cymmetria.com Open in urlscan Pro
207.38.86.15  Public Scan

15 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

• https://www.google-analytics.com/r/collect?v=1&_v=j66&a=862013023&t=pageview&_s=1&dl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&ul=en-us&de=UTF-8&dt=Unveiling%20Patchwork%20-%20a%20targeted%20attack%20caught%20with%20cyber%20deception%20-%20Cymmetria%20%7C%20Cyber%20deception&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1675173530&gjid=1658185381&cid=2141096246.1517622708&tid=UA-58078312-1&_gid=342508681.1517622708&_r=1&gtm=u1u&z=1215692088 HTTP 302
• https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58078312-1&cid=2141096246.1517622708&jid=1675173530&_gid=342508681.1517622708&gjid=1658185381&_v=j66&z=1215692088 HTTP 302
• https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58078312-1&cid=2141096246.1517622708&jid=1675173530&_v=j66&z=1215692088 HTTP 302
• https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58078312-1&cid=2141096246.1517622708&jid=1675173530&_v=j66&z=1215692088&slf_rd=1&random=2630295376

Request Chain 58

• https://dc.ads.linkedin.com/collect/?time=1517622708404&pid=107426&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&ref=&fmt=js&s=1 HTTP 302
• https://www.bizographics.com/collect/?pid=107426&ref=&s=1&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&fmt=js&time=1517622708404 HTTP 302
• https://eu-west-1.dc.ads.linkedin.com/collect/?pid=107426&ref=&s=1&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&fmt=js&time=1517622708404&ck= HTTP 302
• https://secure.adnxs.com/getuid?https%3A%2F%2Fwww.linkedin.com%2Fcsp%2Fdtag%3Fp%3D9%26_x%3D%252526opid%25253D107426%252526fmt%25253Djs%252526ref%25253D%252526ck%25253D%252526url%25253Dhttps%2525253A%2525252F%2525252Fcymmetria.com%2525252Fresearch%2525252Fpatchwork-targeted-attack%2525252F%252526s%25253D1%252526pageUrl%25253Dhttps%2525253A%2525252F%2525252Fcymmetria.com%2525252Fresearch%2525252Fpatchwork-targeted-attack%2525252F%252526time%25253D1517622708404%2525263pc%25253Dtrue%252526an_user_id%25253D%24UID HTTP 302
• https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fwww.linkedin.com%252Fcsp%252Fdtag%253Fp%253D9%2526_x%253D%25252526opid%2525253D107426%25252526fmt%2525253Djs%25252526ref%2525253D%25252526ck%2525253D%25252526url%2525253Dhttps%252525253A%252525252F%252525252Fcymmetria.com%252525252Fresearch%252525252Fpatchwork-targeted-attack%252525252F%25252526s%2525253D1%25252526pageUrl%2525253Dhttps%252525253A%252525252F%252525252Fcymmetria.com%252525252Fresearch%252525252Fpatchwork-targeted-attack%252525252F%25252526time%2525253D1517622708404%252525263pc%2525253Dtrue%25252526an_user_id%2525253D%2524UID HTTP 302
• https://www.linkedin.com/csp/dtag?p=9&_x=%2526opid%253D107426%2526fmt%253Djs%2526ref%253D%2526ck%253D%2526url%253Dhttps%25253A%25252F%25252Fcymmetria.com%25252Fresearch%25252Fpatchwork-targeted-attack%25252F%2526s%253D1%2526pageUrl%253Dhttps%25253A%25252F%25252Fcymmetria.com%25252Fresearch%25252Fpatchwork-targeted-attack%25252F%2526time%253D1517622708404%25263pc%253Dtrue%2526an_user_id%253D537527375457018436 HTTP 302
• https://dc.ads.linkedin.com/collect/?pid=6883&opid=107426&fmt=js&ref=&ck=&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&s=1&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&time=1517622708404&3pc=true&an_user_id=537527375457018436

Request Chain 59

• https://px.ads.linkedin.com/collect/?time=1517622708404&pid=107426&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&ref=&fmt=js&s=1 HTTP 302
• https://px.ads.linkedin.com/collect/?time=1517622708404&pid=107426&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&ref=&fmt=js&s=1&cookiesTest=true

Request Chain 63

• https://secure.adnxs.com/seg?t=2&add=&redir=https%3A%2F%2Fsecure.adnxs.com%2Fseg%3Fadd%3D%26add_code%3Dcymmetria_com%26member%3D232%26redir%3Dhttps%253A%252F%252Fimp2.ads.linkedin.com%252Fl HTTP 302
• https://secure.adnxs.com/seg?add=&add_code=cymmetria_com&member=232&redir=https%3A%2F%2Fimp2.ads.linkedin.com%2Fl HTTP 302
• https://imp2.ads.linkedin.com/l

Request Chain 64

• https://cm.g.doubleclick.net/pixel?google_nid=bizo_bk_cm&google_cm HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=bizo_bk_cm&google_cm=&google_tc= HTTP 302
• https://imp2.ads.linkedin.com/m/1640?google_gid=CAESEHaQd6IWtfDTMQZscfKc-6c&google_cver=1

65 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response cymmetria.com/research/patchwork-targeted-attack/	36 KB 13 KB	744ms 517ms	Document text/html	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash 93063fe55ef34349d95fd6b584014f350ed182d055df70511e0b1649696ad762 Request headers Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Connection keep-alive Accept-Encoding gzip, deflate Host cymmetria.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers X-Pingback https://cymmetria.com/xmlrpc.php Date Sat, 03 Feb 2018 01:51:46 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Connection keep-alive Transfer-Encoding chunked Set-Cookie wfvt_187659043=5a7515b21a478; expires=Sat, 03-Feb-2018 02:21:46 GMT; Max-Age=1800; path=/; secure; HttpOnly Link <https://cymmetria.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/p9swo1-30>; rel=shortlink
GET H2	200	sitpbldr-front.css webcdn.cymmetria.com/wp-content/plugins/siteit-sobuilder-widgets/lib/front/	25 KB 4 KB	329ms 8ms	Stylesheet text/css	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/plugins/siteit-sobuilder-widgets/lib/front/sitpbldr-front.css Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash 4ff788658f6eeabca39fdde8cf6e49ea016881c590af9604c9de5f0aae75d130 Request headers :path /wp-content/plugins/siteit-sobuilder-widgets/lib/front/sitpbldr-front.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Fri, 15 Dec 2017 09:10:37 GMT content-encoding gzip last-modified Tue, 05 Dec 2017 06:39:54 GMT server nginx age 53710 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type text/css status 200 x-amz-cf-id HenVBpMpffWxgpExs7EyEyBTq2OJAiQcA2Lm_s6dwAGHrRH1LT-NXg== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H2	200	jquery.background-video.css webcdn.cymmetria.com/wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/	2 KB 878 B	330ms 8ms	Stylesheet text/css	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/jquery.background-video.css Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash 1527d0c0c02f6cfeb90bad947538b8908388d4ac685300e685873eb429f64b5d Request headers :path /wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/jquery.background-video.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Fri, 08 Dec 2017 23:39:27 GMT content-encoding gzip last-modified Thu, 09 Nov 2017 09:49:51 GMT server nginx age 53710 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type text/css status 200 x-amz-cf-id BDbU_oSrx1RHmcW4zJ_QF-b8-if-QOAf6DjoVGD91PkkMURpmz1Y4A== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H2	200	so_video_background.css webcdn.cymmetria.com/wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/	734 B 1 KB	329ms 8ms	Stylesheet text/css	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/so_video_background.css Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash 59af76076e4f647306a0dff8667babc93bfb4f16a4ab8901562fba934f980af6 Request headers :path /wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/so_video_background.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Fri, 10 Nov 2017 09:42:13 GMT via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront) last-modified Thu, 09 Nov 2017 10:01:38 GMT server nginx age 53710 etag "2de-55d89e3e13d54" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css status 200 accept-ranges bytes content-length 734 x-amz-cf-id RmHM3f16Gb7kc_1qlgVQKy9W7lcliWATwarsnPRHvRjRs11HWr2pPQ==
