urlscan.io logo urlscan.io
SecurityTrails logo

attackevals.mitre-engenuity.org Open in urlscan Pro
20.81.111.111  Public Scan

Go To Rescan Add Verdict Report
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-...
Submission: On February 21 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 2 countries across 15 domains to perform 35 HTTP transactions. The main IP is 20.81.111.111, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is attackevals.mitre-engenuity.org.
TLS certificate: Issued by Entrust Certification Authority - L1K on March 31st 2022. Valid for: a year.
This is the only time attackevals.mitre-engenuity.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
16 20.81.111.111 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2620:1ec:48:1... 8075 (MICROSOFT...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2600:9000:231... 16509 (AMAZON-02)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.43.14 8068 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
35 16
16    20.81.111.111 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
attackevals.mitre-engenuity.org
1    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6811:d2cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
2    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:4700::6811:71b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:80ab (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
1    2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6811:e8cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
3    2620:1ec:48:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
attackevalscdnendpoint.azureedge.net
2    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hubspot.com
1    2606:4700::6811:cccc (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
1    2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    2600:9000:2315:5e00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.linkedin.oribi.io
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    13.107.43.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
Apex Domain
Subdomains		 Transfer
16 mitre-engenuity.org
attackevals.mitre-engenuity.org
4 MB
3 hubspot.com
forms.hubspot.com — Cisco Umbrella Rank: 3076
track.hubspot.com — Cisco Umbrella Rank: 2191
3 KB
3 azureedge.net
attackevalscdnendpoint.azureedge.net
1 MB
2 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 359
px4.ads.linkedin.com — Cisco Umbrella Rank: 6448
1 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
20 KB
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 824
374 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 729
5 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3375
887 B
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4202
87 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2076
20 KB
1 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4665
25 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2081
63 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3096
3 KB
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2128
941 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50
43 KB
35 15
Domain Requested by
16 attackevals.mitre-engenuity.org attackevals.mitre-engenuity.org
3 attackevalscdnendpoint.azureedge.net attackevals.mitre-engenuity.org
2 forms.hubspot.com js.hscollectedforms.net
js.hsleadflows.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 track.hubspot.com
1 px4.ads.linkedin.com attackevals.mitre-engenuity.org
1 px.ads.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io snap.licdn.com
1 snap.licdn.com js.hsadspixel.net
1 api.hubapi.com js.hsadspixel.net
1 js.hsleadflows.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hsadspixel.net js.hs-scripts.com
1 js.hs-scripts.com attackevals.mitre-engenuity.org
1 www.googletagmanager.com attackevals.mitre-engenuity.org
35 17

This site contains links to these domains. Also see Links.

Domain
attackevalscdnendpoint.azureedge.net
twitter.com
Subject Issuer Validity Valid
attackevals.mitre-engenuity.org
Entrust Certification Authority - L1K		 2022-03-31 -
2023-04-29		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-02-01 -
2023-04-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-03 -
2023-06-02		 a year crt.sh
*.azureedge.net
Microsoft Azure TLS Issuing CA 05		 2023-01-23 -
2024-01-18		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2023-02-05 -
2024-02-05		 a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2022-05-07 -
2023-05-07		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
linkedin.oribi.io
Amazon		 2022-07-07 -
2023-08-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Frame ID: 586D8C20DA7A4C88A51349B514F44624
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ATT&CK® Evaluations

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div data-app[^>]+class="v-application
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

35
Requests

97 %
HTTPS

88 %
IPv6

15
Domains

17
Subdomains

16
IPs

2
Countries

5332 kB
Transfer

6117 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2689988&time=1677005159899&url=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-spider-sandworm%26adversary%3Dwizard-spider-sandworm%26view%3Dresults HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2689988&time=1677005159899&url=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-spider-sandworm%26adversary%3Dwizard-spider-sandworm%26view%3Dresults&e_ipv6=AQIiIzifn0pxyQAAAYZ1S_5bCy7xioiFiTqXa_stux-EY2uaYFSfSs_WSMxOCX-4fxh3AoQhCcOr

