urlscan.io logo urlscan.io
SecurityTrails logo

symantec-enterprise-blogs.security.com Open in urlscan Pro
2606:4700:10::6816:31d7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://learn.broadcom.com/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W...
Effective URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Secu...
Submission: On October 27 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 9 domains to perform 41 HTTP transactions. The main IP is 2606:4700:10::6816:31d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is symantec-enterprise-blogs.security.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 10th 2020. Valid for: a year.
This is the only time symantec-enterprise-blogs.security.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
22 2606:4700:10:... 13335 (CLOUDFLAR...)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
41 10
2    2606:4700::6811:73b4 (United States)

ASN13335 (CLOUDFLARENET, US)
learn.broadcom.com
22    2606:4700:10::6816:31d7 (United States)

ASN13335 (CLOUDFLARENET, US)
symantec-enterprise-blogs.security.com
6    2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
3    2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)
script.crazyegg.com
1    2a00:1450:4001:816::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
3    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
22 symantec-enterprise-blogs.security.com learn.broadcom.com
symantec-enterprise-blogs.security.com
6 cdn.cookielaw.org symantec-enterprise-blogs.security.com
cdn.cookielaw.org
3 www.google-analytics.com www.googletagmanager.com
symantec-enterprise-blogs.security.com
3 script.crazyegg.com learn.broadcom.com
symantec-enterprise-blogs.security.com
script.crazyegg.com
3 www.google.com symantec-enterprise-blogs.security.com
www.gstatic.com
2 learn.broadcom.com 1 redirects
1 www.gstatic.com www.google.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 www.googletagmanager.com symantec-enterprise-blogs.security.com
41 9
Subject Issuer Validity Valid
learn.broadcom.com
Cloudflare Inc ECC CA-3		 2020-07-01 -
2021-07-01		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-10 -
2021-08-10		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2020-07-01 -
2021-07-01		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA		 2020-05-21 -
2022-07-27		 2 years crt.sh
www.google.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Frame ID: 687A662AF25ED3B613DA09BEA15A3ADF
Requests: 40 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&size=normal&cb=dhhgv6vqacqz
Frame ID: 9233865A4116A094BE472597D855AC40
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&cb=lf0wh2wtusct
Frame ID: 4F9EA71C180210F15040D9B3BEE0724B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://learn.broadcom.com/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr... Page URL
  2. https://learn.broadcom.com/events/public/v1/track/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGr... HTTP 307
    https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SE... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i
Overall confidence: 100%
Detected patterns
  • script /\/recaptcha\/api\.js/i

Page Statistics

41
Requests

100 %
HTTPS

100 %
IPv6

9
Domains

9
Subdomains

10
IPs

2
Countries

1745 kB
Transfer

4699 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://learn.broadcom.com/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3GHW6zQCPW16bSGqW7_pSz24Bv11dW5sKYhD9bRRXCW3pN3V596My1ZW1SXSgQ3QS0fLW5f90hM4L3TTxW2XBG5v3sh82mW7KlLtg3gTVr-VKsVKZ81RS7QW6B49TY7j_hGsW2Szl8R7L5Yx9W86HC586YlH04VT-3361mXxPWV1xjfZ2_BSc-W4JC1nJ3sR4vnV-Z0wV6Z7MmbW7QP1Sd2zg8TjW9cxnYw6xcbRRW7Hh0588b_ShgW20hKqP50jD-KW7c4hZ82-hkcnW68jGTY5sVj4xW1lZFvk5gYP_k3kdg1 Page URL
  2. https://learn.broadcom.com/events/public/v1/track/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3GHW6zQCPW16bSGqW7_pSz24Bv11dW5sKYhD9bRRXCW3pN3V596My1ZW1SXSgQ3QS0fLW5f90hM4L3TTxW2XBG5v3sh82mW7KlLtg3gTVr-VKsVKZ81RS7QW6B49TY7j_hGsW2Szl8R7L5Yx9W86HC586YlH04VT-3361mXxPWV1xjfZ2_BSc-W4JC1nJ3sR4vnV-Z0wV6Z7MmbW7QP1Sd2zg8TjW9cxnYw6xcbRRW7Hh0588b_ShgW20hKqP50jD-KW7c4hZ82-hkcnW68jGTY5sVj4xW1lZFvk5gYP_k3kdg1?_ud=1b4e3d2f-31a8-48df-be09-cc5cc2dca8c1&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
    https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3...
learn.broadcom.com/e2t/tc/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://learn.broadcom.com/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3GHW6zQCPW16bSGqW7_pSz24Bv11dW5sKYhD9bRRXCW3pN3V596My1ZW1SXSgQ3QS0fLW5f90hM4L3TTxW2XBG5v3sh82mW7KlLtg3gTVr-VKsVKZ81RS7QW6B49TY7j_hGsW2Szl8R7L5Yx9W86HC586YlH04VT-3361mXxPWV1xjfZ2_BSc-W4JC1nJ3sR4vnV-Z0wV6Z7MmbW7QP1Sd2zg8TjW9cxnYw6xcbRRW7Hh0588b_ShgW20hKqP50jD-KW7c4hZ82-hkcnW68jGTY5sVj4xW1lZFvk5gYP_k3kdg1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:73b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36af8a7d264590ebd878bd978c36b1284e40879b8f7ccca2090ef68cd096734f

