
Full URL
https://onesignal.com/api/v1/sync/422be36b-503e-4627-a36f-992622a95746/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e5ce5838c5f8b9034c257c625ae421b5e07fb8b96c98a3523531424302d51e0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
age
755
cf-polished
origSize=3396
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
fb0bb028-dda7-4fcd-a42d-8272cd1c329a
x-runtime
0.045368
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"4053aa961d869e95bd75aacd5d8138a0"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
7f68e4dfbf2930e2-FRA
access-control-allow-headers
SDK-Version
expires
Mon, 14 Aug 2023 12:35:22 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/ Frame 7651
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq&co=aHR0cHM6Ly9pY3MtY2VydC5rYXNwZXJza3kuY29tOjQ0Mw..&hl=de&v=3kTz7WGoZLQTivI-amNftGZO&size=normal&cb=88lxoso6nf3c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 08:16:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11951
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24605
x-xss-protection
0
last-modified
Sun, 06 Aug 2023 12:02:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 13 Aug 2024 08:16:11 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/ Frame 7651
441 KB
177 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq&co=aHR0cHM6Ly9pY3MtY2VydC5rYXNwZXJza3kuY29tOjQ0Mw..&hl=de&v=3kTz7WGoZLQTivI-amNftGZO&size=normal&cb=88lxoso6nf3c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d005e54c557c7b45e4dbbe2abb05bf33bb52631faed17189da60940b07c25ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 05:01:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23646
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
181564
x-xss-protection
0
last-modified
Sun, 06 Aug 2023 12:02:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 13 Aug 2024 05:01:16 GMT
OneSignalSDKStyles.css
onesignal.com/sdks/
82 KB
9 KB
Stylesheet
General
Full URL
https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:22 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
2370
etag
W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
7f68e4e06fff9b3a-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Wed, 13 Sep 2023 11:35:22 GMT
truncated
/ Frame 7651
14 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 7651
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/png
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 7651
2 KB
2 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sat, 12 Aug 2023 06:02:48 GMT
x-content-type-options
nosniff
age
192755
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Sat, 19 Aug 2023 06:02:48 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7651
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq&co=aHR0cHM6Ly9pY3MtY2VydC5rYXNwZXJza3kuY29tOjQ0Mw..&hl=de&v=3kTz7WGoZLQTivI-amNftGZO&size=normal&cb=88lxoso6nf3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sat, 12 Aug 2023 08:35:58 GMT
x-content-type-options
nosniff
age
183565
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 11 Aug 2024 08:35:58 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 7651
102 B
134 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=3kTz7WGoZLQTivI-amNftGZO
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq&co=aHR0cHM6Ly9pY3MtY2VydC5rYXNwZXJza3kuY29tOjQ0Mw..&hl=de&v=3kTz7WGoZLQTivI-amNftGZO&size=normal&cb=88lxoso6nf3c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a9c87b1ce80a8696f4790411959bb5cf0ccf1bc0a9c8cf2477c88a44e1104f4b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq&co=aHR0cHM6Ly9pY3MtY2VydC5rYXNwZXJza3kuY29tOjQ0Mw..&hl=de&v=3kTz7WGoZLQTivI-amNftGZO&size=normal&cb=88lxoso6nf3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112
x-xss-protection
1; mode=block
expires
Mon, 14 Aug 2023 11:35:23 GMT
bframe
www.google.com/recaptcha/api2/ Frame 9EBD
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=3kTz7WGoZLQTivI-amNftGZO&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9bd4e8dad737cfe42f63fd6786f41656f7a37bfe2479042dab12bb3ecf3db703
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-3wuNVVhVcSBjNiMZeS_bZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ics-cert.kaspersky.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
1161
content-security-policy
script-src 'report-sample' 'nonce-3wuNVVhVcSBjNiMZeS_bZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 14 Aug 2023 11:35:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
icon
onesignal.com/api/v1/apps/422be36b-503e-4627-a36f-992622a95746/
240 B
772 B
Fetch
General
Full URL
https://onesignal.com/api/v1/apps/422be36b-503e-4627-a36f-992622a95746/icon
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97160b6dd11e6c712dac3618caa0b31927e95e0dedee9b9b205fbd2245ca0349
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:23 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
498058a5-5a46-4f76-aad6-e22ecfd66945
x-runtime
0.019250
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"97160b6dd11e6c712dac3618caa0b319"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept, Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate
cf-ray
7f68e4e18e412bf2-FRA
access-control-allow-headers
SDK-Version
styles__ltr.css
