www.deepinstinct.com Open in urlscan Pro
2600:1f1c:471:9d01::c8 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Submission: On July 03 via api (July 3rd 2023, 6:27:52 am UTC) from IN — Scanned from DE

Summary HTTP 143 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 43 IPs in 5 countries across 35 domains to perform 143 HTTP transactions. The main IP is 2600:1f1c:471:9d01::c8, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is www.deepinstinct.com.
TLS certificate: Issued by R3 on June 22nd 2023. Valid for: 3 months.

This is the only time www.deepinstinct.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 80	2600:1f1c:471... 2600:1f1c:471:9d01::c8	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
4	2a02:26f0:310... 2a02:26f0:3100::1735:28f0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.97.49 18.66.97.49	16509 (AMAZON-02) (AMAZON-02)
1	108.138.17.47 108.138.17.47	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:863b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:310... 2a02:26f0:3100::1735:28a8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
3	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:310... 2a02:26f0:3100::1735:28b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1b::9c	15169 (GOOGLE) (GOOGLE)
1	52.222.236.74 52.222.236.74	16509 (AMAZON-02) (AMAZON-02)
2	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
2	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	18.66.97.57 18.66.97.57	16509 (AMAZON-02) (AMAZON-02)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:20e... 2600:9000:20eb:ea00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6811:836e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:88ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:18c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.248.118.128 34.248.118.128	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:249... 2600:9000:2490:ca00:1d:8d6d:3b40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	151.101.192.143 151.101.192.143	54113 (FASTLY) (FASTLY)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	2600:1f18:612... 2600:1f18:612b:4200:f677:2600:2836:f912	14618 (AMAZON-AES) (AMAZON-AES)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.250.166.22 34.250.166.22	16509 (AMAZON-02) (AMAZON-02)
4	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	169.46.32.99 169.46.32.99	() ()
143	43

80 2600:1f1c:471:9d01::c8 (San Jose, United States) 3 redirects

ASN16509 (AMAZON-02, US)

www.deepinstinct.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3100::1735:28f0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-49.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-47.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:863b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3100::1735:28a8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:28b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-74.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-57.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:ea00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:836e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:88ce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:18c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.118.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-118-128.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:ca00:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.192.143 (United States)

ASN54113 (FASTLY, US)

s.swiftypecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:f677:2600:2836:f912 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.166.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-166-22.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.46.32.99 (None, )

ASN- ()

cc.swiftype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
80	deepinstinct.com 3 redirects www.deepinstinct.com	11 MB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 414 www.linkedin.com — Cisco Umbrella Rank: 544 px4.ads.linkedin.com — Cisco Umbrella Rank: 6544	5 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 614 p.typekit.net — Cisco Umbrella Rank: 795	78 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	286 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63 region1.google-analytics.com — Cisco Umbrella Rank: 1623	21 KB
3	swiftypecdn.com s.swiftypecdn.com — Cisco Umbrella Rank: 12156	149 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 17554 ibc-flow.techtarget.com — Cisco Umbrella Rank: 18818	2 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 8631	26 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 390	13 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	219 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 753 script.hotjar.com — Cisco Umbrella Rank: 1081 in.hotjar.com — Cisco Umbrella Rank: 5711	74 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	2 KB
2	google.de www.google.de — Cisco Umbrella Rank: 4752	562 B
2	google.com www.google.com — Cisco Umbrella Rank: 10	562 B
2	company-target.com s.company-target.com — Cisco Umbrella Rank: 1995 api.company-target.com — Cisco Umbrella Rank: 3913	2 KB
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 732	609 B
2	t.co t.co — Cisco Umbrella Rank: 511	582 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 914	6 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 stats.g.doubleclick.net — Cisco Umbrella Rank: 130	2 KB
2	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 4924 tag-logger.demandbase.com — Cisco Umbrella Rank: 4700	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	169 KB
1	swiftype.com cc.swiftype.com	279 B
1	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2542	1 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 6111	161 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 374	239 B
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 1248	392 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 14277	202 B
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2438	16 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2425	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4595	87 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1031	375 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 717	98 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 768	15 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2680	1 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1191	49 KB
143	35

	Domain	Requested by
80	www.deepinstinct.com	3 redirects www.deepinstinct.com
4	www.facebook.com	www.deepinstinct.com
4	use.typekit.net	www.deepinstinct.com use.typekit.net
3	s.swiftypecdn.com	www.deepinstinct.com cdn.bizible.com s.swiftypecdn.com
3	px.ads.linkedin.com	3 redirects
3	cdn.bizible.com	www.googletagmanager.com www.deepinstinct.com cdn.bizible.com
3	bat.bing.com	www.deepinstinct.com bat.bing.com
3	connect.facebook.net	www.deepinstinct.com connect.facebook.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.deepinstinct.com
2	dsum-sec.casalemedia.com	1 redirects s.company-target.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	www.google.de	www.deepinstinct.com
2	www.google.com	www.deepinstinct.com
2	analytics.twitter.com	www.deepinstinct.com
2	t.co	www.deepinstinct.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.googletagmanager.com	www.deepinstinct.com www.googletagmanager.com
1	cc.swiftype.com
1	track.hubspot.com
1	content.hotjar.io	cdn.bizible.com
1	pixel.rubiconproject.com	s.company-target.com
1	partners.tremorhub.com	s.company-target.com
1	tag-logger.demandbase.com	cdn.bizible.com
1	in.hotjar.com	cdn.bizible.com
1	cdn.bizibly.com	www.deepinstinct.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	px4.ads.linkedin.com	www.deepinstinct.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	api.company-target.com	tag.demandbase.com
1	id.rlcdn.com	www.deepinstinct.com
1	s.company-target.com	tag.demandbase.com
1	script.hotjar.com	static.hotjar.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	p.typekit.net	use.typekit.net
1	trk.techtarget.com	www.deepinstinct.com
1	static.ads-twitter.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	js.hs-scripts.com	www.googletagmanager.com
1	tag.demandbase.com	www.deepinstinct.com
1	static.hotjar.com	www.googletagmanager.com
1	www.googleoptimize.com	www.deepinstinct.com
143	45

This site contains links to these domains. Also see Links.

Domain
portal.deepinstinct.com
info.deepinstinct.com
attack.mitre.org
www.cybercom.mil
twitter.com
www.ynetnews.com
urlscan.io
www.microsoft.com
github.com
www.lockheedmartin.com
www.virustotal.com
www.group-ib.com
blog.talosintelligence.com
www.security.ntt
www.mandiant.com
symantec-enterprise-blogs.security.com
www.youtube.com
www.linkedin.com
www.facebook.com

Subject Issuer	Validity	Valid
deepinstinct.com R3	`2023-06-22` - `2023-09-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-08-17` - `2023-09-18`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-11` - `2023-07-10`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.company-target.com R3	`2023-06-18` - `2023-09-16`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-09-16` - `2023-10-18`	a year	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-05-30` - `2023-08-28`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
*.demandbase.com Amazon RSA 2048 M01	`2023-02-22` - `2023-09-08`	7 months	crt.sh
s.swiftypecdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-02` - `2024-08-02`	a year	crt.sh
*.tremorhub.com Amazon RSA 2048 M01	`2023-02-22` - `2024-03-23`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2023-03-02` - `2024-03-30`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.swiftype.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-21` - `2024-07-14`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Frame ID: 6F675F0737B86177FE087F4E2C3C5008
Requests: 138 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: 0E27DBEE28A3BFDB28DBD89770B41FC9
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 996872746C9F200A82C03065F9F429FF
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 27D182C76D65A64F8217883159B16BD5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater | Deep Instinct

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

143
Requests

96 %
HTTPS

58 %
IPv6

35
Domains

45
Subdomains

43
IPs

5
Countries

11841 kB
Transfer

15234 kB
Size

45
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://portal.deepinstinct.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://info.deepinstinct.com/request-a-demo
Title: Request Demo

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/groups/G0069/
Title: group

Search URL Search Domain Scan URL

URL: https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/
Title: subordinate

Search URL Search Domain Scan URL

URL: https://twitter.com/sicehice/status/1643716252639305730/photo/1
Title: Sicehice

Search URL Search Domain Scan URL

URL: https://www.ynetnews.com/business/article/syjobiuti
Title: Technion

Search URL Search Domain Scan URL

URL: https://urlscan.io/result/afc4fc6f-e47c-45e6-abbe-953b7ad124a4/
Title: Sicehice

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/
Title: known

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/
Title: report

Search URL Search Domain Scan URL

URL: https://github.com/ekzhang/bore
Title: bore

Search URL Search Domain Scan URL

URL: https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf
Title: Intrusion Kill Chain.

Search URL Search Domain Scan URL

URL: https://github.com/ahmedkhlief/muddyc3-Revived/
Title: MuddyC3

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0223/
Title: POWERSTATS

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/64ca9df12baf605dfddbcbcaeab7893b137852e44a1b63016037c2795402fa33/details
Title: 87.236.212[.]22

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/ec91ace1d7d49bcc32c1f67f8d472250eff06b4b994957d640ce1aad19fbc2fe/telemetry
Title: payload

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/762a6bea6a4c251d5a504aa1c7d9145a3a8b5676501cfe6094a47f6be0fc4f54/details
Title: submission

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/blog/muddywater-infrastructure/
Title: report

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/iranian-supergroup-muddywater/
Title: blog

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/2ee4dbb65712a5d69c3d27883ebf2bca0863f75a6de6d7bae838c0a1ffb30e1f/telemetry
Title: August

Search URL Search Domain Scan URL

URL: https://urlscan.io/result/13bc31d3-497c-4db9-8de9-c202a87bf332/#transactions
Title: another

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/901139c18316793982402c92d7ba27247b6b9202c29b55d8e1594cc6f6de94f6/relations
Title: additional

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/89eb5a9ded23cbea97d5ecea87747a08c85a3802b5d3d75b40bf89a67bb14b12/relations
Title: additional

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/5c6deca636a7f0793284ab1b327fb0e3a34ab7e3bc8f720a93be6f31c0b435e0/telemetry
Title: 46.249.35[.]243

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/9b771698da54502ed3a91dabd4fd170ee1b0b4779000d07a1cdbf70cc830bdcd/telemetry
Title: 194.61.121[.]86

Search URL Search Domain Scan URL

URL: https://github.com/ahmedkhlief/muddyc3-Revived/tree/master/core
Title: core

Search URL Search Domain Scan URL

URL: https://www.security.ntt/blog/analysis-of-an-iranian-apts-e400-powgoop-variant
Title: PowGoop

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/ip-address/96.8.121.193/relations
Title: pattern

Search URL Search Domain Scan URL

URL: https://twitter.com/MsftSecIntel/status/1654620023019933696
Title: post

Search URL Search Domain Scan URL

URL: https://github.com/sophoslabs/IoCs/blob/master/papercut-nday-indicators-of-compromise.csv
Title: indicators

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/0e2cb735ff93f0b22ed0f5d3a46a551fc2e892e3c6948b19f28e73b85888c88c/telemetry
Title: 185.254.37[.]173

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/18fdec81f212359abcd231e1f2614501d7f4ec8f8fbff6a68da4d6a5701bc6f6/relations
Title: eh.msi

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/blog/telegram-malware-iranian-espionage
Title: mentioned

Search URL Search Domain Scan URL

URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-campaign-telecoms-asia-middle-east
Title: Symantec

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/8bc6b5f3bbc36554435fbb66aa6fd3c8a2c58ed13437db6a41c10ab91aaa68ae/telemetry
Title: 45.159.248[.]244

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/d8d58de100a9a92b125a283842f8cd1288ee96205bdb2b55c07ce4845d06129c/detection
Title: scan

Search URL Search Domain Scan URL

URL: https://urlscan.io/responses/c36ed911547beb82ad55753aa9707aaa79275010c5844bae25b437e6ddfcc075/
Title: scan

Search URL Search Domain Scan URL

URL: https://urlscan.io/ip/195.20.17.183
Title: response

Search URL Search Domain Scan URL

URL: https://github.com/deepinstinct/PhonyC2-MuddyWater-Research
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCYerfisJf3hc9QOWmic1G9Q

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/deep-instinct

Search URL Search Domain Scan URL

URL: https://twitter.com/DeepInstinctSec

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DeepInstinctInc

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D316505%26time%3D1688365666144%26url%3Dhttps%253A%252F%252Fwww.deepinstinct.com%252Fblog%252Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&cookiesTest=true&liSync=true&e_ipv6=AQJA518TbFVyEgAAAYkab5N82hHxc1dQlt5f6mZwVYpa9QmWBuAGplOjpzu5hje4

Request Chain 115

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1704263266&external_user_id=06c016a9-d36b-4a43-b23c-4d7d7b5ad14a HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1704263266&external_user_id=06c016a9-d36b-4a43-b23c-4d7d7b5ad14a&C=1

Request Chain 119

https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg&w=1680&q=100 HTTP 301
https://www.deepinstinct.com/_ipx/w_1680,q_100/https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg&w=1680&q=100

Request Chain 120

https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75 HTTP 301
https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75

Request Chain 121

https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75 HTTP 301
https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75

143 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater Show response
www.deepinstinct.com/blog/ 196 KB
24 KB 949ms
419ms Document
text/html 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

4a64dd92d7b26e88a316f969812f788231780ec6a585b8f4bd350ab3a06646a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 255
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 03 Jul 2023 06:27:42 GMT
etag: "30e10-KrKLJ4quwSzmS03Y6ob9luxaHkA-df"
server: Netlify
strict-transport-security: max-age=31536000
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-nextjs-cache: REVALIDATED
x-nf-render-mode: odb ttl=300
x-nf-request-id: 01H4D6Z0AGD74ABNPZXM6CEDSQ
x-xss-protection: 1

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 126 KB
49 KB 74ms
22ms Script
application/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-P298HTJ

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3528ca12579d5514146153cc939637a4df3b73b884ac78fb7771d00e53600b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 49558
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 03 Jul 2023 06:27:43 GMT

GET
H2 200 a9a649ceb542cb54.css
www.deepinstinct.com/_next/static/css/ 32 KB
7 KB 166ms
166ms Stylesheet
text/css 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/a9a649ceb542cb54.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

a1a9d0c2deff75047ecb7711c1bb12c41e05c3291c4146f00c9ed7866131af09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z0WK6GXD25B5ZABRDBHV
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 108167
etag: "de4c1afdf2f314eecb1b10bdaa1d7ee4-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 6843
x-xss-protection: 1

GET
H2 200 e18e2f9558fd1543.css
www.deepinstinct.com/_next/static/css/ 11 KB
3 KB 3103ms
3102ms Stylesheet
text/css 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/e18e2f9558fd1543.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

1752ebf6d56f755b79f9e9404e22a8c8972ad8a435c7e93fcb0c33da99e34f51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z0WKTBPWDVCJDXYDA0JT
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "2660ad29b881a0161990454ed21eee0f-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
x-xss-protection: 1

GET
H2 200 e24af18bfed2b9e3.css
www.deepinstinct.com/_next/static/css/ 889 B
984 B 172ms
171ms Stylesheet
text/css 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/e24af18bfed2b9e3.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