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request malwarebytes
attackevals.mitre-engenuity.org/ENTERPRISE/participants/ 		1 KB
897 B 		Document
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
81460a6f881c40df0ef060d482f35dea3fb5685ef1a05f68f84196e2947d1928
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Tue, 21 Feb 2023 18:45:58 GMT
Referrer-Policy
same-origin
Server
nginx/1.18.0
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
js
www.googletagmanager.com/gtag/ 		110 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-62667723-5
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0556290fb2b614407f4c5b380139e5fd1f78075be885d311d4d024f7eeae4401
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44124
x-xss-protection
0
last-modified
Tue, 21 Feb 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 21 Feb 2023 18:45:58 GMT
analytics.js
attackevals.mitre-engenuity.org/static/scripts/ 		144 B
394 B 		Script
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/scripts/analytics.js
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
350ac07c613d6d2d5f7c63878b6bc5ad0cc574fe924671ae85ff517f45a9e2be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:58 GMT
Last-Modified
Fri, 30 Dec 2022 12:42:20 GMT
Server
nginx/1.18.0
ETag
"63aedcac-90"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
144
chunk-vendors.css
attackevals.mitre-engenuity.org/static/css/ 		722 KB
722 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/css/chunk-vendors.css
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
2140a11726c1a9b03e06c6ace782d5f460168a342fb23b2fe1891014dc366b8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:58 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-b47d7"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
739287
app.css
attackevals.mitre-engenuity.org/static/css/ 		24 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/css/app.css
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
3a22a09049d05c32d7cc81a2208c54c13750141930baae2983bdd4aad2de4b66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:58 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-6022"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24610
chunk-vendors.js
attackevals.mitre-engenuity.org/static/js/ 		457 KB
458 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/js/chunk-vendors.js
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
194213804cc83e07f940ce5e692df2f1e4fa85b6ea774b3fa160859025ac83df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:58 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-72546"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
468294
app.js
attackevals.mitre-engenuity.org/static/js/ 		281 KB
281 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/js/app.js
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
62876702883970afcaee460b3270688549a3808a44a403cb0747c35f9463dedc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:58 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-463c9"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
287689
7754670.js
js.hs-scripts.com/ 		2 KB
941 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/7754670.js
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfa53a37a142b010e4a0c30410a408f28f62d0882d0b6b2c3ca91f9a856b92a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:58 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 21 Feb 2023 18:05:10 GMT
server
cloudflare
x-hubspot-correlation-id
472cf14e-640c-4637-972e-ff8c29c8fe40
x-trace
2B60A213E262D816821C6821C70C6D87A7BD7C4EB0000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
79d1a45f59fe5b44-FRA
expires
Tue, 21 Feb 2023 18:46:58 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-62667723-5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 21 Feb 2023 18:14:50 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
1868
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Tue, 21 Feb 2023 20:14:50 GMT
collect
www.google-analytics.com/j/ 		1 B
217 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1958361785&t=pageview&_s=1&dl=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-spider-sandworm%26adversary%3Dwizard-spider-sandworm%26view%3Dresults&ul=en-us&de=UTF-8&dt=ATT%26CK%C2%AE%20Evaluations&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1866370218&gjid=760561261&cid=1722020154.1677005158&tid=UA-62667723-5&_gid=1324647102.1677005158&_r=1&gtm=457e32f0&z=971718376
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 21 Feb 2023 18:45:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://attackevals.mitre-engenuity.org
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
Gilroy-Regular.otf
attackevals.mitre-engenuity.org/static/fonts/ 		53 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/fonts/Gilroy-Regular.otf
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
11f0395ac2ad058ebbd3b44a9be3f387611e9e14bdd10b7eac7d38ce5c5c7776

Request headers

Referer
https://attackevals.mitre-engenuity.org/static/css/app.css
Origin
https://attackevals.mitre-engenuity.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-d250"
Content-Type
application/octet-stream
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
53840
materialdesignicons-webfont.woff2
attackevals.mitre-engenuity.org/static/fonts/ 		373 KB
373 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/fonts/materialdesignicons-webfont.woff2
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/css/chunk-vendors.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
633d596f7288835ff04eba1105f41cf6fe5c9ffed41f2cb20a3f00fb035c0c8b