GET S	200	bootstrap.min.css maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/	118 KB 23 KB	27ms 12ms	Stylesheet text/css	94.31.29.16
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 94.31.29.16 , United Kingdom, ASN (), Reverse DNS 94.31.29.16.IPYX-077437-ZYO.above.net Software NetDNA-cache/2.2 / Resource Hash eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:46 GMT content-encoding gzip last-modified Tue, 24 Nov 2015 19:49:46 GMT server NetDNA-cache/2.2 status 200 etag W/"2f624089c65f12185e79925bc5a7fc42" vary Accept-Encoding x-cache HIT content-type text/css access-control-allow-origin * cache-control max-age=31104000 x-hello-human Say hello back! @getBootstrapCDN on Twitter expires Tue, 29 Jan 2019 01:51:46 GMT
GET S	200	font-awesome.min.css maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/	30 KB 8 KB	28ms 13ms	Stylesheet text/css	94.31.29.16
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 94.31.29.16 , United Kingdom, ASN (), Reverse DNS 94.31.29.16.IPYX-077437-ZYO.above.net Software NetDNA-cache/2.2 / Resource Hash 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:46 GMT content-encoding gzip last-modified Tue, 25 Oct 2016 15:49:46 GMT server NetDNA-cache/2.2 status 200 etag W/"269550530cc127b6aa5a35925a7de6ce" vary Accept-Encoding x-cache HIT content-type text/css access-control-allow-origin * cache-control max-age=31104000 x-hello-human Say hello back! @getBootstrapCDN on Twitter expires Tue, 29 Jan 2019 01:51:46 GMT
GET S	200	css fonts.googleapis.com/	7 KB 1 KB	38ms 15ms	Stylesheet text/css	172.217.22.42
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C700 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 172.217.22.42 Mountain View, United States, ASN (), Reverse DNS fra15s16-in-f10.1e100.net Software ESF / Resource Hash a652b3886f47920ec802db648911485463d633c91b9e9a8722f07b174ee0cb92 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:46 GMT content-encoding gzip last-modified Sat, 03 Feb 2018 01:51:46 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" x-xss-protection 1; mode=block expires Sat, 03 Feb 2018 01:51:46 GMT
GET S	200	css fonts.googleapis.com/	2 KB 614 B	74ms 51ms	Stylesheet text/css	172.217.22.42
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Exo%3A400%2C700 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 172.217.22.42 Mountain View, United States, ASN (), Reverse DNS fra15s16-in-f10.1e100.net Software ESF / Resource Hash 6c86afea66ea3ce807e4ad154085dcbd83b8ad10cb11e542ea128ff52fdd3aaa Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:46 GMT content-encoding gzip last-modified Sat, 03 Feb 2018 01:51:46 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" x-xss-protection 1; mode=block expires Sat, 03 Feb 2018 01:51:46 GMT
GET H2	200	front-flex.css webcdn.cymmetria.com/wp-content/themes/cymmetria/functions/pbuilder/css/	1 KB 705 B	329ms 9ms	Stylesheet text/css	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/themes/cymmetria/functions/pbuilder/css/front-flex.css Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash 21dee616f7e70c427eb2a745a30e943d09717873f4fe801016ce53ef15ed4841 Request headers :path /wp-content/themes/cymmetria/functions/pbuilder/css/front-flex.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Thu, 16 Nov 2017 11:32:24 GMT content-encoding gzip last-modified Thu, 09 Nov 2017 10:02:15 GMT server nginx age 53710 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type text/css status 200 x-amz-cf-id HAn2afwJsi7QyWGDm5kbotGZDL5jZO6UtBogR6Cmn3kngJbdiDATfg== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H2	200	main.css webcdn.cymmetria.com/wp-content/themes/cymmetria/css/	70 KB 12 KB	917ms 597ms	Stylesheet text/css	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/themes/cymmetria/css/main.css?v=1517622706 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash 5bc3a3455b353e28f785a2366926ad4afeb57886018449f16f379cf7081db393 Request headers :path /wp-content/themes/cymmetria/css/main.css?v=1517622706 pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip last-modified Mon, 20 Nov 2017 14:27:48 GMT server nginx vary Accept-Encoding,Accept-Encoding x-cache Miss from cloudfront content-type text/css status 200 x-amz-cf-id q5VJlWCeu7A2YhKcda-ACjbdnDLW1vaXjHlgUaDfiSjnavBMpzxmGg== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H/1.1	200 OK	social-logos.min.css cymmetria.com/wp-content/plugins/jetpack/_inc/social-logos/	26 KB 19 KB	116ms 114ms	Stylesheet text/css	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash 168a34a1cda3e8935b8a5cde891cfd8255404249bc43adf0f9a3634a57b19034 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,*/*;q=0.1 Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:46 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"6867-562e90d5b20b9" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jetpack.css cymmetria.com/wp-content/plugins/jetpack/css/	65 KB 15 KB	229ms 112ms	Stylesheet text/css	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/css/jetpack.css Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash a73e7b7f770019d0290c2c8d6f2aad32e4d2f6f1572a72e9cdf6f9c4f2c78896 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,*/*;q=0.1 Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:46 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"102a5-562e90d5b5381" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H2	200	jquery.js Show response webcdn.cymmetria.com/wp-includes/js/jquery/	95 KB 33 KB	334ms 14ms	Script application/javascript	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-includes/js/jquery/jquery.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e Request headers :path /wp-includes/js/jquery/jquery.js pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Wed, 08 Nov 2017 13:36:59 GMT content-encoding gzip last-modified Mon, 16 Oct 2017 10:23:05 GMT server nginx age 8515 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-id zozMiFlZfpNgPJuFeWdaoq9sD-pLfqhpyOXd-23W14xipS_KkRIFQg== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H/1.1	200 OK	related-posts.min.js Show response cymmetria.com/wp-content/plugins/jetpack/_inc/build/related-posts/	5 KB 2 KB	333ms 112ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash dbaff56b0c1e18b645e106606b7391dbe2d7fa3d569bd5368898ba22ae81a66e Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:46 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"1268-562e90d5a9be9" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery-migrate.min.js Show response cymmetria.com/wp-includes/js/jquery/	10 KB 5 KB	334ms 113ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-includes/js/jquery/jquery-migrate.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:46 GMT Content-Encoding gzip Last-Modified Mon, 16 Oct 2017 10:23:05 GMT Server nginx ETag W/"2748-55ba76464c585" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H2	200	global-ajax.min.js Show response webcdn.cymmetria.com/wp-content/themes/cymmetria/ajax/	563 B 884 B	335ms 16ms	Script application/javascript	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/themes/cymmetria/ajax/global-ajax.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash d19fdc282e9b97763e8f3f495de7d88fba6ec956ccd689295b7d3b2e2243dd44 Request headers :path /wp-content/themes/cymmetria/ajax/global-ajax.min.js pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Mon, 18 Dec 2017 07:07:25 GMT via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront) last-modified Thu, 09 Nov 2017 09:27:40 GMT server nginx age 8515 etag "233-55d896a6cfe3d" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 accept-ranges bytes content-length 563 x-amz-cf-id clXj3CunjjsSgqZhvEQmwewBgmZrkLh9fyZ8CJuQ5nLbNf0JtJgbgQ==
GET S	200	js Show response www.googletagmanager.com/gtag/	61 KB 22 KB	83ms 59ms	Script application/javascript	172.217.21.200