66aac9d3210f68de513a93e481d67dfa843665cdba4809f3bde13aefb77e71c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z0WK55ZW42BXX6B7RTJM
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: Netlify
age: 283715
etag: "593c03e06e8844bfe5fe086ac9a7db49-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 889
x-xss-protection: 1

GET
H2 200 5935-c757cc9152444a3d.js Show response
www.deepinstinct.com/_next/static/chunks/ 30 KB
10 KB 170ms
166ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5935-c757cc9152444a3d.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

d619ebece095748eb92d409eaac19e4346f5d7380db0442021e0ef148bab686d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z104QGTM9S8R091023ZE
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 47658
etag: "3ef712ed36e9a21b26047f3fd28cf1e7-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 10207
x-xss-protection: 1

GET
H2 200 6329-831a74148bce6612.js Show response
www.deepinstinct.com/_next/static/chunks/ 139 KB
37 KB 218ms
212ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/6329-831a74148bce6612.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

de90f9a4370cff2dafd0d322cf18b2d8c16baef1851c46e8d8624fa2b202fb18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z105V9TYA3G30V4K772P
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 47658
etag: "72f383f89326a9869a85155ac85b38b0-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 37890
x-xss-protection: 1

GET
H2 200 248.0db1e1c53eb42682.js Show response
www.deepinstinct.com/_next/static/chunks/ 2 KB
856 B 2988ms
2982ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/248.0db1e1c53eb42682.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

a650259b67fd9815669b3a36ce8881448e8d5ad989de4bcb18ecae6ca73cfabe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z105PTYZW9WRJ1BMDNC3
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 283715
etag: "e54a9f29d324f6da17af16e029a456fc-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 765
x-xss-protection: 1

GET
H2 200 webpack-27c7669fef75ea0e.js Show response
www.deepinstinct.com/_next/static/chunks/ 8 KB
4 KB 2994ms
2988ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

609ad502120a9a3aaabe1b57a08fcdd887afd4c77361369c1d4b247a89285165

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z105A376W9HA5XBDA5GH
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "bdcd7dadfb95b8d0db30f21ad6ba7468-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
x-xss-protection: 1

GET
H2 200 framework-a070cbfff3c750c5.js Show response
www.deepinstinct.com/_next/static/chunks/ 127 KB
40 KB 2989ms
2984ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/framework-a070cbfff3c750c5.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

33dc89018fe5aed90ddd9f9615cba7412569abfad7d4995d81001e532aac79c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z105NR44H71X03AMWVRY
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 47658
etag: "a5a16d94fca796cad0f6a4696526de62-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 40343
x-xss-protection: 1

GET
H2 200 main-56046b3e412722f8.js Show response
www.deepinstinct.com/_next/static/chunks/ 120 KB
33 KB 2987ms
2982ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

fc3d502ace2503c2860416688a2fa238234df171764c9bdd3fef3f02cbe0e61c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z105EM9PTESTPDXF72AV
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 47658
etag: "1a07219644b6d7027000db0cde858ad8-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 33588
x-xss-protection: 1

GET
H2 200 _app-de8101c0d8fecbbe.js Show response
www.deepinstinct.com/_next/static/chunks/pages/ 1 KB
596 B 2994ms
2989ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/_app-de8101c0d8fecbbe.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

1bb11639b6fac45629437a0f8c465af729084e5ad3a70e61861cf170d25c1ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z10515BAMTGQ44NXGT12
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 222134
etag: "ce8210c1df4c4e944aea527e4430a11f-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 499
x-xss-protection: 1

GET
H2 200 5675-33a595ecead4a5e3.js Show response
www.deepinstinct.com/_next/static/chunks/ 10 KB
4 KB 2994ms
2989ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5675-33a595ecead4a5e3.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

25701ff46a6938978e4b3a307406ea586727388fe86ed523c6edd4435ebd6c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11QRTSS5RM4426XJCYZ
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 47658
etag: "824fb2c9d32017ebde0be8407e6fbc96-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 4140
x-xss-protection: 1

GET
H2 200 9366-e4dac70fdca9d72a.js Show response
www.deepinstinct.com/_next/static/chunks/ 29 KB
10 KB 2994ms
2989ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/9366-e4dac70fdca9d72a.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

5904bc0d6e72fc3e0028407f78c13aebab8a5e20104018420e1009f7cd9d1526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11Q5QR6SY35EZP6Z8ZM
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 47658
etag: "a137e842cd7f054a2985c678d6b7a55a-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 9669
x-xss-protection: 1

GET
H2 200 6116-240fe1afcbcf9c79.js Show response
www.deepinstinct.com/_next/static/chunks/ 30 KB
10 KB 2994ms
2989ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/6116-240fe1afcbcf9c79.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b2c8072a859feff6ca9135409b1c24586c824ddf3f5d90e1c84b677386018b48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11QFFK34SV0PN9V1NGE
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 108167
etag: "f2087f6a1d4ca08af23e12825398b046-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 9917
x-xss-protection: 1

GET
H2 200 6804-8e18f115671d1a69.js Show response
www.deepinstinct.com/_next/static/chunks/ 18 KB
5 KB 3146ms
3141ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/6804-8e18f115671d1a69.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

79cd380d7c4a2d38776ca3a20830c95fd898e454ee523bd677596892ce38c5e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11QHJT74R8SQ1F1BBX7
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 47657
etag: "62f83f8c91eb6c5bf719e82cb8ec5a5b-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 5509
x-xss-protection: 1

GET
H2 200 %5Bpid%5D-cba4384301721ec6.js Show response
www.deepinstinct.com/_next/static/chunks/pages/blog/ 572 B
686 B 3146ms
3141ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/blog/%5Bpid%5D-cba4384301721ec6.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

6ce00c492fc82a2a05b2a29ec95e50f42ba69d2974ed3f0c094bc0cfb3872ee7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11QP67SC47G15FZ8HKA
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: Netlify
age: 0
etag: "20e6670eb1bf9578dcd26de49fb858be-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 572
x-xss-protection: 1

GET
H2 200 _buildManifest.js Show response
www.deepinstinct.com/_next/static/eWaPIQXQAeHZ0m4NkIF6B/ 8 KB
2 KB 3146ms
3142ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/eWaPIQXQAeHZ0m4NkIF6B/_buildManifest.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8b9e55515fbd85f5995417731843a7bb7fe7ec7519b41b191a038a4080137f14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R3RBZCE82FRW2MARK
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "3b027271afd022d487015cbdffd6c2df-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
x-xss-protection: 1

GET
H2 200 _ssgManifest.js Show response
www.deepinstinct.com/_next/static/eWaPIQXQAeHZ0m4NkIF6B/ 455 B
558 B 3146ms
3142ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/eWaPIQXQAeHZ0m4NkIF6B/_ssgManifest.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

32cc58a56e1170810316c9cb82dd82a1fb379e2b82139b5ed039063bb40e4724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R2BV89ED5HY9S5V5P
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: Netlify
age: 0
etag: "328a07056600d7d25597a4867d779215-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 455
x-xss-protection: 1

GET
H2 200 zka3qml.css
use.typekit.net/ 3 KB
993 B 261ms
180ms Stylesheet
text/css 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/zka3qml.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

58cbce6773a86e5d812444badcc12a2b7da1bc9bd7508c777f67189a4a0ac6b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Mon, 03 Jul 2023 06:27:43 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 770

GET
H2 200 fig01-image-of-files-located-on-the-server.png
www.deepinstinct.com/image/blt592eb02d90a03787/649ccac248bdd24c541047c6/ 213 KB
214 KB 3147ms
3143ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt592eb02d90a03787/649ccac248bdd24c541047c6/fig01-image-of-files-located-on-the-server.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

6137dcde275d755acf95adbccd120b1c3d5f15676a013f8b5dd9a4a1a9bf1c4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RZSN1YH3WSM5NT50F
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368539
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=231931 idim=650x970 ifmt=png ofsz=218472 odim=650x970 ofmt=png
content-disposition: inline; filename=fig01-image-of-files-located-on-the-server.png
fastly-stats: io=1
content-length: 218472
x-xss-protection: 1
x-request-id: 1045b60714ab6e81f09b579bf550c123
x-served-by: cache-sjc1000101-SJC, cache-iad-kjyo7100173-IAD
x-runtime: 40ms
server: Netlify
x-timer: S1688337329.920065,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "4qvNhbiMjMvUOJx/kIsCaGxBCsGrfhs/vUEG1gqWiaw"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig02-start-of-bash_history-file.png
www.deepinstinct.com/image/blt827f538ac24c40f7/649ccac205ac383b36aec182/ 65 KB
65 KB 3149ms
3144ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt827f538ac24c40f7/649ccac205ac383b36aec182/fig02-start-of-bash_history-file.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b7610f4210d94931679ebc87ea5b31dd88886542f31b3226fe681c396c22d537

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RQ2GYNV16949TMVR7
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368539
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=66316 idim=787x554 ifmt=png ofsz=66286 odim=787x554 ofmt=png
content-disposition: inline; filename=fig02-start-of-bash_history-file.png
fastly-stats: io=1
content-length: 66286
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-request-id: 9b749410a1acb3fb52421eea4d6326d7
x-served-by: cache-sjc1000098-SJC, cache-iad-kjyo7100037-IAD
x-runtime: 60ms
server: Netlify
x-timer: S1688337329.945760,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "H2XkQrFcyNg9qgIQyuXiNqO0iKfb0JkBGUEarFYqNwE"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig03-end-of-bash_history-file.png
www.deepinstinct.com/image/blt8a0e1ab95ddd684b/649ccac2b93cad7acba70736/ 43 KB
44 KB 3149ms
3145ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt8a0e1ab95ddd684b/649ccac2b93cad7acba70736/fig03-end-of-bash_history-file.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8cd9ce45e13f77a1a19a0c4bc808f50132162873f15aab78e1a42ee00c58345a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RQ8RWV9QRJXCBRF63
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368539
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=44491 idim=951x262 ifmt=png ofsz=44461 odim=951x262 ofmt=png
content-disposition: inline; filename=fig03-end-of-bash_history-file.png
fastly-stats: io=1
content-length: 44461
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-request-id: 65b1e0a9b0e14c5e81d532d35ce12feb
x-served-by: cache-sjc1000144-SJC, cache-iad-kjyo7100059-IAD
x-runtime: 32ms
server: Netlify
x-timer: S1688337329.921091,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "fiIk4Xm9kWTp4jmAJ0/hLPuphWWWYZF9DCoIjfRvUaM"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig04-please-run-once-py-code.png
www.deepinstinct.com/image/bltd6e1e926e4350ed5/649ccac294be10d7cc8946f5/ 220 KB
221 KB 3151ms
3147ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/bltd6e1e926e4350ed5/649ccac294be10d7cc8946f5/fig04-please-run-once-py-code.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

93651c9479affa33ec61b420ec8c209beae1cfa0c4ebd9cdc3414e9b613049bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R2S9A4KZ133VQ29FP
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368539
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=230561 idim=736x565 ifmt=png ofsz=225717 odim=736x565 ofmt=png
content-disposition: inline; filename=fig04-please-run-once-py-code.png
fastly-stats: io=1
content-length: 225717
x-xss-protection: 1
x-request-id: ec15283090e832a87ace8cd511ab7541
x-served-by: cache-sjc1000125-SJC, cache-iad-kcgs7200130-IAD
x-runtime: 40ms
server: Netlify
x-timer: S1688337329.022013,VS0,VE5
x-contentstack-organization: bltdec97706489ab5de
etag: "ssTGCMwBgKsdVi3mr26the04lHzIKHKotQTdtwlVIvc"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig05-example-of-config-py-with-random-uuid.png
www.deepinstinct.com/image/blt9f5908bc9639987f/649ccac2c41121615aa19bf4/ 282 KB
282 KB 3309ms
3305ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt9f5908bc9639987f/649ccac2c41121615aa19bf4/fig05-example-of-config-py-with-random-uuid.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e63bdc370433e1e4978d6968b3593d3159c26edd76e185596e74b35637419490

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RE6G59YB7NP89ADN1
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368541
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=289438 idim=1012x471 ifmt=png ofsz=288294 odim=1012x471 ofmt=png
content-disposition: inline; filename=fig05-example-of-config-py-with-random-uuid.png
fastly-stats: io=1
content-length: 288294
x-xss-protection: 1
x-request-id: edc824ef4a3b42c5142162320917ec90
x-served-by: cache-sjc1000146-SJC, cache-iad-kcgs7200105-IAD
x-runtime: 102ms
server: Netlify
x-timer: S1688337331.596071,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "KXgHYTlOuYPSx01YugqRA3zLxWIHu+r62Jr51zraSrQ"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig06-additional-information-from-config-py.png
www.deepinstinct.com/image/blt014f1d315ac2913e/649ccac36c102e4142a56ee4/ 805 KB
806 KB 3466ms
3462ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt014f1d315ac2913e/649ccac36c102e4142a56ee4/fig06-additional-information-from-config-py.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

23bfc23826b7d94a8975e34ee2ecd47dbcef68f4393d8376d1f8c876fa418cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RCCVDGQ4HQ0BW8DZY
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368539
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=837766 idim=1813x772 ifmt=png ofsz=824818 odim=1813x772 ofmt=png
content-disposition: inline; filename=fig06-additional-information-from-config-py.png
fastly-stats: io=1
content-length: 824818
x-xss-protection: 1
x-request-id: ab46d0b3df013b6498fc95ce3db86db9
x-served-by: cache-sjc1000137-SJC, cache-iad-kjyo7100130-IAD
x-runtime: 39ms
server: Netlify
x-timer: S1688337329.003721,VS0,VE11
x-contentstack-organization: bltdec97706489ab5de
etag: "Qnvkxz7jhebTKYphgL86q1NTFUkOM7bLovoamBprGo0"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig07-main-py-contents.png
www.deepinstinct.com/image/blt9ce0d6927c9884d5/649ccac2e64f41ae6442e355/ 124 KB
125 KB 3466ms
3463ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt9ce0d6927c9884d5/649ccac2e64f41ae6442e355/fig07-main-py-contents.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

9d31941a13e26914219e946341611f26e340a14b393cdb5b0701bdf8a4e9437c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R7T04DZW0SDSFSPB7
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368539
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=129759 idim=972x233 ifmt=png ofsz=127327 odim=972x233 ofmt=png
content-disposition: inline; filename=fig07-main-py-contents.png
fastly-stats: io=1
content-length: 127327
x-xss-protection: 1
x-request-id: 1228fa246cd9f2ec52ec525ad2e3b6a0
x-served-by: cache-sjc1000103-SJC, cache-iad-kjyo7100042-IAD
x-runtime: 40ms
server: Netlify
x-timer: S1688337329.958580,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "zGYxA8Uobol3LLBMeeM3W/9IXGCrtGQjDLKHeVj2E04"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig08-part-of-webserver-py-code.png
www.deepinstinct.com/image/bltc902667be79da90d/649ccac2e9365a77e1c35cc3/ 325 KB
325 KB 3469ms
3465ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/bltc902667be79da90d/649ccac2e9365a77e1c35cc3/fig08-part-of-webserver-py-code.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

f41432d7a5c7bd41d1e4d234b7b74762102c0777ac7f0a7bb994ad2f5fa91228

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RFS12J2ATM8WB1P60
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368541
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: HIT, HIT
fastly-io-info: ifsz=338399 idim=799x834 ifmt=png ofsz=332424 odim=799x834 ofmt=png
content-disposition: inline; filename=fig08-part-of-webserver-py-code.png
fastly-stats: io=1
content-length: 332424
x-xss-protection: 1
x-request-id: c69200c13d28f2dcf53ae74d7bdafe4e
x-served-by: cache-sjc1000141-SJC, cache-iad-kjyo7100022-IAD
x-runtime: 61ms
server: Netlify
x-timer: S1688337331.569408,VS0,VE4
x-contentstack-organization: bltdec97706489ab5de
etag: "zZnT6ol1/jNRcG7dGynha/8L7oNTRdloEWYCAT8UG9k"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2, 1