Request headers

Referer
https://attackevals.mitre-engenuity.org/static/css/chunk-vendors.css
Origin
https://attackevals.mitre-engenuity.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-5d2f8"
Content-Type
application/octet-stream
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
381688
Sentinel-Book.otf
attackevals.mitre-engenuity.org/static/fonts/ 		151 KB
151 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/fonts/Sentinel-Book.otf
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
596a72e28754e2c80f2c5ee21d37d7111d4b1a4c5fae4433c4fdae6078346747

Request headers

Referer
https://attackevals.mitre-engenuity.org/static/css/app.css
Origin
https://attackevals.mitre-engenuity.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-25cfc"
Content-Type
application/octet-stream
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
154876
Sentinel-BookItalic.otf
attackevals.mitre-engenuity.org/static/fonts/ 		200 KB
201 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/static/fonts/Sentinel-BookItalic.otf
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
c1815f5b26d54f6d7902faff818d0611676c7b1cf6f0ebc44661726ba5e75cd3

Request headers

Referer
https://attackevals.mitre-engenuity.org/static/css/app.css
Origin
https://attackevals.mitre-engenuity.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-321b0"
Content-Type
application/octet-stream
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
205232
/
attackevals.mitre-engenuity.org/api/participants/ 		655 B
991 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/api/participants/?name=malwarebytes
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/js/chunk-vendors.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e80fff8f9908dcb7b5bbdbb1691006aeb88cdffce8bc6763ad33483086454365
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Server
nginx/1.18.0
Allow
GET, HEAD, OPTIONS
X-Frame-Options
DENY
Content-Type
application/json
Cache-Control
max-age=600
Connection
keep-alive
Content-Length
655
Expires
Tue, 21 Feb 2023 18:55:59 GMT
/
attackevals.mitre-engenuity.org/api/adversaries/ 		282 KB
282 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/api/adversaries/
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/js/chunk-vendors.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
09b0cd05d9a277e6ceb08f28689a37333c81ab08bee4ac6e1caf7bee5234779a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Server
nginx/1.18.0
Allow
GET, HEAD, OPTIONS
X-Frame-Options
DENY
Content-Type
application/json
Cache-Control
max-age=600
Connection
keep-alive
Content-Length
288465
Expires
Tue, 21 Feb 2023 18:52:43 GMT
/
attackevals.mitre-engenuity.org/api/participants/ 		27 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/api/participants/
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/js/chunk-vendors.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e153426acd8db6d0a8fe4669220dbef45fa4b07bcdf424a81925849fc28f1231
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Server
nginx/1.18.0
Allow
GET, HEAD, OPTIONS
X-Frame-Options
DENY
Content-Type
application/json
Cache-Control
max-age=600
Connection
keep-alive
Content-Length
28037
Expires
Tue, 21 Feb 2023 18:52:43 GMT
fb.js
js.hsadspixel.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7754670.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:71b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
552da695674e5ff5a53e685eac5440a231023675c5098e54c1516e73ec99f35a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
x-amz-version-id
1ZaYK3sC7unZOzTPEqwB36un4rYvqT1Y
via
1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
br
x-amz-cf-pop
IAD12-P3
age
46
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.327/bundles/pixels-release.js&cfRay=79d1a3454a619bb8-IAD
x-cache
Hit from cloudfront
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-amz-replication-status
COMPLETED
last-modified
Tue, 21 Feb 2023 03:24:48 UTC
server
cloudflare
etag
W/"c5fb4d0d970e121f5c6f72a277677133"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
cache-control
max-age=600
cf-ray
79d1a464f936914d-FRA
x-amz-cf-id
3RRoTrztt770c3YsP1Ad9k7HDbHPg84H3XN8h3yzsLRmiCInLJYAzQ==
x-hs-target-asset
adsscriptloaderstatic/static-1.327/bundles/pixels-release.js
banner.js
js.hs-banner.com/v2/7754670/ 		202 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/7754670/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7754670.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
252934ef8b48aa5fe9d795c46155693aa5a85abc597fa8688431d61336c02319