Request headers

:method
GET
:authority
learn.broadcom.com
:scheme
https
:path
/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3GHW6zQCPW16bSGqW7_pSz24Bv11dW5sKYhD9bRRXCW3pN3V596My1ZW1SXSgQ3QS0fLW5f90hM4L3TTxW2XBG5v3sh82mW7KlLtg3gTVr-VKsVKZ81RS7QW6B49TY7j_hGsW2Szl8R7L5Yx9W86HC586YlH04VT-3361mXxPWV1xjfZ2_BSc-W4JC1nJ3sR4vnV-Z0wV6Z7MmbW7QP1Sd2zg8TjW9cxnYw6xcbRRW7Hh0588b_ShgW20hKqP50jD-KW7c4hZ82-hkcnW68jGTY5sVj4xW1lZFvk5gYP_k3kdg1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Tue, 27 Oct 2020 18:58:28 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=d8a9f615b03082c3e55a90bc05a3ac8cd1603825108; expires=Thu, 26-Nov-20 18:58:28 GMT; path=/; domain=.learn.broadcom.com; HttpOnly; SameSite=Lax __cfruid=19bca56c5053938719269add6013dcd5527da011-1603825108; path=/; domain=.learn.broadcom.com; HttpOnly; Secure; SameSite=None
cf-ray
5e8ea61248000746-FRA
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
cf-request-id
060d061f6d00000746f48dc000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
no-referrer
server
cloudflare
content-encoding
br
Primary Request palmerworm-blacktech-espionage-apt
symantec-enterprise-blogs.security.com/blogs/threat-intelligence/
Redirect Chain
  • https://learn.broadcom.com/events/public/v1/track/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTc...
  • https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc...
48 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Requested by
Host: learn.broadcom.com
URL: https://learn.broadcom.com/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3GHW6zQCPW16bSGqW7_pSz24Bv11dW5sKYhD9bRRXCW3pN3V596My1ZW1SXSgQ3QS0fLW5f90hM4L3TTxW2XBG5v3sh82mW7KlLtg3gTVr-VKsVKZ81RS7QW6B49TY7j_hGsW2Szl8R7L5Yx9W86HC586YlH04VT-3361mXxPWV1xjfZ2_BSc-W4JC1nJ3sR4vnV-Z0wV6Z7MmbW7QP1Sd2zg8TjW9cxnYw6xcbRRW7Hh0588b_ShgW20hKqP50jD-KW7c4hZ82-hkcnW68jGTY5sVj4xW1lZFvk5gYP_k3kdg1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
391d8e580c8319aea02862331de876b546a106084a4c17b2536960ea7c55da89
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
symantec-enterprise-blogs.security.com
:scheme
https
:path
/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://learn.broadcom.com/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3GHW6zQCPW16bSGqW7_pSz24Bv11dW5sKYhD9bRRXCW3pN3V596My1ZW1SXSgQ3QS0fLW5f90hM4L3TTxW2XBG5v3sh82mW7KlLtg3gTVr-VKsVKZ81RS7QW6B49TY7j_hGsW2Szl8R7L5Yx9W86HC586YlH04VT-3361mXxPWV1xjfZ2_BSc-W4JC1nJ3sR4vnV-Z0wV6Z7MmbW7QP1Sd2zg8TjW9cxnYw6xcbRRW7Hh0588b_ShgW20hKqP50jD-KW7c4hZ82-hkcnW68jGTY5sVj4xW1lZFvk5gYP_k3kdg1