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-58078312-1 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 172.217.21.200 Mountain View, United States, ASN (), Reverse DNS fra16s12-in-f8.1e100.net Software Google Tag Manager (scaffolding) / Resource Hash 7b5ef4f8c9024ab1b625826808dc566ac266b1801496b272608f43e770bf34b9 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip server Google Tag Manager (scaffolding) access-control-allow-headers Cache-Control status 200 vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin http://www.googletagmanager.com cache-control private, max-age=900 access-control-allow-credentials true alt-svc hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" content-length 21654 x-xss-protection 1; mode=block expires Sat, 03 Feb 2018 01:51:47 GMT
GET H2	200	logo.svg webcdn.cymmetria.com/wp-content/uploads/2017/09/	3 KB 2 KB	9ms 8ms	Image image/svg+xml	54.230.44.253
General Check archive.org Show headers Download Go to Show image Full URL https://webcdn.cymmetria.com/wp-content/uploads/2017/09/logo.svg Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash 0e85337cab8dfb8a4a53e9a777303a553f93d3052fd785f03580fb2318a9ae60 Request headers :path /wp-content/uploads/2017/09/logo.svg pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Fri, 08 Dec 2017 17:36:31 GMT content-encoding gzip last-modified Mon, 16 Oct 2017 10:23:04 GMT server nginx age 26643 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-id ICRENWqaiWI8WuPDcpK77iVargKOZpTNQzCOsYSb81yqbm9w_WDq6Q== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H2	200	default-post-header.jpg webcdn.cymmetria.com/wp-content/uploads/2017/09/	62 KB 62 KB	9ms 9ms	Image image/jpeg	54.230.44.253
General Check archive.org Show headers Download Go to Show image Full URL https://webcdn.cymmetria.com/wp-content/uploads/2017/09/default-post-header.jpg Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash 7c48b940731303823ed3938cecb04a9002f153c7f3af4af8b92b7b89f2ed583c Request headers :path /wp-content/uploads/2017/09/default-post-header.jpg pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Wed, 08 Nov 2017 18:19:28 GMT via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront) last-modified Mon, 16 Oct 2017 10:23:04 GMT server nginx age 26643 etag "f74b-55ba764521c31" x-cache Hit from cloudfront content-type image/jpeg status 200 accept-ranges bytes content-length 63307 x-amz-cf-id HQwmiv9zYNlTj1QCD9PGTTIKKurVn7oF0ZEWnwclnZ7Uoij1V6daEQ==
GET H/1.1	200 OK	photon.min.js Show response cymmetria.com/wp-content/plugins/jetpack/_inc/build/photon/	580 B 670 B	113ms 112ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash f5fa487416676288b5e92b1530f85fbc61d2875f4a74926affa77be11223cfe9 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:46 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"244-562e90d5a9801" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	scripts.js Show response cymmetria.com/wp-content/plugins/contact-form-7/includes/js/	14 KB 5 KB	112ms 112ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/contact-form-7/includes/js/scripts.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash 14b636e164af93d410a674e6479e7fa7f4a55fd7d11b1c608005bff6d413d02c Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:46 GMT Content-Encoding gzip Last-Modified Wed, 31 Jan 2018 04:39:16 GMT Server nginx ETag W/"38d7-5640b0fcd3dbf" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET S	200	devicepx-jetpack.js Show response s0.wp.com/wp-content/js/	10 KB 3 KB	26ms 6ms	Script application/x-javascript	192.0.77.32
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/devicepx-jetpack.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 192.0.77.32 San Francisco, United States, ASN (), Reverse DNS wordpress.com Software nginx / Resource Hash f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers x-nc HIT fra 32 date Sat, 03 Feb 2018 01:51:46 GMT content-encoding gzip server nginx etag W/"5841a56f-52b6" vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=31536000 x-ac 4.fra _dfw expires Fri, 22 Jun 2018 02:18:14 GMT
GET H2	200	scripts.min.js Show response webcdn.cymmetria.com/wp-content/plugins/siteit-sobuilder-widgets/lib/front/	14 KB 5 KB	10ms 10ms	Script application/javascript	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/plugins/siteit-sobuilder-widgets/lib/front/scripts.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash f3f46dadbe915b5dfd33651314c39c9066c141ccd07a0d42d9af457c5c86381f Request headers :path /wp-content/plugins/siteit-sobuilder-widgets/lib/front/scripts.min.js pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Tue, 05 Dec 2017 15:29:42 GMT content-encoding gzip last-modified Tue, 05 Dec 2017 06:39:55 GMT server nginx age 8515 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-id LJOGu03S3CojwTPHXlaN2E-UO9TwF1O2YT3HF3eCDk_odAk7aFjMIQ== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H2	200	jquery.background-video.min.js Show response webcdn.cymmetria.com/wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/	3 KB 1 KB	8ms 7ms	Script application/javascript	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/jquery.background-video.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash cef665592c96f11687b20473a877a5867c4b52be5ae6c0e3b53f1b2c09d96ad8 Request headers :path /wp-content/plugins/video-backgrounds-for-siteorigin-page-builder/assets/jquery.background-video.min.js pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Thu, 09 Nov 2017 09:38:18 GMT content-encoding gzip last-modified Thu, 09 Nov 2017 09:37:40 GMT server nginx age 51569 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-id 4ixZNIPxpkwIDa27qRnjDf9H2fJrUOI4DQukZbLYSZFvqtamwjb45A== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET S	200	gprofiles.js Show response secure.gravatar.com/js/	20 KB 7 KB	22ms 5ms	Script application/x-javascript	192.0.73.2
General Check archive.org Show headers Download Go to Full URL https://secure.gravatar.com/js/gprofiles.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 192.0.73.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 920c9189a522af2214445b9b592232c64c6bcb262bd4bcf1e1abad27c5cbe606 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:46 GMT content-encoding gzip last-modified Thu, 17 Sep 2015 14:13:14 GMT server nginx etag W/"55faca7a-50aa" content-type application/x-javascript status 200 cache-control max-age=604800 expires Sat, 10 Feb 2018 01:51:46 GMT
GET H/1.1	200 OK	wpgroho.js Show response cymmetria.com/wp-content/plugins/jetpack/modules/	1015 B 813 B	112ms 112ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/modules/wpgroho.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash 8f2270058422f39ff89104cec8f21350c09c033a28ad8ef72d82f76f56960440 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:46 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"3f7-562e90d6006a0" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET S	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/	36 KB 11 KB	6ms 6ms	Script application/javascript	94.31.29.16
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 94.31.29.16 , United Kingdom, ASN (), Reverse DNS 94.31.29.16.IPYX-077437-ZYO.above.net Software NetDNA-cache/2.2 / Resource Hash 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:46 GMT content-encoding gzip last-modified Tue, 01 Dec 2015 17:30:57 GMT server NetDNA-cache/2.2 status 200 etag W/"c5b5b2fa19bd66ff23211d9f844e0131" vary Accept-Encoding x-cache HIT content-type application/javascript access-control-allow-origin * cache-control max-age=31104000 x-hello-human Say hello back! @getBootstrapCDN on Twitter expires Tue, 29 Jan 2019 01:51:46 GMT