www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/ Frame 9EBD
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=3kTz7WGoZLQTivI-amNftGZO&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24605
x-xss-protection
0
last-modified
Sun, 06 Aug 2023 12:02:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 13 Aug 2024 11:35:23 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/ Frame 9EBD
441 KB
177 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=3kTz7WGoZLQTivI-amNftGZO&k=6Lc4EwkUAAAAAMHZJ47EcbYQ2SNuyT-nYvVtRfqq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d005e54c557c7b45e4dbbe2abb05bf33bb52631faed17189da60940b07c25ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 05:01:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23647
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
181564
x-xss-protection
0
last-modified
Sun, 06 Aug 2023 12:02:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 13 Aug 2024 05:01:16 GMT
logo_for_push_ics_cert.png
ics-cert.kaspersky.com/wp-content/themes/ics_theme/assets/picture/
9 KB
10 KB
Image
General
Full URL
https://ics-cert.kaspersky.com/wp-content/themes/ics_theme/assets/picture/logo_for_push_ics_cert.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.105.225.103 St Petersburg, Russian Federation, ASN200487 (OOOVPS-AS, RU),
Reverse DNS
fthub.kaspersky.com
Software
nginx /
Resource Hash
24d0839fe019a3a2bf30ad9b50ed65935a2718c921e32147db3439a58bd8210a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 03 Feb 2021 18:33:07 GMT
server
nginx
etag
"601aec63-248f"
x-frame-options
sameorigin
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
9359
x-xss-protection
1; mode=block
insight.min.js
snap.licdn.com/li.lms-analytics/
13 KB
5 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 24 Jul 2023 09:07:54 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=85776
accept-ranges
bytes
content-length
4862
js
www.googletagmanager.com/gtag/
169 KB
62 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-12346775
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2e6c0b99374b9b4ae379caea60b2c5bd5dd50a3adb65c47c3b67d7535b64f672
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:23 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63953
x-xss-protection
0
last-modified
Mon, 14 Aug 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 14 Aug 2023 11:35:23 GMT
tune.js
js.go2sdk.com/v2/
18 KB
18 KB
Script
General
Full URL
https://js.go2sdk.com/v2/tune.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-122.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cca8ce472cbf8c44acf7ac24067c2d6075acd1e0cd4c9003de6055289ac5c68a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id
null
date
Mon, 14 Aug 2023 03:39:39 GMT
via
1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront)
last-modified
Wed, 06 Jan 2021 18:55:14 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
age
28545
x-amz-server-side-encryption
AES256
etag
"074c9e70b17ef9db8aced963fef4e2d9"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
17921
x-amz-cf-id
UcP-U9w-Q21jUrbvgfES0s-rN8gVrArfNDx8VjjDYHzY8EuIXUOekg==
activityi;dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Frep...
12346775.fls.doubleclick.net/ Frame B184
Redirect Chain
  • https://12346775.fls.doubleclick.net/activityi;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2F...
  • https://12346775.fls.doubleclick.net/activityi;dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.k...
1010 B
620 B
Document
General
Full URL
https://12346775.fls.doubleclick.net/activityi;dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-12346775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f6.1e100.net
Software
cafe /
Resource Hash
768775951e71c82d725c93894c8068d4ea06576dfcbd08ce49b18acf64a798fa
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ics-cert.kaspersky.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
444
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Aug 2023 11:35:23 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Aug 2023 11:35:23 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://12346775.fls.doubleclick.net/activityi;dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
token
cdn.linkedin.oribi.io/partner/39138/domain/ics-cert.kaspersky.com/
36 B
375 B
XHR
General
Full URL
https://cdn.linkedin.oribi.io/partner/39138/domain/ics-cert.kaspersky.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:3200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://ics-cert.kaspersky.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:05:31 GMT
content-encoding
gzip
via
1.1 db66f1cc00a415c34c42ad011b26850c.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
age
1791
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
x-amz-cf-id
hEaYLBkJHNl6JektaZ2Ndk9iDWBBhYgwaflCYOyEhqUpO2eGYDo_vA==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-indus...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-indus...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1692012923348%26url%3Dhttps%253A%252F%252Fics-cert.kaspersky.com%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-indus...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-indu...