GET
H2 200 fig09-part-of-commandline-py.png
www.deepinstinct.com/image/blt9b9adb391ea070e4/649ccac284a4c7d47ad8dcb2/ 763 KB
764 KB 3627ms
3623ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt9b9adb391ea070e4/649ccac284a4c7d47ad8dcb2/fig09-part-of-commandline-py.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

4100d61f6abcdb223f9076e063ed1869a6466f961419b0e1c935cbdbf7a1d8a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RP6JSKW5C11ZSSGWH
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368540
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=782679 idim=1814x875 ifmt=png ofsz=781795 odim=1814x875 ofmt=png
content-disposition: inline; filename=fig09-part-of-commandline-py.png
fastly-stats: io=1
content-length: 781795
x-xss-protection: 1
x-request-id: 21834ae4b9fdfd06462de5ed193974f2
x-served-by: cache-sjc10076-SJC, cache-iad-kcgs7200109-IAD
x-runtime: 66ms
server: Netlify
x-timer: S1688337331.549261,VS0,VE10
x-contentstack-organization: bltdec97706489ab5de
etag: "SzXjjYw0eQ/GDjWcZMAG2pQGKgbqMLsXb3jj7iiz++M"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig10-phonyc2-commands.png
www.deepinstinct.com/image/blt5a4e85697f74fc60/649ccac2e64f4170a342e359/ 196 KB
197 KB 3630ms
3626ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt5a4e85697f74fc60/649ccac2e64f4170a342e359/fig10-phonyc2-commands.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b3777c4703989ad8a90cc6784c9b7771a64a915fd7581cd6f9ba01e51b0852b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R4GA4DQWCHR46QQYA
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368541
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=207334 idim=701x460 ifmt=png ofsz=200822 odim=701x460 ofmt=png
content-disposition: inline; filename=fig10-phonyc2-commands.png
fastly-stats: io=1
content-length: 200822
x-xss-protection: 1
x-request-id: c5869ed3de6b0dfa4efa14945cb587ed
x-served-by: cache-sjc10025-SJC, cache-iad-kjyo7100097-IAD
x-runtime: 90ms
server: Netlify
x-timer: S1688337331.502331,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "wsKmyCyVLS98K6IfPFs566xjFMlfFBKG8aBYmi0UcFM"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig11-payload-command-output.png
www.deepinstinct.com/image/bltc0e446884f1db2e7/649ccad07ad9883f0031d7c4/ 2 MB
2 MB 3632ms
3629ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/bltc0e446884f1db2e7/649ccad07ad9883f0031d7c4/fig11-payload-command-output.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

7937d55e572e8fbc803de8aef20baf38577511a05b28b64745d9dfc144da20b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R3CYHQEMGKMSZG6JR
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368525
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: HIT, HIT
fastly-io-info: ifsz=1622213 idim=1836x748 ifmt=png ofsz=1622183 odim=1836x748 ofmt=png
content-disposition: inline; filename=fig11-payload-command-output.png
fastly-stats: io=1
content-length: 1622183
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-request-id: c9be869a565da82a806de4ca6eaa47b3
x-served-by: cache-sjc1000125-SJC, cache-iad-kjyo7100104-IAD
x-runtime: 75ms
server: Netlify
x-timer: S1688337329.975988,VS0,VE6
x-contentstack-organization: bltdec97706489ab5de
etag: "vFEaqKCOy3PAR/PznwK9k9OQp8dFjgU3znNfuWS1au4"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2, 1

GET
H2 200 fig12-content-of-db-ps1.png
www.deepinstinct.com/image/blt3d0d2c268e147a34/649ccacf9c69d8283ec1d0c5/ 27 KB
27 KB 3642ms
3638ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt3d0d2c268e147a34/649ccacf9c69d8283ec1d0c5/fig12-content-of-db-ps1.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

bb5aa8828333bda44ac876794e4ebbd7a499500bb2a18833b03d4b1de7f58c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R1T0V7EMVMY5E40VB
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368527
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=54066 idim=944x600 ifmt=png ofsz=27544 odim=944x600 ofmt=png
content-disposition: inline; filename=fig12-content-of-db-ps1.png
fastly-stats: io=1
content-length: 27544
x-xss-protection: 1
x-request-id: 687dbe1dfe601662f5eddecb8318f503
x-served-by: cache-sjc10022-SJC, cache-iad-kcgs7200100-IAD
x-runtime: 61ms
server: Netlify
x-timer: S1688337331.576730,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "bizf2laQ3cxkGpodSBsc1OkhVXdi2OPQjFj7rUvMZDA"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig13-html-response-from-c2-server-for-step1.png
www.deepinstinct.com/image/bltf4f9615840d6a05c/649ccad01fa6aa9d0fadfca5/ 763 KB
763 KB 3799ms
3796ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/bltf4f9615840d6a05c/649ccad01fa6aa9d0fadfca5/fig13-html-response-from-c2-server-for-step1.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

f3385e5443630d7c957f56249022eca11d0b937897331aa39255dde6f6e4c271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RYM02TN3WZKQH6N2H
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368527
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=780917 idim=1586x955 ifmt=png ofsz=780887 odim=1586x955 ofmt=png
content-disposition: inline; filename=fig13-html-response-from-c2-server-for-step1.png
fastly-stats: io=1
content-length: 780887
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-request-id: 8c079a5546c5b38adbddd026af731983
x-served-by: cache-sjc10035-SJC, cache-iad-kcgs7200120-IAD
x-runtime: 57ms
server: Netlify
x-timer: S1688337331.560886,VS0,VE8
x-contentstack-organization: bltdec97706489ab5de
etag: "zZNkmJRRS/x4K963QseaWDF+KITtsfCM/0W1CJI/44E"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig14-decode-routine-flow.png
www.deepinstinct.com/image/bltd210b16cdef1b924/649ccacfe64f411c8d42e35d/ 32 KB
33 KB 3801ms
3798ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/bltd210b16cdef1b924/649ccacfe64f411c8d42e35d/fig14-decode-routine-flow.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

429813c2f14b5ed5b1b620f18a56a9f328c2b41a14b9898fb13c532bd7fd1983

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R90WHWG1R30RME9F3
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368526
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=42798 idim=580x322 ifmt=png ofsz=33095 odim=580x322 ofmt=png
content-disposition: inline; filename=fig14-decode-routine-flow.png
fastly-stats: io=1
content-length: 33095
x-xss-protection: 1
x-request-id: 390eb25715e93598de15f6e52f95f6d8
x-served-by: cache-sjc10062-SJC, cache-iad-kjyo7100104-IAD
x-runtime: 154ms
server: Netlify
x-timer: S1688337329.177861,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "9b+ikgTc2v3WLo5wzw/a/pZvEyd4m9sKZt8LJga7mPU"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig15-dropper-command-output.png
www.deepinstinct.com/image/blt9de2a6e6a240dbe9/649ccad0b93cad3a39a7073a/ 1 MB
1 MB 3815ms
3812ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt9de2a6e6a240dbe9/649ccad0b93cad3a39a7073a/fig15-dropper-command-output.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

a741c2a6f1a7eba5939ba6a2ced1954b1d3c6123db179c5ce1a041d920eccce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R95SJX0MTEE5C6VP3
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368525
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=1221817 idim=1838x582 ifmt=png ofsz=1198955 odim=1838x582 ofmt=png
content-disposition: inline; filename=fig15-dropper-command-output.png
fastly-stats: io=1
content-length: 1198955
x-xss-protection: 1
x-request-id: 8761ef7d9546618d0a797837786abd28
x-served-by: cache-sjc10033-SJC, cache-iad-kjyo7100153-IAD
x-runtime: 65ms
server: Netlify
x-timer: S1688337329.181559,VS0,VE4
x-contentstack-organization: bltdec97706489ab5de
etag: "i1jt1BaOX8ZnIVOp0M4H7KcvokSfxHGdqlaSF6QlucE"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig16-ex3cut3-command-output.png
www.deepinstinct.com/image/blt112eec5d634165ed/649ccad01ea8298803f57fb9/ 368 KB
368 KB 3816ms
3813ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt112eec5d634165ed/649ccad01ea8298803f57fb9/fig16-ex3cut3-command-output.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

27fe849a5f13b44596532e7c6367856b60186a3d34dfb4e1917d34e984bb945a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RAK77YWZVX3ZP439D
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368527
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=382568 idim=1830x279 ifmt=png ofsz=376565 odim=1830x279 ofmt=png
content-disposition: inline; filename=fig16-ex3cut3-command-output.png
fastly-stats: io=1
content-length: 376565
x-xss-protection: 1
x-request-id: 9b1b6675902f9dedfb8167d808b28416
x-served-by: cache-sjc10050-SJC, cache-iad-kjyo7100144-IAD
x-runtime: 64ms
server: Netlify
x-timer: S1688337331.534115,VS0,VE9
x-contentstack-organization: bltdec97706489ab5de
etag: "UNU8EhkEf4hChmSu4zUGLvgM+tQmDL3P+sSAPAUdpj8"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig17-list-command-output.png
www.deepinstinct.com/image/bltc7ff94aba48bcca7/649ccacf63cca6ee6ed2975b/ 81 KB
81 KB 3818ms
3816ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/bltc7ff94aba48bcca7/649ccacf63cca6ee6ed2975b/fig17-list-command-output.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e45394e7c757b1426cf9a0dec8491f92e0fce5bad937cfbf907b05216513a47d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RK039WW5N6FZ87N82
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368527
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=88062 idim=1153x94 ifmt=png ofsz=82719 odim=1153x94 ofmt=png
content-disposition: inline; filename=fig17-list-command-output.png
fastly-stats: io=1
content-length: 82719
x-xss-protection: 1
x-request-id: 6a636f7a4c2d50e188984bc98ba0fd1d
x-served-by: cache-sjc1000087-SJC, cache-iad-kcgs7200027-IAD
x-runtime: 74ms
server: Netlify
x-timer: S1688337331.583171,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "WuI6sbnnNpy6BV6qd6okaMb0esrHII1/1zuvSBs4ktE"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig18-setcommandforall-command-output.png
www.deepinstinct.com/image/blt4356560e6ec88eb7/649ccacf7ad9882a2731d7c0/ 43 KB
44 KB 3822ms
3820ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt4356560e6ec88eb7/649ccacf7ad9882a2731d7c0/fig18-setcommandforall-command-output.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

28883e36ea68e8776d3a78e8c04308e9b3ba596990a421a21959fef03c77179b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RGZS542C284SDJRCF
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368526
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=48439 idim=417x204 ifmt=png ofsz=44345 odim=417x204 ofmt=png
content-disposition: inline; filename=fig18-setcommandforall-command-output.png
fastly-stats: io=1
content-length: 44345
x-xss-protection: 1
x-request-id: 6050ac3a7394374e25ee6ff555667c33
x-served-by: cache-sjc1000098-SJC, cache-iad-kcgs7200138-IAD
x-runtime: 66ms
server: Netlify
x-timer: S1688337331.625559,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "Xtojrtoq81rum9BjJf3qkloqXQTMjEFxoSQxyCYhuxs"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig19-use-command-output.png
www.deepinstinct.com/image/blta8410fc20b194eab/649ccacf05ac386a09aec186/ 31 KB
31 KB 3977ms
3974ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blta8410fc20b194eab/649ccacf05ac386a09aec186/fig19-use-command-output.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

af840a9b49ea6a8b2311517cedc2d793533015b2469cb01409a9ef054de87203

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RV42PBHRJDMEVT260
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368527
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=33631 idim=402x65 ifmt=png ofsz=31487 odim=402x65 ofmt=png
content-disposition: inline; filename=fig19-use-command-output.png
fastly-stats: io=1
content-length: 31487
x-xss-protection: 1
x-request-id: eb3630d864cb5e6729f516b7dac8e034
x-served-by: cache-sjc10031-SJC, cache-iad-kcgs7200054-IAD
x-runtime: 34ms
server: Netlify
x-timer: S1688337331.595472,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "VTrJAm4+wlKhL9+cy670Mr05eT5C332pRxJuMQQuec0"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig20-additional-command-op.png
www.deepinstinct.com/image/blt42ceb32cd1a12032/649ccacffa1835879d18d4b2/ 54 KB
55 KB 3977ms
3975ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt42ceb32cd1a12032/649ccacffa1835879d18d4b2/fig20-additional-command-op.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b2ffef1321cbc13067e6c9b681e6def71a63b12d71be24d2629494c5227aa6e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RQMJG6J0C6K1T0WEH
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368527
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=59442 idim=634x148 ifmt=png ofsz=55563 odim=634x148 ofmt=png
content-disposition: inline; filename=fig20-additional-command-op.png
fastly-stats: io=1
content-length: 55563
x-xss-protection: 1
x-request-id: ff7047b6a050928e94ed72dd26949fa4
x-served-by: cache-sjc1000128-SJC, cache-iad-kjyo7100161-IAD
x-runtime: 70ms
server: Netlify
x-timer: S1688337331.584832,VS0,VE4
x-contentstack-organization: bltdec97706489ab5de
etag: "2lC5ni0GwKxieoE+Y9MAa0sbQnZbfO5zeavPI1Zc6cw"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig21-persist-command-output.png
www.deepinstinct.com/image/blt73c148015d436bc7/649ccad9fcb6fd0f815aca05/ 506 KB
507 KB 3977ms
3975ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt73c148015d436bc7/649ccad9fcb6fd0f815aca05/fig21-persist-command-output.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b867bf78221c2d5b8796220835540e701eabc9d1cb011caf7423a6edc4873b99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11S4XP8Q9MRZT8HH3YZ
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=544937 idim=1835x234 ifmt=png ofsz=518230 odim=1835x234 ofmt=png
content-disposition: inline; filename=fig21-persist-command-output.png
fastly-stats: io=1
content-length: 518230
x-xss-protection: 1
x-request-id: 15b48f57007586a914d30095f923033d
x-served-by: cache-sjc10068-SJC, cache-iad-kcgs7200028-IAD
x-runtime: 46ms
server: Netlify
x-timer: S1688337331.608454,VS0,VE4
x-contentstack-organization: bltdec97706489ab5de
etag: "QBi+T6yUVCx+nh6D6pHlOg05HUVm0xQzMyiEnamKDVg"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig22-code-related-to-persistence-from-commandline-py.png
www.deepinstinct.com/image/bltcef4ffbf884bd688/649ccada66ab626398fc7e48/ 1 MB
1 MB 3979ms
3977ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/bltcef4ffbf884bd688/649ccada66ab626398fc7e48/fig22-code-related-to-persistence-from-commandline-py.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