GET H2	200	main.min.js Show response webcdn.cymmetria.com/wp-content/themes/cymmetria/js/	9 KB 4 KB	8ms 7ms	Script application/javascript	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-content/themes/cymmetria/js/main.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash d582195befd7ec685dfd91dcbb63f0ded58dd0516c002a2456022aba9d553389 Request headers :path /wp-content/themes/cymmetria/js/main.min.js pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Fri, 26 Jan 2018 04:35:00 GMT content-encoding gzip last-modified Thu, 09 Nov 2017 10:23:48 GMT server nginx age 72989 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-id zPGP2WwBvzEZclOtvY5vbVlp1Y99oQoPgV1WKsvyRJRWeiEmfF0MSQ== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H2	200	wp-embed.min.js Show response webcdn.cymmetria.com/wp-includes/js/	1 KB 1 KB	12ms 12ms	Script application/javascript	54.230.44.253
General Check archive.org Show headers Download Go to Full URL https://webcdn.cymmetria.com/wp-includes/js/wp-embed.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.44.253 Seattle, United States, ASN (), Reverse DNS server-54-230-44-253.fra6.r.cloudfront.net Software nginx / Resource Hash dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0 Request headers :path /wp-includes/js/wp-embed.min.js pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority webcdn.cymmetria.com referer https://cymmetria.com/research/patchwork-targeted-attack/ :scheme https :method GET Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Mon, 18 Dec 2017 07:07:25 GMT content-encoding gzip last-modified Mon, 16 Oct 2017 10:23:05 GMT server nginx age 8515 vary Accept-Encoding,Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-id 3SFfkXfYh9pv8QYS8YN9QNCoU8vXJvx4eG6svXwf_2nKHapaOM_kXw== via 1.1 940b367f846b05ee5d0f25268ff80731.cloudfront.net (CloudFront)
GET H/1.1	200 OK	postmessage.min.js Show response cymmetria.com/wp-content/plugins/jetpack/_inc/build/	9 KB 4 KB	112ms 112ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/_inc/build/postmessage.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash 925cc2218fc10261609d1936bb2fd64d03e405a9b8c22dfa669e361a6df16f97 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:47 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"23e8-562e90d5ad681" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.jetpack-resize.min.js Show response cymmetria.com/wp-content/plugins/jetpack/_inc/build/	3 KB 1 KB	112ms 112ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/_inc/build/jquery.jetpack-resize.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash 3bea40edd210cffec4bf9eb3f11a78305f036955fcd6b18500e249666aacb502 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:47 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"af9-562e90d5ad681" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	queuehandler.min.js Show response cymmetria.com/wp-content/plugins/jetpack/_inc/build/likes/	6 KB 3 KB	112ms 112ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/_inc/build/likes/queuehandler.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash 7addefa2258641d17d56b14ab5e115089ba0ad1bf2f0c302cf65b8fd394a81f0 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:47 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"17ed-562e90d5a9031" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	sharing.min.js Show response cymmetria.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/	8 KB 3 KB	112ms 112ms	Script application/javascript	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash e3e8782a1994a73cc340875f47d968b86db665ae2394622437f96edb9f02a83d Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://cymmetria.com/research/patchwork-targeted-attack/ Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:47 GMT Content-Encoding gzip Last-Modified Tue, 16 Jan 2018 18:39:34 GMT Server nginx ETag W/"209e-562e90d5a9be9" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET S	200	e-201805.js Show response stats.wp.com/	8 KB 3 KB	24ms 7ms	Script application/x-javascript	192.0.76.3
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/e-201805.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 192.0.76.3 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash aea0c8ddd84132838fcee935f9d827ec5f7ba116e443b25db7a5bcc944cbe914 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip server nginx etag W/"5a0c8e17-3298" vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=31536000 expires Sun, 27 Jan 2019 16:31:37 GMT
GET S	200	2255223.js Show response js.hs-scripts.com/	441 B 755 B	441ms 411ms	Script application/javascript	104.17.212.204
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/2255223.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 104.17.212.204 San Francisco, United States, ASN (), Reverse DNS Software cloudflare / Resource Hash c3417469831e401673c79f23e543690002d67909e1c8fa32793b321b08080ba3 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip cf-cache-status EXPIRED server cloudflare status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding, User-Agent content-type application/javascript; charset=utf-8 access-control-allow-origin https://cymmetria.com access-control-max-age 3600 cache-control public, max-age=60 access-control-allow-credentials true cf-ray 3e71bf4138122666-FRA content-length 310 expires Sat, 03 Feb 2018 01:52:47 GMT
GET S	200	3bhbcw3pfi8g.js Show response js.driftt.com/include/1517622900000/	368 KB 87 KB	178ms 152ms	Script application/javascript	54.230.44.67
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/include/1517622900000/3bhbcw3pfi8g.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 54.230.44.67 Seattle, United States, ASN (), Reverse DNS server-54-230-44-67.fra6.r.cloudfront.net Software nginx / Resource Hash 1f3baee532eccf7d55e02d998a1c047aa908750671d63cb0409672192884a95a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip vary Accept-Encoding access-control-allow-origin * x-cache Miss from cloudfront status 200 last-modified Thu, 25 Jan 2018 03:23:29 GMT server nginx strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 via 1.1 002c7dd628aeaafbb16627d6bb5046c9.cloudfront.net (CloudFront) cache-control max-age=10 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id KmNL-CfT4Ewl0BFrwo80Qvtk_GmE9LjHdk5LkqHCWaVCudRUyCBYvA==
GET S	200	hotjar-686552.js Show response static.hotjar.com/c/	2 KB 1 KB	133ms 113ms	Script application/javascript	94.31.29.254
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-686552.js?sv=6 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 94.31.29.254 , United Kingdom, ASN (), Reverse DNS 94.31.29.254.IPYX-077437-ZYO.above.net Software NetDNA-cache/2.2 / Resource Hash 67257d176f9e4d297b5b2a29ebd023c44161b9b267a83bf5d59e7bc921e15767 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers x-cache-hit 1 date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip status 200 server NetDNA-cache/2.2 x-frame-options SAMEORIGIN etag W/abf8c76d1cb88469b3f27e4107781a84 vary Accept-Encoding x-cache EXPIRED content-type application/javascript access-control-allow-origin * cache-control max-age=60 access-control-allow-headers content-type
GET S	200	cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2 fonts.gstatic.com/s/opensans/v15/	9 KB 9 KB	29ms 6ms	Font font/woff2	172.217.21.195
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v15/cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 172.217.21.195 Mountain View, United States, ASN (), Reverse DNS fra16s12-in-f195.1e100.net Software sffe / Resource Hash 8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C700 Origin https://cymmetria.com Response headers date Tue, 30 Jan 2018 19:18:00 GMT x-content-type-options nosniff last-modified Wed, 11 Oct 2017 21:49:46 GMT server sffe age 282827 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" content-length 8892 x-xss-protection 1; mode=block expires Wed, 30 Jan 2019 19:18:00 GMT