0
264 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F&cookiesTest=true&liSync=true&e_ipv6=AQI2kBxPCldIpAAAAYnz1E0_yTvk5bDf41Z2RPJYCo0vmMWtWIX5wuQ2VWTkvEYBGH-T14LglASBcA
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ics-cert.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 11:35:24 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 0E14206E4D8E473982993365242B008A Ref B: FRAEDGE1212 Ref C: 2023-08-14T11:35:24Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYC4HVRNH+FbnWFFWcp6A==

Redirect headers

date
Mon, 14 Aug 2023 11:35:23 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: E3AF03583AE744C5AEEEE98BB5F5F9D3 Ref B: FRAEDGE1212 Ref C: 2023-08-14T11:35:24Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1692012923348&url=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F&cookiesTest=true&liSync=true&e_ipv6=AQI2kBxPCldIpAAAAYnz1E0_yTvk5bDf41Z2RPJYCo0vmMWtWIX5wuQ2VWTkvEYBGH-T14LglASBcA
x-li-proto
http/2
content-length
0
x-li-uuid
AAYC4HVNnT8Xe3PQLoLLmA==
dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F202...
adservice.google.com/ddm/fls/i/ Frame 315D
1009 B
822 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Requested by
Host: 12346775.fls.doubleclick.net
URL: https://12346775.fls.doubleclick.net/activityi;dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d1cc55eda958476f9771bf0a19db51b59bd4b8e5e1e820af8efa11b85c196177
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://12346775.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
447
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Aug 2023 11:35:23 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F202...
12346775.fls.doubleclick.net/ddm/fls/r/ Frame 8AD4
Redirect Chain
  • https://adservice.google.de/ddm/fls/i/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky....
  • https://12346775.fls.doubleclick.net/ddm/fls/r/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.k...
6 KB
681 B
Document
General
Full URL
https://12346775.fls.doubleclick.net/ddm/fls/r/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f6.1e100.net
Software
cafe /
Resource Hash
e79f07efdba7e03789d41c9f87c22bef1ac19de8b2f737735621bc6b10fde704
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
656
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Aug 2023 11:35:24 GMT
expires
Mon, 14 Aug 2023 11:35:24 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Aug 2023 11:35:24 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://12346775.fls.doubleclick.net/ddm/fls/r/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
src=13364882;dc_pre=CI62xaqH3IADFdFfDQod2rcO8A;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=4927660760729.657
adservice.google.com/ddm/fls/z/ Frame 8AD4
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=13364882;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=4927660760729.657?
  • https://ad.doubleclick.net/ddm/activity/src=13364882;dc_pre=CI62xaqH3IADFdFfDQod2rcO8A;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;o...
  • https://adservice.google.com/ddm/fls/z/src=13364882;dc_pre=CI62xaqH3IADFdFfDQod2rcO8A;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;or...