62d4329342fa7772d4c227cc9e2e860bf5d50db6f9ca8706ea2dff50fa23c07f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11S71XF6HTT4RTBXM2Z
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=1553022 idim=1829x873 ifmt=png ofsz=1314014 odim=1829x873 ofmt=png
content-disposition: inline; filename=fig22-code-related-to-persistence-from-commandline-py.png
fastly-stats: io=1
content-length: 1314014
x-xss-protection: 1
x-request-id: 2938870c06844673bb5c0b708483df59
x-served-by: cache-sjc10031-SJC, cache-iad-kcgs7200109-IAD
x-runtime: 50ms
server: Netlify
x-timer: S1688337331.568685,VS0,VE9
x-contentstack-organization: bltdec97706489ab5de
etag: "XX9hvGULwOGAuBtPrFrsxxCxPnq2nv4lwGVZ4qkpMVg"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig23-contents-of-utils.jse.png
www.deepinstinct.com/image/blt13ae2da8680cee8b/649d9ec79c69d84948c1d39e/ 15 KB
16 KB 3986ms
3984ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt13ae2da8680cee8b/649d9ec79c69d84948c1d39e/fig23-contents-of-utils.jse.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8c1307e67f3a714024a9a225b1d5b35c0490c3575818e696572b9d9f1ee73514

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R7QR8YK8SSJFN61BS
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 314263
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=38975 idim=1345x110 ifmt=png ofsz=15601 odim=1345x110 ofmt=png
content-disposition: inline; filename=fig23-contents-of-utils.jse.png
fastly-stats: io=1
content-length: 15601
x-xss-protection: 1
x-request-id: 8c15a2735e244448755d7347330df0c2
x-served-by: cache-sjc10035-SJC, cache-iad-kjyo7100035-IAD
x-runtime: 72ms
server: Netlify
x-timer: S1688337329.984373,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "9YDOWhzdcnBcoeswVT7JgDtHHjNNGd2RPHamnA2xE60"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig24-content-written-to-the-registry-with-analysis-comments.png
www.deepinstinct.com/image/blte161a57c77099538/649ccad94a3adf64aa052ff0/ 152 KB
153 KB 3988ms
3986ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blte161a57c77099538/649ccad94a3adf64aa052ff0/fig24-content-written-to-the-registry-with-analysis-comments.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

765f2b701169c591dd769d308be14644a1e190bd53cfb3bbfc9c9186eebbca87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RZTDG9H7TCBZ2XG94
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=155935 idim=1152x680 ifmt=png ofsz=155905 odim=1152x680 ofmt=png
content-disposition: inline; filename=fig24-content-written-to-the-registry-with-analysis-comments.png
fastly-stats: io=1
content-length: 155905
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-request-id: f4d4e08a0a0cb6acbfcdd8f6642622f3
x-served-by: cache-sjc1000131-SJC, cache-iad-kcgs7200177-IAD
x-runtime: 72ms
server: Netlify
x-timer: S1688337331.587172,VS0,VE5
x-contentstack-organization: bltdec97706489ab5de
etag: "28+MAZd56YnRpPH8FlQxkflN4Ay7/zYdPo50Ip6GC3w"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig25-input-is-base64-returned-from-server.png
www.deepinstinct.com/image/blt39b7aaff6ff805d6/649ccad994be1009e78946f9/ 65 KB
65 KB 3993ms
3991ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt39b7aaff6ff805d6/649ccad994be1009e78946f9/fig25-input-is-base64-returned-from-server.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

22cfe884f4a81e77f5a2c572a10d125b13ba61d82ad9ff22bbc5b2635861eac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RJDRE3T7E8T250G5A
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=117036 idim=957x726 ifmt=png ofsz=66155 odim=957x726 ofmt=png
content-disposition: inline; filename=fig25-input-is-base64-returned-from-server.png
fastly-stats: io=1
content-length: 66155
x-xss-protection: 1
x-request-id: befa0d3866691ca15d0cecb609144ffc
x-served-by: cache-sjc1000089-SJC, cache-iad-kjyo7100133-IAD
x-runtime: 39ms
server: Netlify
x-timer: S1688337331.581821,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "UKf/HaSdIAugLiERaYV+t+PayVrwONrKUSBVt0u+6pA"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig26-infection-flow-of-phonyc2.png
www.deepinstinct.com/image/blt0750de027af9c72a/649ccad9f7bfd134cb832b58/ 237 KB
238 KB 3995ms
3993ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt0750de027af9c72a/649ccad9f7bfd134cb832b58/fig26-infection-flow-of-phonyc2.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8e38e1f71cf19109f8eb7207e2c183a79e830c14b3fa8e203efaa37a6236ccc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11R81XCJ7WRSBM7MJSJ
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=630045 idim=1459x1369 ifmt=png ofsz=242906 odim=1459x1369 ofmt=png
content-disposition: inline; filename=fig26-infection-flow-of-phonyc2.png
fastly-stats: io=1
content-length: 242906
x-xss-protection: 1
x-request-id: 831e8901b695c9b7c892c83f9d70bb10
x-served-by: cache-sjc1000136-SJC, cache-iad-kjyo7100126-IAD
x-runtime: 67ms
server: Netlify
x-timer: S1688337331.681354,VS0,VE9
x-contentstack-organization: bltdec97706489ab5de
etag: "EXk346VGgWYN1fysk2FTRtFVd4vTUwk1Tng8jPpbIrc"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig27-muddyc3-output.png
www.deepinstinct.com/image/blt4a386cc0405b9010/649ccad94a3adf0fae052ff4/ 660 KB
661 KB 4116ms
4114ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt4a386cc0405b9010/649ccad94a3adf0fae052ff4/fig27-muddyc3-output.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b7f582f5972ab55fb6803c7b83d8ffb6ab705a2bc7ec4c4f2974b22e88afdba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11SC8YHEVPY265166Z1
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368517
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=719444 idim=1842x920 ifmt=png ofsz=676078 odim=1842x920 ofmt=png
content-disposition: inline; filename=fig27-muddyc3-output.png
fastly-stats: io=1
content-length: 676078
x-xss-protection: 1
x-request-id: 581b891674336da1ca76482513e5f6ca
x-served-by: cache-sjc10079-SJC, cache-iad-kcgs7200143-IAD
x-runtime: 61ms
server: Netlify
x-timer: S1688337329.088692,VS0,VE4
x-contentstack-organization: bltdec97706489ab5de
etag: "ABBuzYprnHvbBKiZokHRi1xWkzC3rGNe+ltjfsgFOYo"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 248 KB
87 KB 47ms
22ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ac252f8c4f0e7c0deb53bbaa236eabb619267286580f7f989a7d862094279737

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88647
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jul 2023 06:27:43 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af144d639dc5c33722d3426bda462d68577e1c63ab319abf355da1ef73859495

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 fig28-passive-dns-resolution.png
www.deepinstinct.com/image/blted4fc84db7ba64f6/649ccad91fa6aa9f7fadfca9/ 26 KB
26 KB 4078ms
4078ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blted4fc84db7ba64f6/649ccad91fa6aa9f7fadfca9/fig28-passive-dns-resolution.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

11ae5f9ed74c0d0e02dfdfd84569baae947bb7dfb06159fd5cdab48bdf90ea1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RXBWVA0BXJK1TV23K
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=26245 idim=682x479 ifmt=png ofsz=26215 odim=682x479 ofmt=png
content-disposition: inline; filename=fig28-passive-dns-resolution.png
fastly-stats: io=1
content-length: 26215
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-request-id: cee3774b730f2a20c90f2c3f17bb740d
x-served-by: cache-sjc1000092-SJC, cache-iad-kcgs7200168-IAD
x-runtime: 61ms
server: Netlify
x-timer: S1688337331.574964,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "cwMEBUQ5Cz3W3OmblntLrvhrFuG8M6aDoDg/cYL2RIo"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig29-directory-listing.png
www.deepinstinct.com/image/blt32f10ca881b5b19a/649ccad913bff8594a2ed66a/ 129 KB
129 KB 4084ms
4084ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt32f10ca881b5b19a/649ccad913bff8594a2ed66a/fig29-directory-listing.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

a8518e84d093a265316a80bb55493ed8a17b1d16189deaf6c4a704f02e42ac23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z11RZ76D9VJ6KKE6KN0G
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=131644 idim=1157x869 ifmt=png ofsz=131614 odim=1157x869 ofmt=png
content-disposition: inline; filename=fig29-directory-listing.png
fastly-stats: io=1
content-length: 131614
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-request-id: 5cdb418fa5d4c329e0e90e6cd1748e73
x-served-by: cache-sjc1000093-SJC, cache-iad-kjyo7100158-IAD
x-runtime: 33ms
server: Netlify
x-timer: S1688337330.472238,VS0,VE5
x-contentstack-organization: bltdec97706489ab5de
etag: "lSD5egMVbN00DgWw6WZycvk9q4Ed/zMetht2TslCcEU"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig30-url-scan-of-newer-than-v6-phonyc2.png
www.deepinstinct.com/image/blt1eb80e57b8b8b3c2/649ccad9e9365a704cc35cc7/ 7 KB
7 KB 4092ms
4092ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt1eb80e57b8b8b3c2/649ccad9e9365a704cc35cc7/fig30-url-scan-of-newer-than-v6-phonyc2.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

cd6e33a1d9401ea352422f87b6873ed6390f5838b6ac198e6ad4624b241f2189

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z159709E5PPHE4BRXS7J
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=10906 idim=601x365 ifmt=png ofsz=6789 odim=601x365 ofmt=png
content-disposition: inline; filename=fig30-url-scan-of-newer-than-v6-phonyc2.png
fastly-stats: io=1
content-length: 6789
x-xss-protection: 1
x-request-id: caad16af14b301596a15186d858558d7
x-served-by: cache-sjc1000090-SJC, cache-iad-kjyo7100089-IAD
x-runtime: 93ms
server: Netlify
x-timer: S1688337331.552769,VS0,VE1
x-contentstack-organization: bltdec97706489ab5de
etag: "6gxQTzHstRGknaFKoZzg16+/nfaRCMSObN+vLfarVVY"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fig31-new-phonyc2-payload.png
www.deepinstinct.com/image/blt0c32c07672c97d69/649ccad9fa183556d918d4b6/ 31 KB
31 KB 4093ms
4092ms Image
image/png 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt0c32c07672c97d69/649ccad9fa183556d918d4b6/fig31-new-phonyc2-payload.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

7b90247c237c25c16dcf9f17ff1bad678dfb21b77c7edbc0e8ca80d48446e510

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z159VK4ZY9CD8QVCTXY6
date: Mon, 03 Jul 2023 06:27:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 368518
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-cache: MISS, HIT
fastly-io-info: ifsz=64045 idim=1893x355 ifmt=png ofsz=31362 odim=1893x355 ofmt=png
content-disposition: inline; filename=fig31-new-phonyc2-payload.png
fastly-stats: io=1
content-length: 31362
x-xss-protection: 1
x-request-id: 10e47a6fb3ac027def316db53cc238c6
x-served-by: cache-sjc10055-SJC, cache-iad-kcgs7200057-IAD
x-runtime: 39ms
server: Netlify
x-timer: S1688337331.582966,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "xvF83wW4XOs29YpSdIcUY8INoS6KrrlGCyzFTvbyQhg"
x-nf-render-mode: ssr
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 03 Jul 2023 04:35:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6741
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 03 Jul 2023 06:35:22 GMT

GET
H2 200 hotjar-1665869.js Show response
static.hotjar.com/c/ 9 KB
4 KB 63ms
40ms Script
application/javascript 18.66.97.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1665869.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-49.fra56.r.cloudfront.net

Software

Resource Hash

c2869a040f686e3ba5f89fc7af59797d035b38051baaf41b1682ee24bd9d387f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 0baa339c02d06988c65d8623d1b3c6ec.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/7cb29ec3b2a15f7ec099936b711b629a
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: _DfikUc4RrArHjmnt6rihh2x3xDNWC6SYHTDVrvUft2EutHM5hi-Zg==

GET
H2 200 8430ce879b38826d.min.js Show response
tag.demandbase.com/ 76 KB
21 KB 44ms
9ms Script
application/javascript 108.138.17.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/8430ce879b38826d.min.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.17.47 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-17-47.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bfcf20abbc045296e3d2933dbae584a7ce101540383ea85f717dfa62e7693505

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: bKqHzN_hbHWM7eOqUOPyqd557Yzlvsfc
content-encoding: gzip
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
date: Mon, 03 Jul 2023 06:11:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P7
age: 974
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 26 Jun 2023 21:33:20 GMT
server: AmazonS3
etag: W/"9a72f58626c6cf492641cc869e9ba6b3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: 5gOwTyZpm-LR_KVjvhQSE-UV9znvSiio_xpb3VMNyRabFT8GzkYINA==

GET
H2 200 2183098.js Show response
js.hs-scripts.com/ 1 KB
1 KB 2903ms
2884ms Script
application/javascript 2606:4700::6812:863b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/2183098.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:863b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10d6702dcaaf54f389dc082dd3bf0f023ee50af262d53cc6a35fdf11099c67fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f2ffe2d5-d3f9-4fe0-b8df-80ebe14f100a
x-envoy-upstream-service-time: 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f2ffe2d5-d3f9-4fe0-b8df-80ebe14f100a
last-modified: Sun, 02 Jul 2023 20:38:52 GMT
server: cloudflare
x-trace: 2BAD20F149CDA0E7AB542256C76A848C7400CACBB5000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.deepinstinct.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-79ph8
cf-ray: 7e0d10735d709b2d-FRA
expires: Mon, 03 Jul 2023 06:28:43 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
82 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P5MMKMDSNW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bf66a5fbf1d27f77ebf2ebb0c4eafa0e9c8ba78a92cdb88790df5a8264d548ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83455
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 03 Jul 2023 06:27:43 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812608847/ 3 KB
2 KB 76ms
53ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812608847/?random=1688365663239&cv=11&fst=1688365663239&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&hn=www.googleadservices.com&frm=0&tiba=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&auid=2115271870.1688365663&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6e70e872e6a465f6d35149851471d80eb63c073ba504bca12968467527b1c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1411
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
772 B 78ms
21ms Script
application/x-javascript 2a02:26f0:3100::1735:28a8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 26 Jun 2023 17:35:57 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=71655
accept-ranges: bytes
content-length: 560

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 39ms
9ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230128-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 26ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e33937c8718b4891cefe03686c4bac285d9265052427e705bce7e677659ed765

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 06:27:43 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46863
x-xss-protection: 0
pragma: public
x-fb-debug: akGkA+CrcwRQ1OAWav+nWnMbEK6S1D6g1MNYgBf8bEwBYq7UbB0FCJ6JJJsuqaoEyg1sCv1B9j6zk9UK0H9qyQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 83ms
44ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 03 Jul 2023 06:27:42 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AB6B7C39937D4A9AAC7C1249AC827D8C Ref B: FRA31EDGE0813 Ref C: 2023-07-03T06:27:43Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 69ms
7ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 1c9f4ca5f97ba5f603a23578157e54ae63d7a42a72abfe8cb4aaf967530e459d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: gzip
last-modified: Mon, 26 Jun 2023 14:29:39 GMT
server: ECS (frb/67D4)
age: 25743
etag: "f2edf5a33aa8d91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25471