GET S	200	k3k702ZOKiLJc3WVjuplzBampu5_7CjHW5spxoeN3Vs.woff2 fonts.gstatic.com/s/opensans/v15/	9 KB 9 KB	28ms 6ms	Font font/woff2	172.217.21.195
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v15/k3k702ZOKiLJc3WVjuplzBampu5_7CjHW5spxoeN3Vs.woff2 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 172.217.21.195 Mountain View, United States, ASN (), Reverse DNS fra16s12-in-f195.1e100.net Software sffe / Resource Hash fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C700 Origin https://cymmetria.com Response headers date Wed, 31 Jan 2018 05:37:34 GMT x-content-type-options nosniff last-modified Wed, 11 Oct 2017 21:49:40 GMT server sffe age 245653 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" content-length 8800 x-xss-protection 1; mode=block expires Thu, 31 Jan 2019 05:37:34 GMT
GET S	200	fontawesome-webfont.woff2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/	75 KB 76 KB	27ms 10ms	Font application/font-woff2	94.31.29.16
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 94.31.29.16 , United Kingdom, ASN (), Reverse DNS 94.31.29.16.IPYX-077437-ZYO.above.net Software NetDNA-cache/2.2 / Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Referer https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css Origin https://cymmetria.com Response headers date Sat, 03 Feb 2018 01:51:47 GMT last-modified Tue, 25 Oct 2016 15:50:14 GMT server NetDNA-cache/2.2 status 200 etag "af7ae505a9eed503f8b8e6982036873e" vary Accept-Encoding x-cache HIT content-type application/font-woff2 access-control-allow-origin * cache-control max-age=31104000 x-amz-meta-version-id 7G0ec11eefKVnJqO2TDXZea7fEDW116p x-hello-human Say hello back! @getBootstrapCDN on Twitter accept-ranges bytes content-length 77160 expires Tue, 29 Jan 2019 01:51:47 GMT
GET DATA	200 OK	truncated /	18 KB 0		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 895964971ebdb56ee76d08850bcb4c5a88ec4c65e6a235882304e8ff6767cd7c Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Origin https://cymmetria.com Response headers Access-Control-Allow-Origin * Content-Type application/x-font-woff;charset=utf-8
GET S	200	analytics.js Show response www.google-analytics.com/	35 KB 15 KB	18ms 6ms	Script text/javascript	172.217.22.46 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-58078312-1 Protocol SPDY Server 172.217.22.46 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s16-in-f14.1e100.net Software Golfe2 / Resource Hash f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Mon, 13 Nov 2017 20:19:12 GMT server Golfe2 age 534 date Sat, 03 Feb 2018 01:42:53 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" content-length 14597 expires Sat, 03 Feb 2018 03:42:53 GMT
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	22 KB 8 KB	25ms 7ms	Script application/x-javascript	92.123.94.93
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol HTTP/1.1 Server 92.123.94.93 , European Union, ASN (), Reverse DNS a92-123-94-93.deploy.akamaitechnologies.com Software / Resource Hash 920c35898f09959a2e16ea780672262052beb891f9c087a9a633296c9bf6a248 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:47 GMT Content-Encoding gzip Last-Modified Fri, 12 Jan 2018 21:39:25 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=27518 Connection keep-alive Accept-Ranges bytes Content-Length 7809
GET S	200	uwt.js Show response static.ads-twitter.com/	5 KB 2 KB	26ms 6ms	Script application/javascript	104.244.43.112
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 104.244.43.112 San Francisco, United States, ASN (), Reverse DNS Software / Resource Hash 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip age 6818 x-cache HIT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" status 200 content-length 1954 x-served-by cache-tw-fra1-cr1-17-TWFRA1 last-modified Tue, 23 Jan 2018 19:05:33 GMT x-timer S1517622707.495278,VS0,VE0 etag "b7b33882a4f3ffd5cbf07434f3137166+gzip" vary Accept-Encoding,Host content-type application/javascript; charset=utf-8 via 1.1 varnish cache-control no-cache accept-ranges bytes
GET S	200	fbevents.js Show response connect.facebook.net/en_US/	38 KB 13 KB	23ms 6ms	Script application/x-javascript	31.13.92.14
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 31.13.92.14 , Ireland, ASN (), Reverse DNS xx-fbcdn-shv-01-frt3.fbcdn.net Software / Resource Hash bc61a6c87538c47f465262b4e45a7fa10192536a1d4d2d7d2db299d6372ed9a5 Security Headers Name Value Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers content-security-policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; content-encoding gzip x-content-type-options nosniff status 200 vary Origin, Accept-Encoding content-length 12235 x-xss-protection 0 pragma public x-fb-debug AN6HSmlsotZiTlb80LJnc5J7zq7VIbyg9+OP+2t+qtClRtgp5wyqegWQxmjpwfwbZKjUyfeZjHwGWOVxqnj6tA== x-frame-options DENY date Sat, 03 Feb 2018 01:51:47 GMT strict-transport-security max-age=31536000; preload; includeSubDomains access-control-allow-methods OPTIONS content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://connect.facebook.net access-control-expose-headers X-FB-Debug, X-Loader-Length cache-control public, max-age=1200 access-control-allow-credentials true expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	Cookie set / Show response cymmetria.com/research/patchwork-targeted-attack/	2 KB 1 KB	769ms 769ms	XHR application/json	207.38.86.15
General Check archive.org Show headers Download Go to Full URL https://cymmetria.com/research/patchwork-targeted-attack/?relatedposts=1 Requested by Host: webcdn.cymmetria.com URL: https://webcdn.cymmetria.com/wp-includes/js/jquery/jquery.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.38.86.15 Saint Louis, United States, ASN (), Reverse DNS web544.webfaction.com Software nginx / Resource Hash ce435ec5ad0a5ead4cd34035c7aaf0927af26a6107d017620d230c83b199fa71 Security Headers Name Value X-Content-Type-Options nosniff Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cymmetria.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept application/json, text/javascript, */*; q=0.01 Referer https://cymmetria.com/research/patchwork-targeted-attack/ X-Requested-With XMLHttpRequest Cookie wfvt_187659043=5a7515b21a478 Connection keep-alive Cache-Control no-cache Accept application/json, text/javascript, */*; q=0.01 Referer https://cymmetria.com/research/patchwork-targeted-attack/ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers X-Pingback https://cymmetria.com/xmlrpc.php Date Sat, 03 Feb 2018 01:51:48 GMT Content-Encoding gzip X-Content-Type-Options nosniff Server nginx Vary Accept-Encoding Content-Type application/json; charset=utf-8 Connection keep-alive Transfer-Encoding chunked Set-Cookie wfvt_187659043=5a7515b3e586c; expires=Sat, 03-Feb-2018 02:21:47 GMT; Max-Age=1800; path=/; secure; HttpOnly
GET S	200	hovercard.css secure.gravatar.com/css/	8 KB 2 KB	6ms 5ms	Stylesheet text/css	192.0.73.2
General Check archive.org Show headers Download Go to Full URL https://secure.gravatar.com/css/hovercard.css?ver=20186 Requested by Host: webcdn.cymmetria.com URL: https://webcdn.cymmetria.com/wp-includes/js/jquery/jquery.js Protocol SPDY Server 192.0.73.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 3f10442336cd9b12279a4662345ca628aa1dc48b9993a7cc75c2077b6ecbaf6b Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip last-modified Mon, 28 Jan 2013 22:29:45 GMT server nginx etag W/"5106fbd9-2062" content-type text/css status 200 cache-control max-age=604800 expires Sat, 10 Feb 2018 01:51:47 GMT
GET S	200	services.css secure.gravatar.com/css/	3 KB 736 B	6ms 6ms	Stylesheet text/css	192.0.73.2