42 B
118 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/src=13364882;dc_pre=CI62xaqH3IADFdFfDQod2rcO8A;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=4927660760729.657
Requested by
Host: 12346775.fls.doubleclick.net
URL: https://12346775.fls.doubleclick.net/ddm/fls/r/dc_pre=CIzahaqH3IADFdVKDQod2OoEwg;src=12346775;type=globalc;cat=globa0;ord=3937847069059;auiddc=368570615.1692012923;u1=B2C;u2=no_locale;u4=ics-cert.kaspersky.com;u5=%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F;u6=;u7=undefined-1313779484.1692012922;u9=_publications_reports_2023_07_20_common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access_;gtm=45fe3890;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fics-cert.kaspersky.com%2Fpublications%2Freports%2F2023%2F07%2F20%2Fcommon-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access%2F
Protocol
H2
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://12346775.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Aug 2023 11:35:24 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 14 Aug 2023 11:35:24 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://adservice.google.com/ddm/fls/z/src=13364882;dc_pre=CI62xaqH3IADFdFfDQod2rcO8A;type=invmedia;cat=kaspe00v;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=4927660760729.657
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| dataLayer object| _wpemojiSettings object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| documentInitOneSignal function| OneSignal string| generic_table_of_contents_headers_list function| renderItem function| renderItemHeader function| renderList function| renderListHeader string| currentLocale object| searchLocale string| GoogleAnalyticsObject function| ga function| $ function| jQuery object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| postscribe object| google_tag_manager_external object| recaptcha function| polyfill object| Modernizr function| moment function| daterangepicker object| mobiscroll function| ScrollMagic function| Sifter object| MicroPlugin function| Selectize function| Inputmask function| default object| MktoForms2 function| SimpleBar object| app object| pageAside object| twemoji object| wp object| regeneratorRuntime function| _ function| CVSS object| EnlighterJS function| EnlighterJSINIT object| closure_lm_185810 function| gtag object| modals number| __oneSignalSdkLoadCount object| _oneSignalInitOptions function| __jp0 function| onYouTubeIframeAPIReady string| main_loc object| in_domain object| locale_out undefined| url_path_start_latam undefined| locale_out_latam string| firstPart undefined| locale object| url_path_start undefined| domain_loc function| SetCookie string| newCookieValue string| _linkedin_data_partner_id object| tdl function| parcelRequire function| lintrk boolean| _already_called_lintrk

17 Cookies

Domain/Path Name / Value
.go.kaspersky.com/ Name: __cf_bm
Value: Ua3SmARw6i4BNIfl4w4Sz68ltIay22n6I2Wjje47RU4-1692012922-0-AbK5InrYWOBsSvZSMtZMKSNXzFP8hCCBxx2HbMs3zQZU8LJ5XyqVOb0aE3CzVE9v5dHV9F6wXI06z+QJZL6zNw0=
.onesignal.com/ Name: __cf_bm
Value: R8kIuTiP6sFe7vF.71bVl9Cc1vBx4DC.aue5Q8Eg17k-1692012922-0-AQ2w7VXWivT5tShQga5cfzIxf71VdtA/xewMdWYSCQteZ/HXEyZCCl7FvENNa4JJz28OT/ZpJQq+3IODNVRq57M=
.kaspersky.com/ Name: _ga
Value: GA1.2.1313779484.1692012922
.kaspersky.com/ Name: _gid
Value: GA1.2.1556335043.1692012922
.kaspersky.com/ Name: _gat
Value: 1
.kaspersky.com/ Name: _ga_93LQN8J8DF
Value: GS1.2.1692012922.1.0.1692012922.60.0.0
ics-cert.kaspersky.com/ Name: CookieConsent