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 79ms
33ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 47967
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7e0d1073bcb83a8c-FRA
expires: Mon, 03 Jul 2023 06:47:43 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
212 B 17ms
15ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1536081219&t=pageview&_s=1&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&ul=en-us&de=UTF-8&dt=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAACAAI~&jid=913223804&gjid=1606113636&cid=548354136.1688365663&tid=UA-69598329-1&_gid=1496124694.1688365663&_r=1&_slc=1&gtm=45He36s0n8152PC3MW&z=867043388

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepinstinct.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 2848ms
13ms Stylesheet
text/css 2a02:26f0:3100::1735:28b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=zka3qml&ht=tk&f=10954.13454.13466.28969&a=83637106&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
last-modified: Fri, 21 Apr 2023 14:15:25 GMT
server: nginx
etag: "64429a7d-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

POST
H2 204 collect
region1.google-analytics.com/g/ 0
257 B 39ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-P5MMKMDSNW&gtm=45je36s0&_p=1536081219&cid=548354136.1688365663&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1688365663&sct=1&seg=0&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&dt=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P5MMKMDSNW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepinstinct.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
352 B 2796ms
2756ms XHR
text/plain 2a00:1450:400c:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-69598329-1&cid=548354136.1688365663&jid=913223804&gjid=1606113636&_gid=1496124694.1688365663&_u=YGBACEAABAAAACAAI~&z=1611799571

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 03 Jul 2023 06:27:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepinstinct.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.4aa8d748500a28f64f6e.js Show response
script.hotjar.com/ 270 KB
69 KB 2784ms
2752ms Script
application/javascript 52.222.236.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.4aa8d748500a28f64f6e.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1665869.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-74.fra56.r.cloudfront.net

Software

Resource Hash

e83759f64381b941b0b687685d4467221ac99f443723a48726e3ad69346b4782

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:41:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 a2cac9c5f0e90f8b7fede4ac9aca75ca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 236796
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 70334
last-modified: Fri, 30 Jun 2023 12:40:24 GMT
etag: "7b1ec7231fe995a40692ba1a1f8b2e8a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Vvymg0FyOc1G0nEvSdKVv-Yvb4TXeARIBa7btUiEL8l3nzPi7vA2Sg==

GET
H2 200 adsct
t.co/i/ 43 B
204 B 2909ms
2877ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=dea7e019-47fc-4981-830e-986170892dfe&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8a198161-2155-4af8-889f-adfdc4b12141&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o61n5&type=javascript&version=2.3.29

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-response-time: 110
date: Mon, 03 Jul 2023 06:27:45 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: e87acd868d4e03f1
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: e86005e827858802deefe645a4301344961b2be657f330f21fddf21e9f44f6d8
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
215 B 2926ms
122ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=dea7e019-47fc-4981-830e-986170892dfe&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8a198161-2155-4af8-889f-adfdc4b12141&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o61n5&type=javascript&version=2.3.29

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-response-time: 110
date: Mon, 03 Jul 2023 06:27:45 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 31581b41a09d5e86
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: ec323fc0b9f884700e038671fb98362e6edbd6237236b17ea65d5de8d08c972d
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
378 B 2880ms
2848ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=cb198d5a-ff02-4fef-a4e2-5c4bfd89adab&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8a198161-2155-4af8-889f-adfdc4b12141&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzc8r&type=javascript&version=2.3.29

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-response-time: 104
date: Mon, 03 Jul 2023 06:27:45 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: f5d3d8795565d465
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: e86005e827858802deefe645a4301344961b2be657f330f21fddf21e9f44f6d8
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
394 B 2917ms
114ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=cb198d5a-ff02-4fef-a4e2-5c4bfd89adab&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8a198161-2155-4af8-889f-adfdc4b12141&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzc8r&type=javascript&version=2.3.29

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-response-time: 102
date: Mon, 03 Jul 2023 06:27:45 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 8818e5bf71bbcdd1
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: ec323fc0b9f884700e038671fb98362e6edbd6237236b17ea65d5de8d08c972d
content-length: 43

GET
H2 200 sync Show response
s.company-target.com/s/ Frame 0E27 634 B
977 B 2955ms
162ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.company-target.com/s/sync?exc=lr
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/8430ce879b38826d.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.71.96.34.bc.googleusercontent.com
Software: /
Resource Hash: 38d9379e8eccb68c5200a697306f95b91ab0a961321e56d1383d7434d73f53cd

Request headers

Referer: https://www.deepinstinct.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Mon, 03 Jul 2023 06:27:46 GMT
via: 1.1 google

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 2812ms
21ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 468591697375107 Show response
connect.facebook.net/signals/config/ 300 KB
86 KB 2763ms
2761ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/468591697375107?v=2.9.110&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

39d15fb659e142dac44a36f83b12f49676abf3e7ca56b3593ddc356d5889f887

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 06:27:43 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: /GFSkupSliKEY6j6VbG7SJP2SQXqd9J13ICRTbJiYLpsZEldR1PhzKEJxABFuONOvLjmln19rLQyNWnZCFialA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/812608847/ 42 B
455 B 2807ms
24ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812608847/?random=1688365663239&cv=11&fst=1688364000000&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&frm=0&tiba=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&fmt=3&is_vtc=1&random=3891563846&rmt_tld=0&ipr=y

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/812608847/ 42 B
154 B 2833ms
49ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/812608847/?random=1688365663239&cv=11&fst=1688364000000&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&frm=0&tiba=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&fmt=3&is_vtc=1&random=3891563846&rmt_tld=1&ipr=y

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 ip.json Show response
api.company-target.com/api/v2/ 447 B
946 B 2835ms
53ms XHR
application/json 18.66.97.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&page_title=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/8430ce879b38826d.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-57.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 2ba4a6b1ebfb80728d3b65bfa635d53207ea54977db48861f4b81cec562f8458

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 44b457512f742b4e48fc7f0c87d8ed92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
request-id: 6796d156-15f9-41ac-b072-423cad15aa62
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.deepinstinct.com
access-control-expose-headers: x-amz-cf-id
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GjGEl70YtXLPfBt6K_JjxsT0NH-c-KWbZN26KURQ14HfwZ8Qsxb_pQ==
expires: Sun, 02 Jul 2023 06:27:46 GMT

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 2756ms
2755ms Script
application/x-javascript 2a02:26f0:3100::1735:28a8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Jun 2023 22:23:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=10903
accept-ranges: bytes
content-length: 4807

GET
H2 204 17571311.js Show response
bat.bing.com/p/action/ 0
119 B 2755ms
2755ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17571311.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 03 Jul 2023 06:27:42 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 73354ACD652644758040B16C6FEF72CF Ref B: FRA31EDGE0813 Ref C: 2023-07-03T06:27:43Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 2752ms
2752ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17571311&Ver=2&mid=09373c26-8d47-4818-8dec-b608bacb0257&sid=b7abcca0196a11ee9774697e4d49856f&vid=b7abf940196a11ee8955493823f186a5&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&p=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&r=&evt=pageLoad&sv=1&rn=451130

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 03 Jul 2023 06:27:42 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DDD34B3A97B64BB795FE12C46B03F93E Ref B: FRA31EDGE0813 Ref C: 2023-07-03T06:27:43Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
466 B 113ms
112ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16780454&r=1688365663381&ref=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 16780454
Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdudfLRvAwDAjNXGrn1vJsvOaYkJP8ycJHgSlX-Cobi3mGqI2nZm8Mb3u3fMVpCEOL930fdQquVwBuR2gGiOwSDa8g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Mon, 03 Jul 2023 07:27:46 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 2891ms
115ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16780454&r=1688365663381&ref=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.deepinstinct.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 03 Jul 2023 06:27:46 GMT
expires: Mon, 03 Jul 2023 06:27:46 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdvBJVxd_wP9GP1c1Q6ouU1fxC4LWRQQe2c0Roe-nWs8DA5CXzhQ83t1fTVBvhGGxWJcecUHGu65bkLdndurcdkQMQ

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/316505/domain/deepinstinct.com/ 36 B
375 B 62ms
10ms XHR
application/json 2600:9000:20eb:ea00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/316505/domain/deepinstinct.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:ea00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:28:40 GMT
content-encoding: gzip
via: 1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 3546
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: dIJa8eKZBKOdu2cCCxoiI9eGOk498QaWz4tZWrJ73HEloYFPF6SHqQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywate...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D316505%26time%3D1688365666144%26url%3Dhttps%253A%252F%252Fwww.deepinstinct.com%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywate...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywat...

0
265 B

145ms
105ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&cookiesTest=true&liSync=true&e_ipv6=AQJA518TbFVyEgAAAYkab5N82hHxc1dQlt5f6mZwVYpa9QmWBuAGplOjpzu5hje4
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: B43826055F85403A9E522CE3977E8379 Ref B: DUS30EDGE0716 Ref C: 2023-07-03T06:27:47Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX/j0PaP8bgpdKgIfUuPw==

Redirect headers

date: Mon, 03 Jul 2023 06:27:46 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 6C2AE8D5187B4109BF510E88A81F0B97 Ref B: FRAEDGE1115 Ref C: 2023-07-03T06:27:47Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1688365666144&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&cookiesTest=true&liSync=true&e_ipv6=AQJA518TbFVyEgAAAYkab5N82hHxc1dQlt5f6mZwVYpa9QmWBuAGplOjpzu5hje4
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX/j0PYA1o9LiRFNpnJrw==

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 545 KB
87 KB 229ms
191ms Script
application/javascript 2606:4700::6811:836e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:836e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae5bfbf6629277d9993e143b04fd081fdc22ac1790dbc4edf51165c3d9b52f0f

Request headers

Referer: https://www.deepinstinct.com/
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1216/bundle/main/lead-flows-release.js&cfRay=7e0d1085a9fe1c26-IAD
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"8f29c013ec69bca0f98e5c18d5d45d87"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1216/bundle/main/lead-flows-release.js
date: Mon, 03 Jul 2023 06:27:46 GMT
x-amz-version-id: v5..R77GwEs1PfJguIOtzHIVDGDmfqTH
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 37c9a08e-e190-4085-8932-59ae80338574
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-request-id: 37c9a08e-e190-4085-8932-59ae80338574
last-modified: Mon, 19 Jun 2023 09:39:47 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-x5fmx
cf-ray: 7e0d1085a9fe1c26-FRA
x-amz-cf-id: iWUdqb_4l22PVElo-bhXj7UBahQSA4PaOGwlBJrkZy9bxN1DOZU9lA==

GET
H2 200 2183098.js Show response
js.hs-analytics.net/analytics/1688365500000/ 66 KB
21 KB 160ms
133ms Script
text/javascript 2606:4700::6810:88ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1688365500000/2183098.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cf77e80bd5de13d728eca70b557efe148b2b6be5c2323a306da94c95a0b7c89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 2B1ATM13760QWBDP
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: aba22abe-30fb-4142-be35-d4afad1859c6
x-envoy-upstream-service-time: 14
x-amz-id-2: 3RKmZW4pQQeQmtV2g/rAmiwDCwlnu7iBQSamBGxzgCkoe3t+25ddy8XKedrDXGM9hP+Or0AilWA=
x-evy-trace-listener: listener_https
x-request-id: aba22abe-30fb-4142-be35-d4afad1859c6
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 15 Jun 2023 14:41:24 GMT
server: cloudflare
etag: W/"010a5731c973af84599107818394ac13"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7e0d1085ae019a2d-FRA
expires: Mon, 03 Jul 2023 06:32:46 GMT

GET
H2 200 2183098.js Show response
js.hs-banner.com/ 62 KB
16 KB 451ms
421ms Script
text/javascript 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2183098.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 781c8a27510830055826971efdbb0d1284811e2c84664559a57698ae6c8e5e9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
x-amz-version-id: 5U7khN0c6ImN66SffDN46Xc._o57ZICo
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: PCDWP6KWY42MNK7A
x-amz-server-side-encryption: AES256
x-amz-id-2: hlPTJl8RI6TNA0vcwC7fb6kFwzrrAcjgJfTrH0xXYj/QA/Lx0JS88rJDmJM6LaaEPJ3WdFGmBFj0anYESjvaOw==
last-modified: Mon, 17 Apr 2023 15:03:31 GMT
server: cloudflare
etag: W/"54bd990a23daa4e471eca6de0c3967b2"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://info.deepinstinct.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7e0d1085df7830d2-FRA
expires: Mon, 03 Jul 2023 06:32:46 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
327 B 14ms
12ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=5268e010d1cc43d4d6088c02f5e61253&_biz_s=571b07&_biz_l=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&_biz_t=1688365666152&_biz_i=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&_biz_n=0&rnd=250069&cdn_o=a&_biz_z=1688365666153
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:46 GMT
last-modified: Wed, 28 Jun 2023 14:12:17 GMT
server: ECS (frb/6760)
age: 404129
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
202 B 20ms
8ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=5268e010d1cc43d4d6088c02f5e61253&_biz_s=571b07&_biz_l=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&_biz_t=1688365666155&_biz_i=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&rnd=584733&cdn_o=a&_biz_z=1688365666155
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6752) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:46 GMT
last-modified: Sun, 02 Jul 2023 02:44:28 GMT
server: ECS (frb/6752)
age: 99798
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 24ms
23ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69598329-1&cid=548354136.1688365663&jid=913223804&_u=YGBACEAABAAAACAAI~&z=2059547786

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 49ms
48ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69598329-1&cid=548354136.1688365663&jid=913223804&_u=YGBACEAABAAAACAAI~&z=2059547786

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 06:27:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1665869/ 148 B
322 B 140ms
37ms XHR
application/json 34.248.118.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1665869/visit-data?sv=7
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.118.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-118-128.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 76dd5024f59224f7b30edc12726bcc0fbacb94b75e906d8ca208ce4e827c75f4

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 l
use.typekit.net/af/04ec74/00000000000000000001205b/27/ 29 KB
29 KB 39ms
17ms Font
application/font-woff2 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/04ec74/00000000000000000001205b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 8d0056dcc26b8dce6be00539697962adb12475fbf9cbf7fdcbc7c81b2ae7328d

Request headers

Referer: https://use.typekit.net/zka3qml.css
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
server: nginx
etag: "1c4557ace28950fbc49487c3a85660222d5fe232"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 29588

GET
H2 200 l
use.typekit.net/af/1709eb/000000000000000000010b60/27/ 24 KB
24 KB 28ms
8ms Font
application/font-woff2 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1709eb/000000000000000000010b60/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f94786fe65dcbc65b0099b471ae2bb89bbabd7fa7d8573dd3c4e0f5bbe555447

Request headers

Referer: https://use.typekit.net/zka3qml.css
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
server: nginx
etag: "9bd0488a91630a3c738a4d950e0b0b7930bcb98f"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24740

GET
H2 200 l
use.typekit.net/af/442215/000000000000000000010b5a/27/ 23 KB
23 KB 27ms
8ms Font
application/font-woff2 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/442215/000000000000000000010b5a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 8d5da73586712159bb569fbfbd370f05a258113b2591ba238ef4e7bde1db13b7

Request headers

Referer: https://use.typekit.net/zka3qml.css
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:46 GMT
server: nginx
etag: "9523c64514161c03124fab238b18113d17bad9eb"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23800