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
x-amz-version-id
f2j8iOQyo3p6p4TyG_Roui7Hn6l6Xff1
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
X3SQX45X9YHNQ51B
x-amz-server-side-encryption
AES256
x-amz-id-2
C3ilVTdlcicnR4xxnjF5mWsmAFMt94GkEaSePrn0p3G0Rl8VDDKS0k+Ikeeo07qTzGt9LSd7Rek=
last-modified
Fri, 03 Feb 2023 20:51:34 GMT
server
cloudflare
etag
W/"c847254c93f80d46ecb3e40d1372ccdd"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://mitre-engenuity.org
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
79d1a464f86e90ef-FRA
expires
Tue, 21 Feb 2023 18:50:59 GMT
collectedforms.js
js.hscollectedforms.net/ 		68 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7754670.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:80ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36b42aceb12f34135ce39544c6b143dbdd5690ee9a8809c49a3a37ba014bd200

Request headers

Referer
Origin
https://attackevals.mitre-engenuity.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
x-amz-version-id
SRrb.93sqm.lmAPDUKFHizePSATAJlo.
via
1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
cf-cache-status
EXPIRED
content-encoding
br
x-amz-cf-pop
IAD12-P3
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.315/bundles/project.js&cfRay=79d1a464f8632c4d-IAD
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-amz-replication-status
COMPLETED
last-modified
Tue, 07 Feb 2023 01:17:58 UTC
server
cloudflare
etag
W/"257b82c9f242c143eb09b6862e336a56"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
cf-ray
79d1a464f8632c4d-FRA
x-amz-cf-id
qQ6ePOLKxmwsNP8LJany_zVNpds5ioCG2cODahlsJJmaYELmnEJZTg==
x-hs-target-asset
collected-forms-embed-js/static-1.315/bundles/project.js
7754670.js
js.hs-analytics.net/analytics/1677005100000/ 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1677005100000/7754670.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7754670.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7be5fd9f5d428bd55abab935fb947978eb07ec1e5c1c2bb4bb51e9a262dd187a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
EMMC5VPW7AM1J9MY
x-amz-server-side-encryption
AES256
x-amz-id-2
BIDuNMH077LCS/HCiGDX09l9/Xov/SmPFWZIdIZkuNf3DTbcuy9S9j5sUGlxgUtA7/4rgoJhcNE=
last-modified
Wed, 18 Jan 2023 20:21:17 GMT
server
cloudflare
etag
W/"fa1924791d61ead365ea956ff3cac0ce"
vary
origin, Accept-Encoding
content-type
text/javascript
cache-control
max-age=300, public
access-control-allow-credentials
false
cf-ray
79d1a4650d102c1e-FRA
expires
Tue, 21 Feb 2023 18:50:59 GMT
leadflows.js
js.hsleadflows.net/ 		545 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7754670.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5cd1db1cde09b8c1436abaafe15c9c219d3ea69ab3987ab3e38ca61e92278c4

Request headers

Referer
Origin
https://attackevals.mitre-engenuity.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
x-amz-version-id
Mvk11AG5ZDldgidyoVDtBLUv1vFHpW3a
via
1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
cf-cache-status
EXPIRED
content-encoding
br
x-amz-cf-pop
IAD12-P3
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1149/bundle/main/lead-flows-release.js&cfRay=79d1a4651d773831-IAD
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-amz-replication-status
COMPLETED
last-modified
Mon, 20 Feb 2023 11:24:51 UTC
server
cloudflare
etag
W/"58f0c319dc2622b8548c15544520940c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-hs-cache-status
MISS
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control
s-maxage=86400, max-age=0
cf-ray
79d1a4651d773831-FRA
x-amz-cf-id
Tn3DiDvZtzzpjmd4-zyLT6QPwTcBptEfyIhc8yjRQM6FqlbSDxPw0A==
x-hs-target-asset
lead-flows-js/static-1.1149/bundle/main/lead-flows-release.js
MITRE_Engenuity_ATTACK-Evaluations_logo_PMS_purple.jpeg
attackevals.mitre-engenuity.org/static/img/ 		918 KB
919 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://attackevals.mitre-engenuity.org/static/img/MITRE_Engenuity_ATTACK-Evaluations_logo_PMS_purple.jpeg
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
ab71fccef5e33eb5311670d1b03fd4cd3e06779554661c328438304fe092a56a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
Last-Modified
Fri, 30 Dec 2022 12:44:17 GMT
Server
nginx/1.18.0
ETag
"63aedd21-e59a0"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
940448
twitter.png
attackevalscdnendpoint.azureedge.net/publicsiteimages/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://attackevalscdnendpoint.azureedge.net/publicsiteimages/twitter.png
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
fa56d1290557a7b0734f0b53ee6b8b31e4e36276cfb622f1a48fed56c3188730