General Check archive.org Show headers Download Go to Full URL https://secure.gravatar.com/css/services.css?ver=20186 Requested by Host: webcdn.cymmetria.com URL: https://webcdn.cymmetria.com/wp-includes/js/jquery/jquery.js Protocol SPDY Server 192.0.73.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash ab7e2ffdc04169e144920d681f782403d86113dd0a50dee1eb0522fb4c92375b Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip last-modified Wed, 19 Mar 2014 21:35:23 GMT server nginx etag W/"532a0d9b-bd8" content-type text/css status 200 cache-control max-age=604800 expires Sat, 10 Feb 2018 01:51:47 GMT
GET S	200	/ Show response graph.facebook.com/	923 B 868 B	76ms 61ms	Script application/json	157.240.20.15
General Check archive.org Show headers Download Go to Full URL https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&_=1517622707354 Requested by Host: webcdn.cymmetria.com URL: https://webcdn.cymmetria.com/wp-includes/js/jquery/jquery.js Protocol SPDY Server 157.240.20.15 Menlo Park, United States, ASN (), Reverse DNS edge-star-shv-02-frt3.facebook.com Software / Resource Hash 0294fbeb17910d80b0d7b547af66a0906c828024aa9506083bcc0a0ae6f462c4 Security Headers Name Value Strict-Transport-Security max-age=15552000; preload Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers strict-transport-security max-age=15552000; preload content-encoding gzip etag "90ebf11547c29f0631e3adafc94db486b495d054" status 200 x-fb-rev 3620472 content-length 505 pragma no-cache x-fb-debug TDkFH9ogymelRQfOy3Ljfuu4fveEXj/sDm3tNDaznZS+7bT9HlxE9D5OY8xe/ZYJBFFohwJtq0Hovg67eRsOhw== x-fb-trace-id HnLR1+BKmAe date Sat, 03 Feb 2018 01:51:47 GMT vary Accept-Encoding content-type application/json; charset=UTF-8 access-control-allow-origin * cache-control private, no-cache, no-store, must-revalidate facebook-api-version v2.5 expires Sat, 01 Jan 2000 00:00:00 GMT
GET S	200	g.gif pixel.wp.com/	50 B 130 B	7ms 5ms	Image image/gif	192.0.76.3
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.7299750938695659 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 192.0.76.3 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers status 200 date Sat, 03 Feb 2018 01:51:47 GMT cache-control no-cache server nginx content-length 50 content-type image/gif
GET S	200	g.gif pixel.wp.com/	50 B 130 B	6ms 5ms	Image image/gif	192.0.76.3
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=ext&j=1%3A5.7.1&blog=139784705&post=186&tz=0&srv=cymmetria.com&host=cymmetria.com&ref=&rand=0.4150002353473521 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 192.0.76.3 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers status 200 date Sat, 03 Feb 2018 01:51:47 GMT cache-control no-cache server nginx content-length 50 content-type image/gif
GET S	200	ga-audiences www.google.de/ads/ Redirect Chain https://www.google-analytics.com/r/collect?v=1&_v=j66&a=862013023&t=pageview&_s=1&dl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&ul=en-us&de=UTF-8&dt=Unveiling%20Patchwork... https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58078312-1&cid=2141096246.1517622708&jid=1675173530&_gid=342508681.1517622708&gjid=1658185381&_v=j66&z=1215692088 https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58078312-1&cid=2141096246.1517622708&jid=1675173530&_v=j66&z=1215692088 https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58078312-1&cid=2141096246.1517622708&jid=1675173530&_v=j66&z=1215692088&slf_rd=1&random=2630295376	42 B 453 B	35ms 14ms	Image image/gif	172.217.21.195
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58078312-1&cid=2141096246.1517622708&jid=1675173530&_v=j66&z=1215692088&slf_rd=1&random=2630295376 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 172.217.21.195 Mountain View, United States, ASN (), Reverse DNS fra16s12-in-f195.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers pragma no-cache date Sat, 03 Feb 2018 01:51:47 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, must-revalidate content-type image/gif alt-svc hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" content-length 42 x-xss-protection 1; mode=block expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sat, 03 Feb 2018 01:51:47 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 302 content-type text/html; charset=UTF-8 location https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58078312-1&cid=2141096246.1517622708&jid=1675173530&_v=j66&z=1215692088&slf_rd=1&random=2630295376 cache-control no-cache, must-revalidate timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" content-length 0 x-xss-protection 1; mode=block expires Fri, 01 Jan 1990 00:00:00 GMT
GET S	200	modules-b29c8bffbc1e63f9303022f1e215f581.js Show response script.hotjar.com/	349 KB 70 KB	29ms 15ms	Script application/javascript	23.111.9.32
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules-b29c8bffbc1e63f9303022f1e215f581.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-686552.js?sv=6 Protocol SPDY Server 23.111.9.32 Phoenix, United States, ASN (), Reverse DNS Software NetDNA-cache/2.2 / Resource Hash e4adae8c68f56cc9c4ea734ff5eba6f5e6550acbd42cbeafd8a3c610b8e8f8e6 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip last-modified Thu, 01 Feb 2018 10:52:56 GMT server NetDNA-cache/2.2 x-amz-request-id 035273F8E822785E etag W/"b29c8bffbc1e63f9303022f1e215f581" x-cache HIT content-type application/javascript status 200 cache-control max-age=31536000 x-amz-id-2 WGfTVbmegFoPeYGxRyLZznizEpftyPwMML2cBTHvq+KbhNa+T/ps6ckiEDqZ3t/m1FAfmcKACY4=
GET S	200	402739226809540 Show response connect.facebook.net/signals/config/	56 KB 15 KB	51ms 51ms	Script application/x-javascript	31.13.92.14
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/402739226809540?v=2.8.10&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol SPDY Server 31.13.92.14 , Ireland, ASN (), Reverse DNS xx-fbcdn-shv-01-frt3.fbcdn.net Software / Resource Hash 7567a341e154f1b2d8242a7239d3be14376ba35796f8714f44ca9af1f53bf3a5 Security Headers Name Value Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers content-security-policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; content-encoding gzip x-content-type-options nosniff status 200 vary Origin, Accept-Encoding x-xss-protection 0 pragma public x-fb-debug FV25qzVoyxMgcqCyrz1q+sFfP8u+rYLKaLuOhs+dT6eZ6qqff1joqtJbiT1oG+gxPf0OLnbm3YEViEPSzBSbkA== x-frame-options DENY date Sat, 03 Feb 2018 01:51:47 GMT strict-transport-security max-age=31536000; preload; includeSubDomains access-control-allow-methods OPTIONS content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://connect.facebook.net access-control-expose-headers X-FB-Debug, X-Loader-Length cache-control public, max-age=1200 access-control-allow-credentials true expires Sat, 01 Jan 2000 00:00:00 GMT
GET S	200	adsct t.co/i/	43 B 120 B	141ms 119ms	Image image/gif	104.244.42.197
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv6v3&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 104.244.42.197 San Francisco, United States, ASN (), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip x-content-type-options nosniff status 200, 200 OK x-twitter-response-tags BouncerCompliant content-length 65 x-xss-protection 1; mode=block; report=https://twitter.com/i/xss_report x-response-time 113 pragma no-cache last-modified Sat, 03 Feb 2018 01:51:47 GMT server tsa_o x-frame-options SAMEORIGIN strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 x-connection-hash afd4c4becaa10be16b16c6ae69463281 x-transaction 00d0ae71000b4a09 expires Tue, 31 Mar 1981 05:00:00 GMT
GET S	200	adsct t.co/i/	43 B 486 B	140ms 119ms	Image image/gif	104.244.42.197