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
418 B 434ms
385ms XHR
text/html 2600:9000:2490:ca00:1d:8d6d:3b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=GjGEl70YtXLPfBt6K_JjxsT0NH-c-KWbZN26KURQ14HfwZ8Qsxb_pQ==&api-version=v2
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:ca00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
date: Mon, 03 Jul 2023 00:56:39 GMT
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 19899
x-amz-server-side-encryption: AES256
x-cache: Error from cloudfront
content-length: 0
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
server: AmazonS3
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: 8O7h1-KYt-5YLsa1YP4ojUCR5asF5Q7p2A_BWtu8a5ERuW9e-JXF3Q==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 10ms
9ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1536081219&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&ul=en-us&de=UTF-8&dt=PhonyC2%3A%20Revealing%20a%20New%20Malicious%20Command%20%26%20Control%20Framework%20by%20MuddyWater%20%7C%20Deep%20Instinct&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBACEABBAAAACAAI~&jid=&gjid=&cid=548354136.1688365663&tid=UA-69598329-1&_gid=1496124694.1688365663&gtm=45He36s0n8152PC3MW&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=Bot&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=DE&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd13=(Non-Company%20Visitor)&z=2130052122

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 02 Jul 2023 08:36:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 78702
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 332937911623471 Show response
connect.facebook.net/signals/config/ 300 KB
86 KB 144ms
142ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/332937911623471?v=2.9.110&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7f2fcd53b9b384926b2171884d7d819e5f3f7fb8d373a6368a1e186081aa1ecb

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 06:27:46 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: ZB/iv7j8q9o/iw8UI6HEcIvOkPfI9ka7ER9uoJJAPQ//LKPr/JeTpo4oM7E8Dx2U+YVB3piJG55fxLVcwT48/w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
548 B 117ms
116ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=5268e010d1cc43d4d6088c02f5e61253&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.06.14
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: ef25d7f47d849664e1cd8b16cdbe9be63da7d60351ea63d49498ba91838067f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:45 GMT
content-encoding: gzip
server: ECS (frb/6711)
etag: AC69F7D2
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 219

GET
H2 200 2757.2159eeb22ad7f48b.js Show response
www.deepinstinct.com/_next/static/chunks/ 427 B
595 B 949ms
948ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/2757.2159eeb22ad7f48b.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

90aca30e747dbe0cd4ae4a29a0d588aff8693e295bb1d5c322188955608f658b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44A45FCDP4DH6ZPC0RW
date: Mon, 03 Jul 2023 06:27:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: Netlify
age: 0
etag: "ea3356e96273b299596c36abefe566dc-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 427
x-xss-protection: 1

GET
H2 200 5972.698bd1faa1f17a01.js Show response
www.deepinstinct.com/_next/static/chunks/ 4 KB
2 KB 949ms
949ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5972.698bd1faa1f17a01.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

73de89ad27fa1fcfb8372b6656106165d4865b3ee287ad208f0074ef99f586b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44BGAH5PE8S0BP73DSK
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "a3f7c9173a6a7c28378b624f8967099b-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
x-xss-protection: 1

GET
H2 200 5518.80f4656ccdd1c449.js Show response
www.deepinstinct.com/_next/static/chunks/ 23 KB
9 KB 949ms
948ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5518.80f4656ccdd1c449.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

ba546f8a87a68abc792ddd24f67f1941f15f77e2605b6cad27d798cfd256df37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44CFTDDP58WKBVBTKH4
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 47661
etag: "b2cee7f89e132f787a454fe3452dcf6f-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 9202
x-xss-protection: 1

GET
H2 200 2f9e2c2f1c3b95ee.css
www.deepinstinct.com/_next/static/css/ 1 KB
479 B 417ms
417ms Stylesheet
text/css 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/2f9e2c2f1c3b95ee.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

4574422b79a9d4a5793b41636bfcf680e171b4f050e4089b78c8fb48d16af49d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44CDXFF8GGX7FV5EVCC
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "3a249d17bf4d3e5c346d38680463a967-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 296
x-xss-protection: 1

GET
H2 200 5285.9d8099bf125cc883.js Show response
www.deepinstinct.com/_next/static/chunks/ 4 KB
2 KB 949ms
948ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5285.9d8099bf125cc883.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

2127e8d78f9fdf06128e950834caad94dcce05a128133818a9b32102aaa06b8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44CB22Y616NBE560FVN
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "b095565831c0da26124297989ba717ad-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
x-xss-protection: 1

GET
H2 200 8286.e06f0b67431c1f9c.js Show response
www.deepinstinct.com/_next/static/chunks/ 3 KB
1 KB 950ms
950ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/8286.e06f0b67431c1f9c.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

24c48fd2d041715dacda429b49d2077dc9ea1e980a8168f0a0bba850a1381a7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44DD5JC574GZ5V5T6YZ
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "2f7d3701f16d3e9e62791e372b61b874-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 1210
x-xss-protection: 1

GET
H2 200 1264.1e83e2e3d087aa66.js Show response
www.deepinstinct.com/_next/static/chunks/ 1 KB
828 B 950ms
950ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/1264.1e83e2e3d087aa66.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

d90b93e7a6b3c90b899c78d766efd2ee94dca853b273313b8dbc333cbc328e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44EPG0902DRX9PZ6QAK
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "be8c7492039a144a8d9684247c13ac4f-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
x-xss-protection: 1

GET
H2 200 3204.4d4bc288e26c86f6.js Show response
www.deepinstinct.com/_next/static/chunks/ 2 KB
996 B 944ms
943ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/3204.4d4bc288e26c86f6.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

551397ca1cc84b261fbfb4ec91a3be7e5cb4704f58bdc293808a2f06e904e8d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44NS38JS9MWGZZPP6V7
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 283718
etag: "dd009410288c27e6cd33231e671cf793-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 899
x-xss-protection: 1

GET
H2 200 5500.a842325987ceada0.js Show response
www.deepinstinct.com/_next/static/chunks/ 560 B
649 B 943ms
943ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5500.a842325987ceada0.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

df8d379a7d695bed8a2c8c58fa2b7b5c06837252815cf494b12e65d67c245060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44PZJTD9YEG6WXDE16X
date: Mon, 03 Jul 2023 06:27:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: Netlify
age: 0
etag: "118ae891cf5dfbfeef1f2adfda3ad3b2-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 560
x-xss-protection: 1

GET
H2 200 6773.39400dc36a5f8737.js Show response
www.deepinstinct.com/_next/static/chunks/ 1 KB
731 B 945ms
945ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/6773.39400dc36a5f8737.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8908366014bb39af214d72a81154943df61d430966ae776aeda1e1bf094b10b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44P1V36GWQC9HQD9W2Q
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "7ace6ce2dee916ea67f97bffa4ba7944-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 639
x-xss-protection: 1

GET
H2 200 4082.f76b657326d5df42.js Show response
www.deepinstinct.com/_next/static/chunks/ 376 B
464 B 945ms
945ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/4082.f76b657326d5df42.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

9c0180fc3efb7e159a483e9f2c8ea7db1595a30cd8e3bd0f7b6f391405c3352a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z44PK2EC4B6Y6C0GVFEE
date: Mon, 03 Jul 2023 06:27:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: Netlify
age: 0
etag: "bee1acf8fadd1754c45d9212ccb279ba-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 376
x-xss-protection: 1

GET
H2 200 2030.f80c6d0379cfe528.js Show response
www.deepinstinct.com/_next/static/chunks/ 2 KB
866 B 656ms
655ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/2030.f80c6d0379cfe528.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

1b791f37e7cfac61b4b9e28963f4afbbc99fce9766fe8a872d8196dc7dc21375

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4DSWJVS15RR7GYRPJAZ
date: Mon, 03 Jul 2023 06:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "4fed16b2901cda466d5d42bd5eafbf60-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 772
x-xss-protection: 1

GET
H/1.1 200
OK st.js Show response
s.swiftypecdn.com/install/v2/ 416 KB
110 KB 55ms
7ms Script
text/javascript 151.101.192.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.swiftypecdn.com/install/v2/st.js
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.192.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2d7c7930eb39d59cd8c2dc00652977da3ed72347e7cd465f7b540e10e2121c22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 03 Jul 2023 06:27:46 GMT
Content-Encoding: gzip
Via: 1.1 varnish
Age: 211
X-Cache: HIT
Connection: keep-alive
Content-Length: 112326
X-Served-By: cache-fra-eddf8230095-FRA
X-Timer: S1688365667.716075,VS0,VE0
ETag: "644bc380-1b6c6"
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public, max-age=300, public
Accept-Ranges: bytes
X-Cache-Hits: 2

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0E27
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1704263266&external_user_id=06c016a9-d36b-4a43-b23c-4d7d7b5ad14a
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1704263266&external_user_id=06c016a9-d36b-4a43-b23c-4d7d7b5ad14a&C=1

43 B
766 B

9ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1704263266&external_user_id=06c016a9-d36b-4a43-b23c-4d7d7b5ad14a&C=1
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 03 Jul 2023 06:27:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 03 Jul 2023 06:27:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=18&expiry=1704263266&external_user_id=06c016a9-d36b-4a43-b23c-4d7d7b5ad14a&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2 200 sync
partners.tremorhub.com/ Frame 0E27 43 B
392 B 314ms
92ms Image
image/gif 2600:1f18:612b:4200:f677:2600:2836:f912
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIDM=06c016a9-d36b-4a43-b23c-4d7d7b5ad14a
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:f677:2600:2836:f912 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Mon, 03 Jul 2023 06:27:47 GMT
server: nginx
content-type: image/gif

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 0E27 0
239 B 57ms
8ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?nid=5578&put=06c016a9-d36b-4a43-b23c-4d7d7b5ad14a&v=1181926
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 142ms
70ms XHR
application/json 34.250.166.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.250.166.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-166-22.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 75cfc2a0523561e675f076e55327249be1c9c90b7739cd7d3dbc93ff672e8811

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 03 Jul 2023 06:27:47 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2

200

https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg
www.deepinstinct.com/_ipx/w_1680,q_100/
Redirect Chain

https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg&w=1680&q=100
https://www.deepinstinct.com/_ipx/w_1680,q_100/https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg?url=https%3A%2F%2Fwww.deepin...

139 KB
139 KB

170ms
169ms

Image
image/jpeg

2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/_ipx/w_1680,q_100/https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg&w=1680&q=100

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e666ff26dc918603ef7638dced642b7192102210bc69b87c681a8824283cbdbd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z532JC82PT34XNW4VW6K
content-security-policy: default-src 'none'
date: Mon, 03 Jul 2023 06:27:47 GMT
strict-transport-security: max-age=31536000
server: Netlify
age: 146765
etag: "22c82-0NpUDGeMR67phNZB+ZIhL5jbR10"
content-type: image/jpeg
cache-control: public, max-age=0, must-revalidate
content-length: 142466

Redirect headers

location: /_ipx/w_1680,q_100/https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fblt8f5ae189fce9f425%2F649da50594be10cb158949a6%2Fblog-phonyc2-muddywater.jpg&w=1680&q=100
x-nf-request-id: 01H4D6Z4S54AD8D594VRVAYNZ8
date: Mon, 03 Jul 2023 06:27:47 GMT
strict-transport-security: max-age=31536000
server: Netlify
age: 0
content-type: text/plain

GET
H2

200

https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png
www.deepinstinct.com/_ipx/w_64,q_75/
Redirect Chain

https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75
https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png?url=https%3A%...

3 KB
3 KB

171ms
171ms

Image
image/png

2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

f9290eade0c1f3006d45aa71c8a1051c84257a9d019ee8c79e3969feef443e72

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z532MYTN45Z02969J9N2
content-security-policy: default-src 'none'
date: Mon, 03 Jul 2023 06:27:47 GMT
strict-transport-security: max-age=31536000
server: Netlify
age: 279607
etag: 40-AFiVBSlHVVebCqKnSjfIMdB32pk
content-type: image/png
cache-control: public, max-age=0, must-revalidate
content-length: 3110

Redirect headers

location: /_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fblt14ca71678553d70e%2F6305444727ca1b5cd53ebd62%2Fkenin-simon.png&w=64&q=75
x-nf-request-id: 01H4D6Z4S5RX4A36J8AEVNQD48
date: Mon, 03 Jul 2023 06:27:47 GMT
strict-transport-security: max-age=31536000
server: Netlify
age: 0
content-type: text/plain

GET
H2

200

https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png
www.deepinstinct.com/_ipx/w_64,q_75/
Redirect Chain

https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=...
https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png?url...

667 B
765 B

170ms
170ms

Image
image/png

2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8fd4ce59a9d1e64d62c68a2abea4d2859757babb19c8032c04a4ab4c9926cf3e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z5324QHA5P4CPQ8MZVR7
content-security-policy: default-src 'none'
date: Mon, 03 Jul 2023 06:27:47 GMT
strict-transport-security: max-age=31536000
server: Netlify
age: 279607
etag: "29b-3YSIgYnl2n3svoll5wPkSuDKgr8"
content-type: image/png
cache-control: public, max-age=0, must-revalidate
content-length: 667

Redirect headers

location: /_ipx/w_64,q_75/https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75
x-nf-request-id: 01H4D6Z4S5AYASEMSSWSQWMKWC
date: Mon, 03 Jul 2023 06:27:47 GMT
strict-transport-security: max-age=31536000
server: Netlify
age: 0
content-type: text/plain

GET
H2 200 who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms.json Show response
www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/blog/ 29 KB
7 KB 286ms
280ms Fetch
application/json 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/blog/who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms.json?pid=who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

11fa9dacbb852588791da69e304a4a6831d5954f25ee1af89b4c2ac6da16baff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4SKPD87S18PSQW6G3F7
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-nextjs-matched-path: /en/blog/[pid]
age: 182
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache: REVALIDATED
x-xss-protection: 1
server: Netlify
etag: "7210-mlMUg5lvaW8lt+g7QDLcFSZ3Q7M-df"
x-nf-render-mode: odb ttl=300
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: public, max-age=0, must-revalidate

GET
H2 200 blog.json Show response
www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/ 132 KB
34 KB 294ms
288ms Fetch
application/json 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/blog.json?pid=blog

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

5adbf5e3a1c21cfe9790030758d068c7fc2a7214e854d2657d69d555e3e45190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4SKTX6FK5F2SMK4ERHR
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-nextjs-matched-path: /en/[pid]
age: 182
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache: REVALIDATED
x-xss-protection: 1
server: Netlify
etag: "2109e-OOXtOGBrRulOJjQClq4lpVPPVRQ-df"
x-nf-render-mode: odb ttl=60
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: public, max-age=0, must-revalidate

GET
H2 200 %5Bpid%5D-19c26ae054b3514e.js
www.deepinstinct.com/_next/static/chunks/pages/ 0
1 KB 289ms
284ms Other
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/%5Bpid%5D-19c26ae054b3514e.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4SKFRA66ZY6TGR6B1PE
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "e88facfd46b9a2736757ed7c1a1598d6-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
x-xss-protection: 1

GET
H2 200 1.json Show response
www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/author/simon-kenin/page/ 263 KB
67 KB 285ms
279ms Fetch
application/json 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/author/simon-kenin/page/1.json