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Tue, 21 Feb 2023 18:45:58 GMT
last-modified
Thu, 31 Mar 2022 17:07:25 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
Vcx9mU9TgsCQAIgTAecwOw==
etag
0x8DA1338EDB74918
x-azure-ref
0ZxH1YwAAAAAto4ypxdkTQZaSarqbyfWSRlJBMjMxMDUwNDE3MDE5ADEwOWZiM2VjLTMzZmEtNDIzZi1hMDhkLTVkMDJkOGI1ODE2ZA==
x-cache
TCP_HIT
content-type
image/png
x-ms-request-id
e0ea04ec-c01e-0012-0300-45c9a7000000
cache-control
public, max-age=259200
x-ms-version
2009-09-19
content-length
11502
/
attackevals.mitre-engenuity.org/api/adversaries/ 		186 KB
187 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/api/adversaries/?domain=ENTERPRISE
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/js/chunk-vendors.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
dc70e0aef3617baa68dd353df1281d0162d1555d6d95c940942b11e8c0b937c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:45:59 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Server
nginx/1.18.0
Allow
GET, HEAD, OPTIONS
X-Frame-Options
DENY
Content-Type
application/json
Cache-Control
max-age=600
Connection
keep-alive
Content-Length
190825
Expires
Tue, 21 Feb 2023 18:54:24 GMT
json
forms.hubspot.com/collected-forms/v1/config/ 		115 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/collected-forms/v1/config/json?portalId=7754670&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f3298b9f1421a33c0e2ebacd5e705b0dcce4914a1652baa30cbb9c9f4733b02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
e03d0672-be80-42a2-a2f3-59e5a2f315cc
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://attackevals.mitre-engenuity.org
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWT3dzYjvXjpDOJDmvuCA54dOKGBHFqjlsM7EkyFnVZZqu1zsr2AxJZM9rO2ZPKOEXK1QBm4GuaBVwRgQwJZD%2FXEOXvnxPKdvihgQsQ1WfcG3Bt2PM8G8c6SgpIa8n1e74sOWDijFkRsBjPQJOo5"}],"group":"cf-nel","max_age":604800}
access-control-max-age
180
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
*
cf-ray
79d1a4668f17bbcb-FRA
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		114 B
887 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=7754670
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f98f63d798e62c5275803e2ada28f315f049d84612e8f702d58ad886ea8deffa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
509e7b99-2c24-4e97-94fb-5c48aeee4bf5
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
x-trace
2B55389B232E577C304A7C535CE9ABDF143FBD5108000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://attackevals.mitre-engenuity.org
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6yUxyIDq7qF49qHu5XXlGmamxvXpuOeToe5WPiJsUL%2FXphCmocePVV9OUfaC%2FFrpP%2FXCy9CIxOXm%2FrmJAA8C6iewgBesNaRiRrtS5l2bPxuPJ4wximEX0vHZpo8UDko8teDFHT5DTJBeyA%2FM"}],"group":"cf-nel","max_age":604800}
access-control-max-age
180
access-control-allow-credentials
false
cf-ray
79d1a4682c4d92ab-FRA
access-control-allow-headers
*
/
attackevals.mitre-engenuity.org/api/results/ 		133 KB
133 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://attackevals.mitre-engenuity.org/api/results/?participant=malwarebytes&adversary=wizard-spider-sandworm
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/static/js/chunk-vendors.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.81.111.111 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
1e582eb69a85485f3296c5c37eadc51e46a4fcac3f784e1aa79db3a9dae19dce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 18:46:00 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Server
nginx/1.18.0
Allow
GET, HEAD, OPTIONS
X-Frame-Options
DENY
Content-Type
application/json
Cache-Control
max-age=600
Connection
keep-alive
Content-Length
135953
Expires
Tue, 21 Feb 2023 18:56:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Jan 2023 17:22:56 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=74805
accept-ranges
bytes
content-length
4777
token
cdn.linkedin.oribi.io/partner/2689988/domain/attackevals.mitre-engenuity.org/ 		36 B
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/2689988/domain/attackevals.mitre-engenuity.org/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5e00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:32 GMT
content-encoding
gzip
via
1.1 0247123ccdc6a2a86167d7f4de30885a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P2
age
27
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
x-amz-cf-id
MVjwh3N_GVFUEdi6Ns53UbS1t3xAHpgVCevzCUg_a1AmwHc0LA5oNg==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2689988&time=1677005159899&url=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-spi...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2689988&time=1677005159899&url=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-sp...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2689988&time=1677005159899&url=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-spider-sandworm%26adversary%3Dwizard-spider-sandworm%26view%3Dresults&e_ipv6=AQIiIzifn0pxyQAAAYZ1S_5bCy7xioiFiTqXa_stux-EY2uaYFSfSs_WSMxOCX-4fxh3AoQhCcOr
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
H2
Server
13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:45:59 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 32845BA20AC44107912C4B9D629580EB Ref B: VIEEDGE3007 Ref C: 2023-02-21T18:46:00Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX1OjDdb69BNJydtjpj3w==