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nyg7t&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 104.244.42.197 San Francisco, United States, ASN (), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT content-encoding gzip x-content-type-options nosniff status 200, 200 OK x-twitter-response-tags BouncerCompliant content-length 65 x-xss-protection 1; mode=block; report=https://twitter.com/i/xss_report x-response-time 113 pragma no-cache last-modified Sat, 03 Feb 2018 01:51:47 GMT server tsa_o x-frame-options SAMEORIGIN strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 x-connection-hash afd4c4becaa10be16b16c6ae69463281 x-transaction 00d742fd006afe44 expires Tue, 31 Mar 1981 05:00:00 GMT
GET S	200	/ www.facebook.com/tr/	44 B 292 B	18ms 6ms	Image image/gif	157.240.20.35
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=402739226809540&ev=PageView&dl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&rl=&if=false&ts=1517622707587&sw=1600&sh=1200&v=2.8.10&r=stable&ec=0&o=30&it=1517622707526 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 157.240.20.35 Menlo Park, United States, ASN (), Reverse DNS edge-star-mini-shv-02-frt3.facebook.com Software proxygen / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:47 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen content-type image/gif status 200 cache-control no-cache, must-revalidate, max-age=0 content-length 44 expires Sat, 03 Feb 2018 01:51:47 GMT
GET S	200	2255223.js Show response js.hs-analytics.net/analytics/1517622600000/	56 KB 21 KB	588ms 568ms	Script text/javascript	104.17.68.176
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1517622600000/2255223.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/2255223.js Protocol SPDY Server 104.17.68.176 San Francisco, United States, ASN (), Reverse DNS Software cloudflare / Resource Hash 8dfedfcbfb27e113d1c1702a05538b351496c66c9dcdc0571b58b40dc8b301a9 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:48 GMT content-encoding gzip cf-cache-status MISS x-amz-request-id 52F1648B5CF6F2CE cf-ray 3e71bf43eb2d63af-FRA status 200 content-length 21093 x-amz-id-2 Din5/Qh89X4RlsTpAPrQ73+Ax6ycZOFoABgQEVsntIjmkW2Gw4LpIDCaGhJ7ZjKDrTZprzxU5D8= last-modified Wed, 03 Jan 2018 19:40:34 GMT server cloudflare etag W/"0f688ac7d45982c7806af5ca5cd51a5d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding x-amz-version-id null cache-control max-age=300, public access-control-allow-credentials false content-type text/javascript expires Sat, 03 Feb 2018 01:56:48 GMT
GET S	200	/ www.facebook.com/tr/	44 B 144 B	6ms 5ms	Image image/gif	157.240.20.35
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=402739226809540&ev=Microdata&dl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&rl=&if=false&ts=1517622708089&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Alocale%22%3A%22en_US%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Atitle%22%3A%22Unveiling%20Patchwork%20%E2%80%93%20a%20targeted%20attack%20caught%20with%20cyber%20deception%22%2C%22og%3Adescription%22%3A%22%5Cn%5Cn%5CnPatchwork%20is%20a%20targeted%20attack%20that%20has%20infe...%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F%22%2C%22og%3Asite_name%22%3A%22Unveiling%20Patchwork%20%E2%80%93%20a%20targeted%20attack%20caught%20with%20cyber%20deception%22%2C%22article%3Apublisher%22%3A%22https%3A%2F%2Fwww.facebook.com%2FCymmetria%2F%22%2C%22article%3Asection%22%3A%22Research%22%2C%22article%3Apublished_time%22%3A%222017-09-19T14%3A47%3A17%2B00%3A00%22%2C%22article%3Amodified_time%22%3A%222017-10-26T18%3A10%3A56%2B00%3A00%22%2C%22og%3Aupdated_time%22%3A%222017-10-26T18%3A10%3A56%2B00%3A00%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fcymmetria.com%2Fwp-content%2Fuploads%2F2017%2F09%2Fresearch-example-thumb.jpg%22%2C%22og%3Aimage%3Asecure_url%22%3A%22https%3A%2F%2Fwebcdn.cymmetria.com%2Fwp-content%2Fuploads%2F2017%2F09%2Fresearch-example-thumb.jpg%22%2C%22og%3Aimage%3Awidth%22%3A%22296%22%2C%22og%3Aimage%3Aheight%22%3A%22236%22%7D&cd[Meta]=%7B%22title%22%3A%22Unveiling%20Patchwork%20-%20a%20targeted%20attack%20caught%20with%20cyber%20deception%20-%20Cymmetria%20%7C%20Cyber%20deception%22%7D&cd[DataLayer]=%5B%5D&sw=1600&sh=1200&v=2.8.10&r=stable&o=30 Requested by Host: cymmetria.com URL: https://cymmetria.com/research/patchwork-targeted-attack/ Protocol SPDY Server 157.240.20.35 Menlo Park, United States, ASN (), Reverse DNS edge-star-mini-shv-02-frt3.facebook.com Software proxygen / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:48 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen content-type image/gif status 200 cache-control no-cache, must-revalidate, max-age=0 content-length 44 expires Sat, 03 Feb 2018 01:51:48 GMT
GET H/1.1	200 OK	/ Show response dc.ads.linkedin.com/collect/ Redirect Chain https://dc.ads.linkedin.com/collect/?time=1517622708404&pid=107426&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwo... https://www.bizographics.com/collect/?pid=107426&ref=&s=1&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-target... https://eu-west-1.dc.ads.linkedin.com/collect/?pid=107426&ref=&s=1&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwo... https://secure.adnxs.com/getuid?https%3A%2F%2Fwww.linkedin.com%2Fcsp%2Fdtag%3Fp%3D9%26_x%3D%252526opid%25253D107426%252526fmt%25253Djs%252526ref%25253D%252526ck%25253D%252526url%25253Dhttps%2525253... https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fwww.linkedin.com%252Fcsp%252Fdtag%253Fp%253D9%2526_x%253D%25252526opid%2525253D107426%25252526fmt%2525253Djs%25252526ref%2525253D%252... https://www.linkedin.com/csp/dtag?p=9&_x=%2526opid%253D107426%2526fmt%253Djs%2526ref%253D%2526ck%253D%2526url%253Dhttps%25253A%25252F%25252Fcymmetria.com%25252Fresearch%25252Fpatchwork-targeted-att... https://dc.ads.linkedin.com/collect/?pid=6883&opid=107426&fmt=js&ref=&ck=&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&s=1&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearc...	473 B 2 KB	38ms 38ms	Script text/javascript	54.75.225.70
General Check archive.org Show headers Download Go to Full URL https://dc.ads.linkedin.com/collect/?pid=6883&opid=107426&fmt=js&ref=&ck=&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&s=1&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&time=1517622708404&3pc=true&an_user_id=537527375457018436 Protocol HTTP/1.1 Server 54.75.225.70 Dublin, Ireland, ASN (), Reverse DNS ec2-54-75-225-70.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash 28cb33fb01f58e9aef2a140bbf09f78ba401859cf5aeb2c9bd2166bd0caad32c Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Pragma no-cache Date Sat, 03 Feb 2018 01:51:49 GMT Server nginx P3P CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Content-Language en-US Cache-Control no-cache Connection keep-alive Content-Type text/javascript;charset=UTF-8 Content-Length 473 Redirect headers date Sat, 03 Feb 2018 01:51:48 GMT content-encoding gzip x-content-type-options nosniff x-li-fabric prod-ltx1 status 302 strict-transport-security max-age=2592000 x-li-uuid q8Q0IdCtDxVArBaXJCsAAA== server Apache-Coyote/1.1 pragma no-cache x-li-pop prod-tln1 vary Accept-Encoding content-language en-US location https://dc.ads.linkedin.com/collect/?pid=6883&opid=107426&fmt=js&ref=&ck=&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&s=1&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&time=1517622708404&3pc=true&an_user_id=537527375457018436 x-xss-protection 1; mode=block cache-control no-store, private content-security-policy default-src *; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com; object-src static.licdn.com www.youtube.com; media-src blob: *; frame-ancestors http://*.adnxs.com https://*.adnxs.com http://*.linkedin.com https://*.linkedin.com http://*.slideshare.net https://*.slideshare.net https://*.msn.com http://*.msn.com http://*.outlook.com https://*.outlook.com translate.googleusercontent.com pemberly.www.linkedin.com:4443; report-uri https://www.linkedin.com/lite/contentsecurity?f=ad x-li-proto http/2 x-fs-uuid abc43421d0ad0f1540ac1697242b0000