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

fbf24a2958e65ae4832bce3a5b1ef72e34c1baed112cb7bb037dd2c23acb6ce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4SK91PW9287F0KETHJY
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-nextjs-matched-path: /en/author/[uid]/page/[pid]
age: 182
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache: REVALIDATED
x-xss-protection: 1
server: Netlify
etag: "41bbe-JtX598mQyEdjxNEw1M8JZEUAPaw-df"
x-nf-render-mode: odb ttl=60
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: public, max-age=0, must-revalidate

GET
H2 200 %5Bpid%5D-a925212826d2c176.js
www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/ 0
4 KB 284ms
279ms Other
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/%5Bpid%5D-a925212826d2c176.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4SKQENGV5DAAQD6KYSE
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 283719
etag: "b2271a5063d019b5df9f3f15016a16be-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 3488
x-xss-protection: 1

GET
H2 200 1.json Show response
www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/author/deep-instinct-research/page/ 236 KB
59 KB 285ms
279ms Fetch
application/json 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/author/deep-instinct-research/page/1.json

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

96e78989f4c22672b58ccb82e91e1f5977b79322e37127fb6d889922d0ffeb5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4SKH50QC10Y8YMMXJE5
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-nextjs-matched-path: /en/author/[uid]/page/[pid]
age: 182
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache: REVALIDATED
x-xss-protection: 1
server: Netlify
etag: "3b0d5-tR+YZHkRhrIFHDmigOSHa8YXvmI-df"
x-nf-render-mode: odb ttl=60
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: public, max-age=0, must-revalidate

GET
H2 200 partners.json Show response
www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/ 22 KB
6 KB 285ms
279ms Fetch
application/json 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/eWaPIQXQAeHZ0m4NkIF6B/en/partners.json?pid=partners

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

69c041c3d6dae7de08eddbf4175abe4e5ad1fa0c6d030199e6050abb864c5a99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4SKFN6C2R1AAVXFCKHK
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-nextjs-matched-path: /en/[pid]
age: 182
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
x-nextjs-cache: REVALIDATED
x-xss-protection: 1
server: Netlify
etag: "5972-GU1IgYZWSO9fCC35vcMXih/HmtE-df"
x-nf-render-mode: odb ttl=300
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: public, max-age=0, must-revalidate

GET
BLOB 200
OK 444fcfb4-7e09-4360-a15c-16629a4f7ac2
https://www.deepinstinct.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.deepinstinct.com/444fcfb4-7e09-4360-a15c-16629a4f7ac2
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 31ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=468591697375107&ev=PageView&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&rl=&if=false&ts=1688365667057&sw=1600&sh=1200&v=2.9.110&r=stable&ec=0&o=30&fbp=fb.1.1688365667056.1835180758&it=1688365663373&coo=false&rqm=GET

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 06:27:47 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 31ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=332937911623471&ev=PageView&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&rl=&if=false&ts=1688365667058&sw=1600&sh=1200&v=2.9.110&r=stable&ec=0&o=30&fbp=fb.1.1688365667056.1835180758&it=1688365663373&coo=false&rqm=GET

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 06:27:47 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK NW3rMrxBqJx71BachJFa.json Show response
s.swiftypecdn.com/install/v2/config/ 19 KB
5 KB 3566ms
3543ms XHR
application/json 151.101.192.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://s.swiftypecdn.com/install/v2/config/NW3rMrxBqJx71BachJFa.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.143 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9a496e8b9da307a0d817e4104c0418c6ff0c8841c6bbb8e426a424d304ac3296

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 03 Jul 2023 06:27:47 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 varnish
X-Permitted-Cross-Domain-Policies: none
Age: 0
X-Cache: HIT
Connection: keep-alive
Content-Length: 4251
X-XSS-Protection: 1; mode=block
X-Request-Id: df94e4351637216e761561c811ee35da
X-Served-By: cache-fra-eddf8230070-FRA
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 16 May 2023 16:51:29 GMT
X-Timer: S1688365667.153569,VS0,VE529
ETag: W/"0b4dc992c692095d33a1f63f87bd38a6"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Access-Control-Max-Age: 7200
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Vary: Accept-Encoding, Origin
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H2 200 e18e2f9558fd1543.css Show response
www.deepinstinct.com/_next/static/css/ 11 KB
3 KB 179ms
177ms Fetch
text/css 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/e18e2f9558fd1543.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

1752ebf6d56f755b79f9e9404e22a8c8972ad8a435c7e93fcb0c33da99e34f51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4WT8H8DHAYHVXYPC467
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 4
etag: "2660ad29b881a0161990454ed21eee0f-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 2585
x-xss-protection: 1

GET
H2 200 %5Bpid%5D-a925212826d2c176.js Show response
www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/ 10 KB
3 KB 179ms
177ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/%5Bpid%5D-a925212826d2c176.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

edf4b08b41a717a075bdc5d59065035fa94234ca5da24007f29a448801f18370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4WTC33WW1198J296298
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 283719
etag: "b2271a5063d019b5df9f3f15016a16be-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 3488
x-xss-protection: 1

GET
H2 200 66ae8659e67a5ee0.css Show response
www.deepinstinct.com/_next/static/css/ 13 KB
3 KB 179ms
177ms Fetch
text/css 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/66ae8659e67a5ee0.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

d3c27f13bd94909aec92496dea553496c415f33c6036cc734953fe2291286128

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4WTB6V8RFGHXQEVYPY1
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 283719
etag: "0d982f72dcaad6c5a4f28c0ee0b94735-ssl"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 2747
x-xss-protection: 1

GET
H2 200 %5Bpid%5D-19c26ae054b3514e.js Show response
www.deepinstinct.com/_next/static/chunks/pages/ 6 KB
1 KB 212ms
210ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/%5Bpid%5D-19c26ae054b3514e.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

44ae0e02f5b0d5a52f1a4bf55e61f8cfce49bd98aa5660a92001dfa81e1c9d25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4WWJGC0W845BV9447DC
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "e88facfd46b9a2736757ed7c1a1598d6-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 1179
x-xss-protection: 1

GET
H2 200 b5445e3f97893593.css Show response
www.deepinstinct.com/_next/static/css/ 10 KB
2 KB 295ms
294ms Fetch
text/css 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/b5445e3f97893593.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

d3ec400dcf26c7341f46a15b0023aecda4a57d631cfae7434eb3e57c2cb35e71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z4WVKZ30QW6GNP1PQRDD
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "3f4ce016b475338432255fbd93e037a2-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
x-xss-protection: 1

GET
H2 200 1259.2c2ed873ed26db49.js Show response
www.deepinstinct.com/_next/static/chunks/ 2 KB
1 KB 3315ms
3314ms Script
application/javascript 2600:1f1c:471:9d01::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/1259.2c2ed873ed26db49.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-27c7669fef75ea0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f1c:471:9d01::c8 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

66452618423fb997d299a94cd1373cd8d9ecc3c3976be0a6dbe3adf78113768e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nf-request-id: 01H4D6Z547TPYM5J9J7JB3GYYW
date: Mon, 03 Jul 2023 06:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "596e52d2b39ce2af98e4119019466bb3-ssl-df"
surrogate-control: max-age=300, stale-while-revalidate=900, stale-if-error=900
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 935
x-xss-protection: 1

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 9968 0
52 B 8ms
7ms Document
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.deepinstinct.com
Referer: https://www.deepinstinct.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.deepinstinct.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 06:27:47 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 27D1 0
18 B 8ms
7ms Document
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.deepinstinct.com
Referer: https://www.deepinstinct.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.deepinstinct.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 06:27:47 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
s.swiftypecdn.com/assets/ 89 KB
34 KB 8ms
8ms Stylesheet
text/css 151.101.192.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.swiftypecdn.com/assets/new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
Requested by: Host: s.swiftypecdn.com
URL: https://s.swiftypecdn.com/install/v2/st.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.192.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

X-Cache-Hits: 543
Date: Mon, 03 Jul 2023 06:27:50 GMT
Content-Encoding: gzip
Via: 1.1 varnish
Age: 287871
X-Cache: HIT
Connection: keep-alive
Content-Length: 33983
X-Served-By: cache-fra-eddf8230095-FRA
X-Timer: S1688365671.706194,VS0,VE0
ETag: "62b9d075-84bf"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
Expires: Fri, 28 Jun 2024 22:30:00 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 152ms
130ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=2183098&rcu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&pu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater&t=PhonyC2%3A+Revealing+a+New+Malicious+Command+%26+Control+Framework+by+MuddyWater+%7C+Deep+Instinct&cts=1688365670716&vi=1c56b248743e44379ee358e8e2f49cd2&nc=true&u=160033954.1c56b248743e44379ee358e8e2f49cd2.1688365670713.1688365670713.1688365670713.1&b=160033954.1.1688365670713&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:27:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5e202fac-262b-4963-9964-cfa0ab1d89c2
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5e202fac-262b-4963-9964-cfa0ab1d89c2
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qB16Qv5zVfZQQWOMb7MzNTb1ds3eWp45SKLQmpJ2KwdNEaSwb5aNvhxawrg0vnn%2F%2Bzy3vsH%2F6ffqJNJGvz2B%2Fa4vJkp0ICNyVFz9Y27a4jR86IZgsHfGy35KPeW6HFUtLVIUfVau7bTwZxuXb6sg"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-vrlgm
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7e0d10a229a6910d-FRA
x-robots-tag: none

GET
H/1.1 200
OK cc.js
cc.swiftype.com/ 43 B
279 B 791ms
133ms Image
image/gif 169.46.32.99

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.swiftype.com/cc.js?engine_key=zPgdszsQivuSeQwTEHrm&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fphonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 169.46.32.99 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/gif
Date: Mon, 03 Jul 2023 06:27:51 GMT
Cache-Control: no-cache
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Content-Length: 43
Expires: Mon, 03 Jul 2023 06:27:50 GMT