Redirect headers

date
Tue, 21 Feb 2023 18:45:59 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: E36AB552452D4F4D8B25C7F055C7305C Ref B: FRAEDGE1822 Ref C: 2023-02-21T18:45:59Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2689988&time=1677005159899&url=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-spider-sandworm%26adversary%3Dwizard-spider-sandworm%26view%3Dresults&e_ipv6=AQIiIzifn0pxyQAAAYZ1S_5bCy7xioiFiTqXa_stux-EY2uaYFSfSs_WSMxOCX-4fxh3AoQhCcOr
x-li-proto
http/2
content-length
0
x-li-uuid
AAX1OjDZd1RkAXmMKGljYQ==
WizardSpider-Sandworm_MB_1_3.png
attackevalscdnendpoint.azureedge.net/publicsiteimages/ 		617 KB
617 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://attackevalscdnendpoint.azureedge.net/publicsiteimages/WizardSpider-Sandworm_MB_1_3.png
Requested by
Host: attackevals.mitre-engenuity.org
URL: https://attackevals.mitre-engenuity.org/ENTERPRISE/participants/malwarebytes?adversaries=wizard-spider-sandworm&adversary=wizard-spider-sandworm&view=results
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
0162b75a8f4508c55b5a230947c883e400fe0278ed372cc261e2363bab21803a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Tue, 21 Feb 2023 18:45:59 GMT
last-modified
Mon, 23 May 2022 22:02:54 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DA3D07FCF9BE13
x-azure-ref
0aBH1YwAAAAA7PAUiAZ/HSrsT80ShoGEYRlJBMjMxMDUwNDE3MDE5ADEwOWZiM2VjLTMzZmEtNDIzZi1hMDhkLTVkMDJkOGI1ODE2ZA==
x-cache
TCP_HIT
content-type
image/png
x-ms-request-id
c4968edf-501e-003f-7e24-457ad4000000
cache-control
public, max-age=259200
x-ms-version
2009-09-19
content-length
631599
__ptq.gif
track.hubspot.com/ 		45 B
896 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1878800189&v=1.1&a=7754670&pu=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-spider-sandworm%26adversary%3Dwizard-spider-sandworm%26view%3Dresults&t=ATT%26CK%C2%AE+Evaluations&cts=1677005160604&vi=f68e031c236f967c6b7978f63822576c&nc=true&u=145223019.f68e031c236f967c6b7978f63822576c.1677005160600.1677005160600.1677005160600.1&b=145223019.1.1677005160600&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:46:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
92101061-c978-48f2-b45e-f88fa3ba1f37
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CU5RhGn3%2FljFXKIeJGC4D972AnNpVVCYneJdhRrNaBXP9UhB3tPEK8oCJUkDzmzsScJYddUX7h7t5acPhNj4tciYDBnJcBuAmqizly4g2%2B4p%2Bs1GnL0qybTaoRFjisMIkIAk3ie4iXQ84%2BxvqRw%2F"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
79d1a46e2e14bb7f-FRA
x-robots-tag
none
json
forms.hubspot.com/lead-flows-config/v1/config/ 		220 B
814 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=7754670&utk=f68e031c236f967c6b7978f63822576c&__hstc=145223019.f68e031c236f967c6b7978f63822576c.1677005160600.1677005160600.1677005160600.1&__hssc=145223019.1.1677005160600&currentUrl=https%3A%2F%2Fattackevals.mitre-engenuity.org%2FENTERPRISE%2Fparticipants%2Fmalwarebytes%3Fadversaries%3Dwizard-spider-sandworm%26adversary%3Dwizard-spider-sandworm%26view%3Dresults
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79ae1d9aaa79e2aa73a60861238d630128113f67cbf4b863fb2e4b907092f288
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 18:46:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
a597ff3d-ba6c-41a2-85b9-50353c42f994
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://attackevals.mitre-engenuity.org
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owh92woxZ90TOFQl7p5ugCuUVPAiGNeVSn%2FagYaUXARDGqmm4f3XahFx%2BSSBUZr%2FNGjforZA59WNdlJNrCjlfv9GHhYAHLhvJKmUWJfJNCkO0TkfgW0GXWgkzbAo4PhkIfOLm0Ug8gx4n%2Bdjx3M7"}],"group":"cf-nel","max_age":604800}
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
79d1a46dfc38bbcb-FRA
WizardSpider-Sandworm_MB_1_3.png
attackevalscdnendpoint.azureedge.net/publicsiteimages/ 		617 KB
617 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://attackevalscdnendpoint.azureedge.net/publicsiteimages/WizardSpider-Sandworm_MB_1_3.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
0162b75a8f4508c55b5a230947c883e400fe0278ed372cc261e2363bab21803a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://attackevals.mitre-engenuity.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Tue, 21 Feb 2023 18:45:59 GMT
last-modified
Mon, 23 May 2022 22:02:54 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DA3D07FCF9BE13
x-azure-ref
0aBH1YwAAAADhqGEcFsWUQo8iaDBsck8HRlJBMjMxMDUwNDE3MDE5ADEwOWZiM2VjLTMzZmEtNDIzZi1hMDhkLTVkMDJkOGI1ODE2ZA==
x-cache
TCP_HIT
content-type
image/png
x-ms-request-id
c4968edf-501e-003f-7e24-457ad4000000
cache-control
public, max-age=259200
x-ms-version
2009-09-19
content-length
631599