Response headers

status
200
date
Tue, 27 Oct 2020 18:58:29 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=dde45f53289443a1e4c9aa94f78a987401603825109; expires=Thu, 26-Nov-20 18:58:29 GMT; path=/; domain=.security.com; HttpOnly; SameSite=Lax; Secure
x-frame-options
SAMEORIGIN
cache-control
public, max-age=300
vary
Accept-Encoding
via
1.1 vegur
cf-cache-status
MISS
cf-request-id
060d0620a40000177a40bf2000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5e8ea6143f0a177a-FRA
content-encoding
gzip

Redirect headers

status
307
date
Tue, 27 Oct 2020 18:58:29 GMT
location
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
cf-ray
5e8ea612da4d0746-FRA
link
<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email>; rel="canonical"
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
cf-request-id
060d061fc800000746c0811000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
no-referrer
x-robots-tag
none
server
cloudflare
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ea50094677d2425f0c171153b70fcd3a976e721b069861878560309e925980f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Oct 2020 18:58:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
NxTaCPCIFj15rc49QNbaZA==
age
5528
status
200
vary
Accept-Encoding
content-length
4058
cf-request-id
060d0623e0000016f2ebb25000000001
x-ms-lease-status
unlocked
last-modified
Tue, 27 Oct 2020 07:25:09 GMT
server
cloudflare
etag
0x8D87A496FB95C0B
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f1a4f1e7-201e-0063-3a32-ac9ec3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5e8ea619694816f2-FRA
styles.cd3528d4d93891573cb5.css
symantec-enterprise-blogs.security.com/blogs/ 		180 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a67989d8193195ad85ae9d28865d0342f16bef88a97337f04048c272e721efe6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:29 GMT
content-encoding
gzip
cf-cache-status
HIT
age
54410
status
200
cf-request-id
060d0623ca0000177ae2b7a000000001
last-modified
Thu, 24 Sep 2020 20:59:21 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"2ce90-174c1e9d428"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
via
1.1 vegur
cache-control
public, max-age=86400
cf-ray
5e8ea6194b75177a-FRA
logo.svg
symantec-enterprise-blogs.security.com/blogs/assets/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/blogs/assets/logo.svg
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5edf0591c4287e707f07925cd102e6c8a2ebeaa6147f55e9184dd07c3af5a963
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
cf-cache-status
HIT
age
77636
status
200
cf-request-id
060d06240a0000177a440b7000000001
last-modified
Thu, 24 Sep 2020 20:59:21 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"226c-174c1e9d428"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 vegur
cache-control
public, max-age=86400
cf-ray
5e8ea619ac70177a-FRA
Main%20Image.jpg
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_wide/public/2020-09/ 		364 KB
365 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_wide/public/2020-09/Main%20Image.jpg?h=f2fcf546&itok=DM4Kt9ue
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8724f4c1fee72e368f9ddf81921f11abbcb006d1944de1ea0559fa082b5c55a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
110868
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
cf-bgj
h2pri
content-length
372647
cf-request-id
060d06240a0000177abe9ea000000001
x-served-by
cache-mdw17355-MDW, cache-fra19130-FRA
last-modified
Tue, 29 Sep 2020 13:03:51 GMT
server
cloudflare
x-timer
S1603714243.931098,VS0,VE3
etag
"5f7330b7-5afa7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-type
image/jpeg
x-styx-req-id
422c0443-13ff-11eb-afcf-7284a5791b12
expires
Sat, 23 Oct 2021 00:41:01 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5e8ea619ac74177a-FRA
x-pantheon-styx-hostname
styx-fe4-a-54d497547b-xnqcq
author-profile-default.jpg