Verdicts & Comments Add Verdict or Comment

101 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.deepinstinct.com/	1970-01-20 15:09:01	Name: _gcl_au Value: 1.1.2115271870.1688365663
.deepinstinct.com/	1970-01-20 13:00:52	Name: _gid Value: GA1.2.1496124694.1688365663
.deepinstinct.com/	1970-01-20 12:59:25	Name: _gat_UA-69598329-1 Value: 1
.doubleclick.net/	1970-01-20 12:59:26	Name: test_cookie Value: CheckForPermission
.deepinstinct.com/	1970-01-20 22:35:25	Name: _ga_P5MMKMDSNW Value: GS1.1.1688365663.1.0.1688365663.0.0.0
.deepinstinct.com/	1970-01-20 22:35:25	Name: _ga Value: GA1.1.548354136.1688365663
.techtarget.com/	1970-01-20 12:59:27	Name: __cf_bm Value: pP2TCSVs4LGLjaNEYDw6SeXhfKCUDIEu8tA5feLf.b8-1688365663-0-AQBYmQHGCdK7wRicRKZs7pq14H4F+UJ+ExdUQRYv4vaqN3POWk0f6e9Oh91GLOyrqAZbRGDRs3DHqz7WfR2ukB8=
.deepinstinct.com/	1970-01-20 13:00:52	Name: _uetsid Value: b7abcca0196a11ee9774697e4d49856f
.deepinstinct.com/	1970-01-20 22:21:01	Name: _uetvid Value: b7abf940196a11ee8955493823f186a5
.bing.com/	1970-01-20 22:21:01	Name: MUID Value: 2266781790626AD622526B5491CE6B57
.deepinstinct.com/	1970-01-20 21:45:01	Name: _biz_uid Value: 5268e010d1cc43d4d6088c02f5e61253
.deepinstinct.com/	1970-01-20 12:59:27	Name: _biz_sid Value: 571b07
.deepinstinct.com/	1970-01-20 21:45:01	Name: _biz_nA Value: 1
.bizible.com/	1970-01-20 21:45:01	Name: _BUID Value: 5268e010d1cc43d4d6088c02f5e61253
.bizibly.com/	1970-01-20 21:45:01	Name: _BUID Value: 1c5fc993341cf643a5d00c8710ef9bb5
.deepinstinct.com/	1970-01-20 21:45:01	Name: _hjSessionUser_1665869 Value: eyJpZCI6IjVjN2VkZDFkLTg5ZmItNTBiOS05ZGY3LTcyNDc5YzVjMjM1ZiIsImNyZWF0ZWQiOjE2ODgzNjU2NjYyMDgsImV4aXN0aW5nIjpmYWxzZX0=
.deepinstinct.com/	1970-01-20 12:59:27	Name: _hjFirstSeen Value: 1
.deepinstinct.com/	1970-01-20 12:59:25	Name: _hjIncludedInSessionSample_1665869 Value: 1
.deepinstinct.com/	1970-01-20 12:59:27	Name: _hjSession_1665869 Value: eyJpZCI6IjU5YWU2ZDFmLTIzODQtNGFhZi05NzI4LTY3ZDMzNzYxNjFlNyIsImNyZWF0ZWQiOjE2ODgzNjU2NjYyMTgsImluU2FtcGxlIjp0cnVlfQ==
.deepinstinct.com/	1970-01-20 12:59:27	Name: _hjAbsoluteSessionInProgress Value: 0
.t.co/	1970-01-20 22:35:25	Name: muc_ads Value: 0adbde90-371d-4f17-b8b3-bce1b87ab350
.twitter.com/	1970-01-20 22:35:25	Name: personalization_id Value: "v1_QWSvit2q4fVyCvKC1m9Btw=="
www.deepinstinct.com/	1970-01-20 13:00:52	Name: ln_or Value: eyIzMTY1MDUiOiJkIn0%3D
.linkedin.com/	1970-01-20 15:09:01	Name: li_sugr Value: 91cdf00d-a645-41e1-a788-c6eef316e95c
.linkedin.com/	1970-01-20 21:45:01	Name: bcookie Value: "v=2&e8cdb9fe-eace-4115-8707-70522d9aad4c"
.linkedin.com/	1970-01-20 13:00:52	Name: lidc Value: "b=VGST00:s=V:r=V:a=V:p=V:g=3032:u=1:x=1:i=1688365666:t=1688452066:v=2:sig=AQHA84jd4pPsGPDofQz6omAfkxvi1mLf"
.deepinstinct.com/	1970-01-20 21:45:01	Name: _biz_pendingA Value: %5B%5D
.company-target.com/	1970-01-20 22:35:25	Name: tuuid Value: 06c016a9-d36b-4a43-b23c-4d7d7b5ad14a
.company-target.com/	1970-01-20 22:35:25	Name: tuuid_lu Value: 1688365666\|ix:0\|mctv:0\|rp:0
.linkedin.com/	1970-01-20 13:42:37	Name: UserMatchHistory Value: AQIU9-CEYHUTVAAAAYkab5BKLh8AfR7BObKdmGuYNpSStWBTl67EYApUAKmjkWAhkHHwQgaaYYpaEA
.linkedin.com/	1970-01-20 13:42:37	Name: AnalyticsSyncHistory Value: AQIBBRk12A9rIAAAAYkab5BKWNyQ9oHfLDP8kxu8JOgXcJqwDmgBjH79aZwEhj79qHhanKc7TgDrqTUV_PXPXQ
.deepinstinct.com/	1970-01-20 21:45:01	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.deepinstinct.com/	1970-01-20 15:09:01	Name: _fbp Value: fb.1.1688365667056.1835180758
.casalemedia.com/	1970-01-20 21:45:01	Name: CMID Value: ZKJqY0WMxOtdy69hGeueHAAA
.casalemedia.com/	1970-01-20 15:09:01	Name: CMPS Value: 3294
.casalemedia.com/	1970-01-20 15:09:01	Name: CMPRO Value: 3294
.www.linkedin.com/	1970-01-20 21:45:01	Name: bscookie Value: "v=1&20230703062747cb07cf19-ec41-4074-8c49-7390f388fee2AQHh0wEcntBttmyJUL50Cm1j-j9dengS"
.linkedin.com/	1970-01-20 17:18:37	Name: li_gc Value: MTswOzE2ODgzNjU2Njc7MjswMjFJm7a6XyZauYV8nOBV50fbQJpRlyjQjDHYdDHBj1IqTA==
.tremorhub.com/	1970-01-20 21:45:22	Name: tvid Value: 4159c86a6c4a423a9fe2e295ba3c650d
.tremorhub.com/	1970-01-20 22:35:25	Name: tv_UIDM Value: 06c016a9-d36b-4a43-b23c-4d7d7b5ad14a
.deepinstinct.com/	1970-01-20 17:18:37	Name: __hstc Value: 160033954.1c56b248743e44379ee358e8e2f49cd2.1688365670713.1688365670713.1688365670713.1
.deepinstinct.com/	1970-01-20 17:18:37	Name: hubspotutk Value: 1c56b248743e44379ee358e8e2f49cd2
.deepinstinct.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.deepinstinct.com/	1970-01-20 12:59:27	Name: __hssc Value: 160033954.1.1688365670713
.hubspot.com/	1970-01-20 12:59:27	Name: __cf_bm Value: xaOW3SlXRXs4MpXbqrDnRaw.ZOVzLTwebjzYZe4klJQ-1688365670-0-AeHq/qdGSVCW9HkluviQVK/nnw4loZNiUWWNN5oBzhaF/J3EFNNbmhTinagADWspXTCIWzOHwC+M6iCyVb3tlEw=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.company-target.com
bat.bing.com
cc.swiftype.com
cdn.bizible.com
cdn.bizibly.com
cdn.linkedin.oribi.io
connect.facebook.net
content.hotjar.io
dsum-sec.casalemedia.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
id.rlcdn.com
in.hotjar.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
p.typekit.net
partners.tremorhub.com
pixel.rubiconproject.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.company-target.com
s.swiftypecdn.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag-logger.demandbase.com
tag.demandbase.com
track.hubspot.com
trk.techtarget.com
use.typekit.net
www.deepinstinct.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
104.244.42.197
104.244.42.3
108.138.17.47
13.107.42.14
146.75.116.157
151.101.192.143
152.195.15.58
169.46.32.99
18.66.97.49
18.66.97.57
185.80.39.216
2001:4860:4802:34::36
2600:1f18:612b:4200:f677:2600:2836:f912
2600:1f1c:471:9d01::c8
2600:9000:20eb:ea00:2:53b2:240:93a1
2600:9000:2490:ca00:1d:8d6d:3b40:93a1
2606:4700::6810:88ce
2606:4700::6811:836e
2606:4700::6812:18c4
2606:4700::6812:863b
2606:4700::6812:d9f
2606:4700::6813:9a53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:809::2002
2a00:1450:4001:80b::2004
2a00:1450:4001:80f::200e
2a00:1450:4001:812::200e
2a00:1450:4001:828::2003
2a00:1450:4001:828::2008
2a00:1450:400c:c1b::9c
2a02:26f0:3100::1735:28a8
2a02:26f0:3100::1735:28b8
2a02:26f0:3100::1735:28f0
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
34.111.208.231
34.248.118.128
34.250.166.22
34.96.71.22
35.244.174.68
52.222.236.74
69.173.144.138
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
10d6702dcaaf54f389dc082dd3bf0f023ee50af262d53cc6a35fdf11099c67fa
11ae5f9ed74c0d0e02dfdfd84569baae947bb7dfb06159fd5cdab48bdf90ea1e
11fa9dacbb852588791da69e304a4a6831d5954f25ee1af89b4c2ac6da16baff
1752ebf6d56f755b79f9e9404e22a8c8972ad8a435c7e93fcb0c33da99e34f51
1b791f37e7cfac61b4b9e28963f4afbbc99fce9766fe8a872d8196dc7dc21375
1bb11639b6fac45629437a0f8c465af729084e5ad3a70e61861cf170d25c1ffe
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c9f4ca5f97ba5f603a23578157e54ae63d7a42a72abfe8cb4aaf967530e459d
2127e8d78f9fdf06128e950834caad94dcce05a128133818a9b32102aaa06b8c
22cfe884f4a81e77f5a2c572a10d125b13ba61d82ad9ff22bbc5b2635861eac8
23bfc23826b7d94a8975e34ee2ecd47dbcef68f4393d8376d1f8c876fa418cff
24c48fd2d041715dacda429b49d2077dc9ea1e980a8168f0a0bba850a1381a7f
2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241
25701ff46a6938978e4b3a307406ea586727388fe86ed523c6edd4435ebd6c5e
27fe849a5f13b44596532e7c6367856b60186a3d34dfb4e1917d34e984bb945a
28883e36ea68e8776d3a78e8c04308e9b3ba596990a421a21959fef03c77179b
2ba4a6b1ebfb80728d3b65bfa635d53207ea54977db48861f4b81cec562f8458
2d7c7930eb39d59cd8c2dc00652977da3ed72347e7cd465f7b540e10e2121c22
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
32cc58a56e1170810316c9cb82dd82a1fb379e2b82139b5ed039063bb40e4724
33dc89018fe5aed90ddd9f9615cba7412569abfad7d4995d81001e532aac79c9
3528ca12579d5514146153cc939637a4df3b73b884ac78fb7771d00e53600b5f
38d9379e8eccb68c5200a697306f95b91ab0a961321e56d1383d7434d73f53cd
39d15fb659e142dac44a36f83b12f49676abf3e7ca56b3593ddc356d5889f887
4100d61f6abcdb223f9076e063ed1869a6466f961419b0e1c935cbdbf7a1d8a4
429813c2f14b5ed5b1b620f18a56a9f328c2b41a14b9898fb13c532bd7fd1983
42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63
44ae0e02f5b0d5a52f1a4bf55e61f8cfce49bd98aa5660a92001dfa81e1c9d25
4574422b79a9d4a5793b41636bfcf680e171b4f050e4089b78c8fb48d16af49d
4a64dd92d7b26e88a316f969812f788231780ec6a585b8f4bd350ab3a06646a5
551397ca1cc84b261fbfb4ec91a3be7e5cb4704f58bdc293808a2f06e904e8d4
58cbce6773a86e5d812444badcc12a2b7da1bc9bd7508c777f67189a4a0ac6b5
5904bc0d6e72fc3e0028407f78c13aebab8a5e20104018420e1009f7cd9d1526
5adbf5e3a1c21cfe9790030758d068c7fc2a7214e854d2657d69d555e3e45190
609ad502120a9a3aaabe1b57a08fcdd887afd4c77361369c1d4b247a89285165
6137dcde275d755acf95adbccd120b1c3d5f15676a013f8b5dd9a4a1a9bf1c4b
62d4329342fa7772d4c227cc9e2e860bf5d50db6f9ca8706ea2dff50fa23c07f
66452618423fb997d299a94cd1373cd8d9ecc3c3976be0a6dbe3adf78113768e
66aac9d3210f68de513a93e481d67dfa843665cdba4809f3bde13aefb77e71c6
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
69c041c3d6dae7de08eddbf4175abe4e5ad1fa0c6d030199e6050abb864c5a99
6ce00c492fc82a2a05b2a29ec95e50f42ba69d2974ed3f0c094bc0cfb3872ee7
6cf77e80bd5de13d728eca70b557efe148b2b6be5c2323a306da94c95a0b7c89
73de89ad27fa1fcfb8372b6656106165d4865b3ee287ad208f0074ef99f586b7
75cfc2a0523561e675f076e55327249be1c9c90b7739cd7d3dbc93ff672e8811
765f2b701169c591dd769d308be14644a1e190bd53cfb3bbfc9c9186eebbca87
76dd5024f59224f7b30edc12726bcc0fbacb94b75e906d8ca208ce4e827c75f4
781c8a27510830055826971efdbb0d1284811e2c84664559a57698ae6c8e5e9f
7937d55e572e8fbc803de8aef20baf38577511a05b28b64745d9dfc144da20b9
79cd380d7c4a2d38776ca3a20830c95fd898e454ee523bd677596892ce38c5e8
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b90247c237c25c16dcf9f17ff1bad678dfb21b77c7edbc0e8ca80d48446e510
7f2fcd53b9b384926b2171884d7d819e5f3f7fb8d373a6368a1e186081aa1ecb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c
8908366014bb39af214d72a81154943df61d430966ae776aeda1e1bf094b10b3
8b9e55515fbd85f5995417731843a7bb7fe7ec7519b41b191a038a4080137f14
8c1307e67f3a714024a9a225b1d5b35c0490c3575818e696572b9d9f1ee73514
8cd9ce45e13f77a1a19a0c4bc808f50132162873f15aab78e1a42ee00c58345a
8d0056dcc26b8dce6be00539697962adb12475fbf9cbf7fdcbc7c81b2ae7328d
8d5da73586712159bb569fbfbd370f05a258113b2591ba238ef4e7bde1db13b7
8e38e1f71cf19109f8eb7207e2c183a79e830c14b3fa8e203efaa37a6236ccc5
8fd4ce59a9d1e64d62c68a2abea4d2859757babb19c8032c04a4ab4c9926cf3e
90aca30e747dbe0cd4ae4a29a0d588aff8693e295bb1d5c322188955608f658b
93651c9479affa33ec61b420ec8c209beae1cfa0c4ebd9cdc3414e9b613049bb
96e78989f4c22672b58ccb82e91e1f5977b79322e37127fb6d889922d0ffeb5f
9a496e8b9da307a0d817e4104c0418c6ff0c8841c6bbb8e426a424d304ac3296
9c0180fc3efb7e159a483e9f2c8ea7db1595a30cd8e3bd0f7b6f391405c3352a
9d31941a13e26914219e946341611f26e340a14b393cdb5b0701bdf8a4e9437c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1a9d0c2deff75047ecb7711c1bb12c41e05c3291c4146f00c9ed7866131af09
a650259b67fd9815669b3a36ce8881448e8d5ad989de4bcb18ecae6ca73cfabe
a741c2a6f1a7eba5939ba6a2ced1954b1d3c6123db179c5ce1a041d920eccce0
a8518e84d093a265316a80bb55493ed8a17b1d16189deaf6c4a704f02e42ac23
ac252f8c4f0e7c0deb53bbaa236eabb619267286580f7f989a7d862094279737
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae5bfbf6629277d9993e143b04fd081fdc22ac1790dbc4edf51165c3d9b52f0f
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af144d639dc5c33722d3426bda462d68577e1c63ab319abf355da1ef73859495
af840a9b49ea6a8b2311517cedc2d793533015b2469cb01409a9ef054de87203
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c8072a859feff6ca9135409b1c24586c824ddf3f5d90e1c84b677386018b48
b2ffef1321cbc13067e6c9b681e6def71a63b12d71be24d2629494c5227aa6e7
b3777c4703989ad8a90cc6784c9b7771a64a915fd7581cd6f9ba01e51b0852b7
b7610f4210d94931679ebc87ea5b31dd88886542f31b3226fe681c396c22d537
b7f582f5972ab55fb6803c7b83d8ffb6ab705a2bc7ec4c4f2974b22e88afdba6
b867bf78221c2d5b8796220835540e701eabc9d1cb011caf7423a6edc4873b99
ba546f8a87a68abc792ddd24f67f1941f15f77e2605b6cad27d798cfd256df37
bb5aa8828333bda44ac876794e4ebbd7a499500bb2a18833b03d4b1de7f58c14
bf66a5fbf1d27f77ebf2ebb0c4eafa0e9c8ba78a92cdb88790df5a8264d548ac
bfcf20abbc045296e3d2933dbae584a7ce101540383ea85f717dfa62e7693505
c2869a040f686e3ba5f89fc7af59797d035b38051baaf41b1682ee24bd9d387f
c6e70e872e6a465f6d35149851471d80eb63c073ba504bca12968467527b1c27
cd6e33a1d9401ea352422f87b6873ed6390f5838b6ac198e6ad4624b241f2189
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d3c27f13bd94909aec92496dea553496c415f33c6036cc734953fe2291286128
d3ec400dcf26c7341f46a15b0023aecda4a57d631cfae7434eb3e57c2cb35e71
d619ebece095748eb92d409eaac19e4346f5d7380db0442021e0ef148bab686d
d90b93e7a6b3c90b899c78d766efd2ee94dca853b273313b8dbc333cbc328e25
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de90f9a4370cff2dafd0d322cf18b2d8c16baef1851c46e8d8624fa2b202fb18
df8d379a7d695bed8a2c8c58fa2b7b5c06837252815cf494b12e65d67c245060
e33937c8718b4891cefe03686c4bac285d9265052427e705bce7e677659ed765
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45394e7c757b1426cf9a0dec8491f92e0fce5bad937cfbf907b05216513a47d
e63bdc370433e1e4978d6968b3593d3159c26edd76e185596e74b35637419490
e666ff26dc918603ef7638dced642b7192102210bc69b87c681a8824283cbdbd
e83759f64381b941b0b687685d4467221ac99f443723a48726e3ad69346b4782
edf4b08b41a717a075bdc5d59065035fa94234ca5da24007f29a448801f18370
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef25d7f47d849664e1cd8b16cdbe9be63da7d60351ea63d49498ba91838067f8
f3385e5443630d7c957f56249022eca11d0b937897331aa39255dde6f6e4c271
f41432d7a5c7bd41d1e4d234b7b74762102c0777ac7f0a7bb994ad2f5fa91228
f9290eade0c1f3006d45aa71c8a1051c84257a9d019ee8c79e3969feef443e72
f94786fe65dcbc65b0099b471ae2bb89bbabd7fa7d8573dd3c4e0f5bbe555447
fbf24a2958e65ae4832bce3a5b1ef72e34c1baed112cb7bb037dd2c23acb6ce0
fc3d502ace2503c2860416688a2fa238234df171764c9bdd3fef3f02cbe0e61c

www.deepinstinct.com Open in urlscan Pro 2600:1f1c:471:9d01::c8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

143 Requests

96 %HTTPS

58 %IPv6

35 Domains

45 Subdomains

43 IPs

5 Countries

11841 kBTransfer

15234 kBSize

45 Cookies

42 Outgoing links

Redirected requests

143 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.deepinstinct.com Open in urlscan Pro
2600:1f1c:471:9d01::c8 Public Scan

Screenshot
Live screenshot

Full Image

143
Requests

96 %
HTTPS

58 %
IPv6

35
Domains

45
Subdomains

43
IPs

5
Countries

11841 kB
Transfer

15234 kB
Size

45
Cookies

143 HTTP transactions
2 data transactions