GET S	200	/ Show response px.ads.linkedin.com/collect/ Redirect Chain https://px.ads.linkedin.com/collect/?time=1517622708404&pid=107426&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwo... https://px.ads.linkedin.com/collect/?time=1517622708404&pid=107426&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwo...	0 87 B	161ms 160ms	Script application/javascript	91.225.248.133
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/collect/?time=1517622708404&pid=107426&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&ref=&fmt=js&s=1&cookiesTest=true Protocol SPDY Server 91.225.248.133 , Ireland, ASN (), Reverse DNS Software Play / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:48 GMT content-encoding gzip server Play vary Accept-Encoding x-li-fabric prod-ltx1 status 200 x-li-proto http/2 x-li-pop PROD-IDB2 content-type application/javascript content-length 20 x-li-uuid LCn1E9CtDxXA2hwucisAAA== Redirect headers date Sat, 03 Feb 2018 01:51:48 GMT content-encoding gzip server Play status 302 vary Accept-Encoding x-li-fabric prod-ltx1 location /collect/?time=1517622708404&pid=107426&url=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&pageUrl=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&ref=&fmt=js&s=1&cookiesTest=true x-li-proto http/2 x-li-pop PROD-IDB2 content-length 20 x-li-uuid NDNmCtCtDxVAWEnOcCsAAA==
GET S	200	adsct Show response analytics.twitter.com/i/	31 B 736 B	136ms 119ms	Script application/javascript	104.244.42.195
General Check archive.org Show headers Download Go to Full URL https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv6v3&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F Requested by Host: static.ads-twitter.com URL: https://static.ads-twitter.com/uwt.js Protocol SPDY Server 104.244.42.195 San Francisco, United States, ASN (), Reverse DNS Software tsa_o / Resource Hash df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf Security Headers Name Value Strict-Transport-Security max-age=631138519 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:48 GMT content-encoding gzip x-content-type-options nosniff p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" status 200, 200 OK x-twitter-response-tags BouncerCompliant strict-transport-security max-age=631138519 content-length 57 x-xss-protection 1; mode=block; report=https://twitter.com/i/xss_report x-response-time 113 pragma no-cache last-modified Sat, 03 Feb 2018 01:51:48 GMT server tsa_o x-frame-options SAMEORIGIN content-type application/javascript;charset=utf-8 cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 x-connection-hash d306060ab95491239769be46c0427055 x-transaction 000034c300cae48a expires Tue, 31 Mar 1981 05:00:00 GMT
GET S	200	adsct Show response analytics.twitter.com/i/	31 B 284 B	138ms 121ms	Script application/javascript	104.244.42.195
General Check archive.org Show headers Download Go to Full URL https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nyg7t&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F Requested by Host: static.ads-twitter.com URL: https://static.ads-twitter.com/uwt.js Protocol SPDY Server 104.244.42.195 San Francisco, United States, ASN (), Reverse DNS Software tsa_o / Resource Hash df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf Security Headers Name Value Strict-Transport-Security max-age=631138519 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 03 Feb 2018 01:51:48 GMT content-encoding gzip x-content-type-options nosniff p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" status 200, 200 OK x-twitter-response-tags BouncerCompliant strict-transport-security max-age=631138519 content-length 57 x-xss-protection 1; mode=block; report=https://twitter.com/i/xss_report x-response-time 115 pragma no-cache last-modified Sat, 03 Feb 2018 01:51:48 GMT server tsa_o x-frame-options SAMEORIGIN content-type application/javascript;charset=utf-8 cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 x-connection-hash d306060ab95491239769be46c0427055 x-transaction 008142a300a9a9ba expires Tue, 31 Mar 1981 05:00:00 GMT
GET H/1.1	200 OK	__ptq.gif track.hubspot.com/	45 B 319 B	432ms 109ms	Image image/gif	54.85.57.103
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3000881485&v=1.1&a=2255223&rcu=https%3A%2F%2Fcymmetria.com%2Fresearch%2Fpatchwork-targeted-attack%2F&t=Unveiling+Patchwork+-+a+targeted+attack+caught+with+cyber+deception+-+Cymmetria+%7C+Cyber+deception&cts=1517622708410&vi=b43c0a4524e77111149dc127a3dd4d3e&nc=true&u=146112619.b43c0a4524e77111149dc127a3dd4d3e.1517622708408.1517622708408.1517622708408.1&b=146112619.1.1517622708408 Protocol HTTP/1.1 Server 54.85.57.103 Ashburn, United States, ASN (), Reverse DNS ec2-54-85-57-103.compute-1.amazonaws.com Software / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 03 Feb 2018 01:51:48 GMT P3P CP="NOI CUR ADM OUR NOR STA NID" Content-Type image/gif Cache-Control no-cache, no-store, no-transform Access-Control-Allow-Credentials false Connection keep-alive X-Robots-Tag none Content-Length 45
GET H/1.1	200 OK	l imp2.ads.linkedin.com/ Redirect Chain https://secure.adnxs.com/seg?t=2&add=&redir=https%3A%2F%2Fsecure.adnxs.com%2Fseg%3Fadd%3D%26add_code%3Dcymmetria_com%26member%3D232%26redir%3Dhttps%253A%252F%252Fimp2.ads.linkedin.com%252Fl https://secure.adnxs.com/seg?add=&add_code=cymmetria_com&member=232&redir=https%3A%2F%2Fimp2.ads.linkedin.com%2Fl https://imp2.ads.linkedin.com/l	42 B 329 B	118ms 31ms	Image image/gif	46.137.127.219
General Check archive.org Show headers Download Go to Show image Full URL https://imp2.ads.linkedin.com/l Protocol HTTP/1.1 Server 46.137.127.219 Dublin, Ireland, ASN (), Reverse DNS ec2-46-137-127-219.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Pragma no-cache Date Sat, 03 Feb 2018 01:51:49 GMT Server nginx P3P CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Cache-Control no-cache Connection keep-alive Content-Type image/gif;charset=UTF-8 Content-Length 42 Redirect headers Pragma no-cache Date Sat, 03 Feb 2018 01:51:51 GMT X-Proxy-Origin 148.251.45.254; 148.251.45.254; 246.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.21:80 AN-X-Request-Uuid 84460be0-861c-40ec-9af3-f7ead4a8e7b5 Server nginx/1.13.4 P3P policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://imp2.ads.linkedin.com/l Cache-Control no-store, no-cache, private Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	1640 imp2.ads.linkedin.com/m/ Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=bizo_bk_cm&google_cm https://cm.g.doubleclick.net/pixel?google_nid=bizo_bk_cm&google_cm=&google_tc= https://imp2.ads.linkedin.com/m/1640?google_gid=CAESEHaQd6IWtfDTMQZscfKc-6c&google_cver=1	42 B 608 B	111ms 29ms	Image image/gif	54.246.115.253
General Check archive.org Show headers Download Go to Show image Full URL https://imp2.ads.linkedin.com/m/1640?google_gid=CAESEHaQd6IWtfDTMQZscfKc-6c&google_cver=1 Protocol HTTP/1.1 Server 54.246.115.253 Dublin, Ireland, ASN (), Reverse DNS ec2-54-246-115-253.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Referer https://cymmetria.com/research/patchwork-targeted-attack/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Pragma no-cache Date Sat, 03 Feb 2018 01:51:49 GMT Server nginx P3P CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Cache-Control no-cache Connection keep-alive Content-Type image/gif;charset=UTF-8 Content-Length 42 Redirect headers pragma no-cache date Sat, 03 Feb 2018 01:51:49 GMT server HTTP server (unknown) status 302 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://imp2.ads.linkedin.com/m/1640?google_gid=CAESEHaQd6IWtfDTMQZscfKc-6c&google_cver=1 cache-control no-cache, must-revalidate content-type text/html; charset=UTF-8 alt-svc hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" content-length 290 x-xss-protection 1; mode=block expires Fri, 01 Jan 1990 00:00:00 GMT