Value: {stamp:1231097506=='|Cnecessary:true|Cpreferences:true|Cstatistics:true|Cmarketing:true|Cver:1|Cutc:211680926|Cregion:'not_gdpr'}
.kaspersky.com/ Name: _gcl_au
Value: 1.1.368570615.1692012923
ics-cert.kaspersky.com/ Name: ln_or
Value: eyIzOTEzOCI6ImQifQ%3D%3D
.linkedin.com/ Name: li_sugr
Value: 99865398-2ec6-4e34-857b-258e6fa43a88
.linkedin.com/ Name: bcookie
Value: "v=2&d751ca94-186c-4038-8ebb-be41ebb1adaf"
.linkedin.com/ Name: lidc
Value: "b=TGST04:s=T:r=T:a=T:p=T:g=2989:u=1:x=1:i=1692012923:t=1692099323:v=2:sig=AQGAPsff4CHzy0dtXBkL__O-7Ww_eWOs"
.linkedin.com/ Name: UserMatchHistory
Value: AQK85WWDeOi5egAAAYnz1EvkhxA8D5s3Ug8b4j6WPJqVRK17PpOFWQ9YuTFcUAZWJfxLfbhRK21Csw
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJlso9UIef_CgAAAYnz1EvkBeCWlODr0MtEaXLv3zfWSeCtsPG_sL8kFVHTJsjhi6bhs_OYmL3yLpvf1aRWaQ
.www.linkedin.com/ Name: bscookie
Value: "v=1&2023081411352420c44b0d-a309-4bc1-8b94-06f459f2a540AQHlA81lyN2rhzS5jxY8BviXWUY_feZo"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTIwMTI5MjQ7MjswMjHwQSmJhfcXbH1j6YRxdfluYZa+RHyMDHUi0T9lMUXdgQ==
.doubleclick.net/ Name: IDE
Value: AHWqTUk4EObsNXox8GeZLjBfyroQxoXTQataP46xj_NVMaPEvfJtzIEoyvsmcH0ixVM

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12346775.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
adservice.google.de
cdn.linkedin.oribi.io
cdn.onesignal.com
fonts.gstatic.com
go.kaspersky.com
ics-cert.kaspersky.com
js.go2sdk.com
onesignal.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
104.17.74.206
13.107.42.14
142.250.186.102
172.217.16.198
18.66.97.122
185.105.225.103
2001:4860:4802:32::36
2600:9000:2127:3200:2:53b2:240:93a1
2606:4700::6812:d63b
2620:1ec:21::14
2a00:1450:4001:800::2008
2a00:1450:4001:806::2003
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:828::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:831::200e
2a00:1450:400c:c1b::9b
2a02:26f0:3500:16::215:148d
0605c24da72dd3b9613c08462f918a4b4206e41085520b6fc2d950a780707eb6
0778cd2f1eba0c56ac2c8995079e044d7c80c67345a51799a2e86f70d6ff5f7e
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0975c8441eae22eee9165c045c23aacc57f9929064b3b6bedc09cb5e930fb7c3
0f24ca5085d2d3181b6d4b20158b5282e9f0cf024afce687f8b9611833a17405
13c01fc2e94ee7c569128355c1e85f6a8c85b6f34a26270215d4b1a3fe3f72ef
1745ea436aaa982c56ab869677fd4846dcd07ea2261fb573572b0af35bb13555
177fa440deacfe8aa6b3d01e431308c1cab3c165d2f9175ce4a3e63952dd6cb3
1870b7c456eb7af4346917168392449543a7717617c53b4c3ae03be1c5803d3c
190615a6ddc58e11e24bce9d742205deac48e47037dd32bab36574536af1e7c2
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d005e54c557c7b45e4dbbe2abb05bf33bb52631faed17189da60940b07c25ae
1d3745f80b6110a92a9c4eb260a1f34c93b118e2898f0af2bc83d1894c67f63a
1fbf65ee83992c5928497d41fbb6da61f884761dda468d2dbaa3c851c2a0b65a
24d0839fe019a3a2bf30ad9b50ed65935a2718c921e32147db3439a58bd8210a
2d223e51ec208d5f2b3c41dc05814044632a911344fd0031d5986c3d5bae35df
2db9f73aadc19fc7a482d18f2ad3626268a76237e4d64f07d46214ca3fed20d6
2e6c0b99374b9b4ae379caea60b2c5bd5dd50a3adb65c47c3b67d7535b64f672
30960da3876f4fe08239419423e5f31d9715e50fac4c892f6d6087c2a817d752
31a1988204c7cd76f06d2dbd82b0ee536ce8f004f1e7afd8dfb411229bbb43c3
31e49ff119a0ddbe6a2c59628e7a7193a97e20992247dd7ffd818f0ab0a6a205
397a131877c0d7c027c8eeabfca007f0e120f11a09aa200cd4e800c3681439e9
3a613e6de2f1fecb49edad90ffdca6731518c6476e3196f7c202e691651cc6e4
3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
425197a561a2dc98259d7e284f708115b672f426a8adc0955f6f42fbaa61d7ae
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
515bc9f8975260083cab2128b2fd713331077149edfb309b08e8a3a9a4bba885