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| oncontentvisibilityautostatechange function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| webpackChunkvue2_app object| _hsp boolean| PIXELS_RAN object| enabledEventSettings object| _hsq object| __hsCollectedFormsDebug object| _paq function| sanitizeKey boolean| _hstc_loaded object| globalRoot undefined| hns function| bindToWindowOnError function| defineProperties object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN boolean| _hspb_loaded boolean| _hspb_ran object| _linkedin_data_partner_ids function| lintrk boolean| _already_called_lintrk boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| LEAD_FLOW_DOCUMENT_READY_RAN

12 Cookies

Domain/Path Name / Value
.mitre-engenuity.org/ Name: _ga
Value: GA1.2.1722020154.1677005158
.mitre-engenuity.org/ Name: _gid
Value: GA1.2.1324647102.1677005158
.mitre-engenuity.org/ Name: _gat_gtag_UA_62667723_5
Value: 1
attackevals.mitre-engenuity.org/ Name: ln_or
Value: eyIyNjg5OTg4IjoiZCJ9
.linkedin.com/ Name: bcookie
Value: "v=2&e58ca48b-2b25-4303-8aa1-17161ea59ef7"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NzcwMDUxNjA7MjswMjGHHc3YZpZuLXmglwVMEy9/Mbu70NRQU4qs6eDZzWJJTA==
.linkedin.com/ Name: lidc
Value: "b=OGST03:s=O:r=O:a=O:p=O:g=2845:u=1:x=1:i=1677005160:t=1677091560:v=2:sig=AQF-4OeaXTLJUPEG_tgaDAmOleytzcAA"
.mitre-engenuity.org/ Name: __hstc
Value: 145223019.f68e031c236f967c6b7978f63822576c.1677005160600.1677005160600.1677005160600.1
.mitre-engenuity.org/ Name: hubspotutk
Value: f68e031c236f967c6b7978f63822576c
.mitre-engenuity.org/ Name: __hssrc
Value: 1
.mitre-engenuity.org/ Name: __hssc
Value: 145223019.1.1677005160600
.hubspot.com/ Name: __cf_bm
Value: tg5dG2XOkx6j3rLsXKTuvZIcUvfu2k4Yom1MSMoRZ1E-1677005160-0-AUUH+4XEowr2s3aZvx9z7VCIssOtJHmuipKquk3gkjxzbU4hAydwE5yrgQwKxc0gesrJwcC10FZzSPkUs7Iyycw=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
attackevals.mitre-engenuity.org
attackevalscdnendpoint.azureedge.net
cdn.linkedin.oribi.io
forms.hubspot.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
track.hubspot.com
www.google-analytics.com
www.googletagmanager.com
13.107.43.14
20.81.111.111
2600:9000:2315:5e00:2:53b2:240:93a1
2606:4700:4400::6812:21ab
2606:4700::6811:44b0
2606:4700::6811:71b0
2606:4700::6811:80ab
2606:4700::6811:cccc