55fb0a022d2809bd202995a210109bdd7ff494af4fd47336902b2fbd952c808a
5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f
5c522f9116ea6ea47e03ca9f70125e37edc03ca979cee71d7e9a8c844d4de537
5c713c5088e6e5670a082c76b5945af0bdf14874cabc5f3cbf2f967c2ace0ed9
5d08cf4192fbf7d68490f54b84f4d4d784126d0c7e3a72a95f9014eb07cbc92f
5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541
63355ec0cc69d2bbc2fd4aedeec5d2eae03e8453192bff018c65da5493d6853a
67c26a5fecf3cf8d59f0525c9026dddf05d60ff355b28380d0edaa39934ec850
6e5ce5838c5f8b9034c257c625ae421b5e07fb8b96c98a3523531424302d51e0
70ba6d4d54217bc2d539a1bbee55ce4aac3e73ec717fc802784cbe767442f35e
71d72904f051ae9f033d1c7de9da184609132b28fae5acc84c3401b7305d100d
768775951e71c82d725c93894c8068d4ea06576dfcbd08ce49b18acf64a798fa
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7c9aabcb9f1a689b7c464f3db600654058bb425d1db1fa05e59b2b18584c70a3
7fc0056c4e8fb3c755fa7ae276931566ae8b635948b6f663ae6812b9fafc8742
802201fb0c8df6708dfc7f2425f573e040cd4a4ce277a5e834972c5a70bc49bb
825a78cdf53b8d8861a4e9edafe55cf8ad6572a13385135950e28817a426c724
89bbd336534007854ca84e6e1659c1304ea19696ab8f9b04af5a2f67707f6cd0
8aee5ad4986c68e223c3e62e29fe79acf333f6a8ece7ce56e66189dab68b072e
8d5cd94631173b6f37f652afe93483949846d80d76afe1c5fa2d9a561182c066
9011d877f13b080cfffe09ecf451453de5b60c1af56b35f488561d309edb32b4
91612bae01a48954d84ad43d0753b720742d72730d13582f2d315fd21dadb561
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
95e9e3ea5a0771d7eeead1503d41cde92d8eec6da0bfbc97fcff4e9d173c967a
97160b6dd11e6c712dac3618caa0b31927e95e0dedee9b9b205fbd2245ca0349
9bd4e8dad737cfe42f63fd6786f41656f7a37bfe2479042dab12bb3ecf3db703
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a47d6b5e7293f77a4aaea5a7df20d3830b10acafcce2c54c14befbe3fa5f69ab
a81fd0cb9f98399373bd142e503674322f3ece668d07731663da3fa925451030
a9c87b1ce80a8696f4790411959bb5cf0ccf1bc0a9c8cf2477c88a44e1104f4b
aa60c8b27a9a97424a86c8ac244c0d6b6986e0062ecde772de2a07aa446959d7
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
b29d761d258ea9026f97b4470609b066558fe004a8e42199a5e40b1116d79b98
b2adb4f008e0cfee4d09dae8a1e4f5c19d2e492ca646326bc026cbcd9874a847
b2d31599822dae1353d655633c6dbd9454ef2138d172798f4a91119eedd6d89d
b657648fea8dfd40797f82706fd82b2771a7c18aedac16ceaa3a64851f38b9b8
b6e9507fb570c499c7f80306e10f49aedc4b83ace08371c4024e1ebd04aa7b8b
c0d7eace6de7a123701ad163455f50ea9f6f51c5985a49f4d1f6e797009fbdb1
c4c16e7aaba6f1771a33267ffa6a2edb3147ee8654e119794419219fed6c3061
c9e76321a30fe79540c5a5fe74410d3ca813e12e13065b2eb79ce4e969443d11
cb23d15260f981e96001c4ed717434452f702481486e3b181b11334e857044b7
cca8ce472cbf8c44acf7ac24067c2d6075acd1e0cd4c9003de6055289ac5c68a
d0108352b93a67363fcb569931b98241212255b7dedf0d382cd511da6dfc6bc5
d0b124b8f696eba5c0d222ec4d34eea1d44e372001121a61f5048f34cda8840e
d1cc55eda958476f9771bf0a19db51b59bd4b8e5e1e820af8efa11b85c196177
da924ffa322b79af0af2e0c4ac8ee6beb62e16c0313d723dda9f8d27c7bbdb96
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e450049c9e4e1dfd882ae376f116e000cf68f874a3ccffe206db68736983fcdc
e6c4ea7a876a3217a3ed3b77f102bcf88b06334e573b145af0c6018c78ce308a
e79f07efdba7e03789d41c9f87c22bef1ac19de8b2f737735621bc6b10fde704
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
f82d00e4896a9aee107123f1ae51a9699c49d38563b118cabbe1bcda49795099
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fa9df2917ec7c5bbb641eadbcf39890a04fcae497df7fd6b566db6f88e1b8f11
fc9310308aaf2b1b2b0dd07ac2458a8c27075f269107bae5c8d1523a1b433406
fe9d09bad67180679d03b4770178e713030ed0f67118d9efa98f4f15165de2ee