2606:4700::6811:d2cc
2606:4700::6811:e8cc
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:48:1::45
2a00:1450:4001:829::2008
2a00:1450:4001:82f::200e
2a02:26f0:3500:16::215:149b
0162b75a8f4508c55b5a230947c883e400fe0278ed372cc261e2363bab21803a
0556290fb2b614407f4c5b380139e5fd1f78075be885d311d4d024f7eeae4401
09b0cd05d9a277e6ceb08f28689a37333c81ab08bee4ac6e1caf7bee5234779a
11f0395ac2ad058ebbd3b44a9be3f387611e9e14bdd10b7eac7d38ce5c5c7776
194213804cc83e07f940ce5e692df2f1e4fa85b6ea774b3fa160859025ac83df
1e582eb69a85485f3296c5c37eadc51e46a4fcac3f784e1aa79db3a9dae19dce
2140a11726c1a9b03e06c6ace782d5f460168a342fb23b2fe1891014dc366b8d
252934ef8b48aa5fe9d795c46155693aa5a85abc597fa8688431d61336c02319
350ac07c613d6d2d5f7c63878b6bc5ad0cc574fe924671ae85ff517f45a9e2be
36b42aceb12f34135ce39544c6b143dbdd5690ee9a8809c49a3a37ba014bd200
3a22a09049d05c32d7cc81a2208c54c13750141930baae2983bdd4aad2de4b66
552da695674e5ff5a53e685eac5440a231023675c5098e54c1516e73ec99f35a
596a72e28754e2c80f2c5ee21d37d7111d4b1a4c5fae4433c4fdae6078346747
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
62876702883970afcaee460b3270688549a3808a44a403cb0747c35f9463dedc
633d596f7288835ff04eba1105f41cf6fe5c9ffed41f2cb20a3f00fb035c0c8b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
79ae1d9aaa79e2aa73a60861238d630128113f67cbf4b863fb2e4b907092f288
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7be5fd9f5d428bd55abab935fb947978eb07ec1e5c1c2bb4bb51e9a262dd187a
7f3298b9f1421a33c0e2ebacd5e705b0dcce4914a1652baa30cbb9c9f4733b02
81460a6f881c40df0ef060d482f35dea3fb5685ef1a05f68f84196e2947d1928
ab71fccef5e33eb5311670d1b03fd4cd3e06779554661c328438304fe092a56a
c1815f5b26d54f6d7902faff818d0611676c7b1cf6f0ebc44661726ba5e75cd3
d5cd1db1cde09b8c1436abaafe15c9c219d3ea69ab3987ab3e38ca61e92278c4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc70e0aef3617baa68dd353df1281d0162d1555d6d95c940942b11e8c0b937c3
dfa53a37a142b010e4a0c30410a408f28f62d0882d0b6b2c3ca91f9a856b92a5
e153426acd8db6d0a8fe4669220dbef45fa4b07bcdf424a81925849fc28f1231
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e80fff8f9908dcb7b5bbdbb1691006aeb88cdffce8bc6763ad33483086454365
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f98f63d798e62c5275803e2ada28f315f049d84612e8f702d58ad886ea8deffa
fa56d1290557a7b0734f0b53ee6b8b31e4e36276cfb622f1a48fed56c3188730