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_avatar_small/public/2017-10/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_avatar_small/public/2017-10/author-profile-default.jpg?h=6386ac74&itok=yMcB1DYB
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6c5c5972b2462878c512cde9dd47f607518af8d1690e3cfb448cef7d06a08d7
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
15173492
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
cf-bgj
h2pri
content-length
8273
cf-request-id
060d06240a0000177a18972000000001
x-served-by
cache-mdw17346-MDW, cache-fra19141-FRA
last-modified
Mon, 27 Apr 2020 18:44:26 GMT
server
cloudflare
x-timer
S1588651619.593175,VS0,VE1
etag
"5ea7280a-2051"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-type
image/jpeg
x-styx-req-id
13e62188-8e69-11ea-b3d7-1ed0c4e8b98b
expires
Thu, 06 May 2021 00:40:54 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5e8ea619ac77177a-FRA
x-pantheon-styx-hostname
styx-fe4-b-b7bfd456-rd2p5
Palmerworm_Chart_updated.jpg
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2020-09/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2020-09/Palmerworm_Chart_updated.jpg?itok=-1bmxYlr
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6607878d81b4679d09e23a0723bdb6c9aa045047cd547bfcfd7773a43e7fc828
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
177871
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
cf-bgj
h2pri
content-length
36949
cf-request-id
060d06240a0000177ad6aa8000000001
x-served-by
cache-mdw17320-MDW, cache-fra19175-FRA
last-modified
Mon, 28 Sep 2020 19:29:32 GMT
server
cloudflare
x-timer
S1603647239.303696,VS0,VE3
etag
"5f72399c-9055"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-type
image/jpeg
x-styx-req-id
8508d30a-13db-11eb-afcf-7284a5791b12
expires
Fri, 22 Oct 2021 20:25:11 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5e8ea619ac7a177a-FRA
x-pantheon-styx-hostname
styx-fe4-a-54d497547b-xnqcq
author-profile-default.jpg
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_large/public/2017-10/ 		56 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_large/public/2017-10/author-profile-default.jpg?h=6386ac74&itok=0czhl3gL
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d042932d99f9a523a46ef911217920a971ba7833d6ab930a94a5b91348413668
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
2635289
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
cf-bgj
h2pri
content-length
57437
cf-request-id
060d06240a0000177a37393000000001
x-served-by
cache-mdw17326-MDW, cache-fra19131-FRA
last-modified
Mon, 27 Apr 2020 18:44:26 GMT
server
cloudflare
x-timer
S1601189821.369787,VS0,VE2
etag
"5ea7280a-e05d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-type
image/jpeg
x-styx-req-id
a8a9e028-feb8-11ea-bf8e-32c6150fb148
expires
Sat, 25 Sep 2021 22:52:44 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5e8ea619ac7c177a-FRA
x-pantheon-styx-hostname
styx-fe4-b-548c7f4b68-ggjkp
1090918710.jpg
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2020-10/ 		49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2020-10/1090918710.jpg?h=3c7d5180&itok=-AIefpL7
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c68b1e75b76cd26f0b5e00be54a90af41b9ec4d68d2549b638b018c0f0cffae
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
537930
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
cf-bgj
h2pri
content-length
50043
cf-request-id
060d06240a0000177a13a93000000001
x-served-by
cache-mdw17359-MDW, cache-fra19171-FRA
last-modified
Wed, 21 Oct 2020 12:14:16 GMT
server
cloudflare
x-timer
S1603287180.281707,VS0,VE1
etag
"5f902618-c37b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-type
image/jpeg
x-styx-req-id
59c5516f-1397-11eb-afcf-7284a5791b12
expires
Fri, 22 Oct 2021 12:17:13 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5e8ea619ac80177a-FRA
x-pantheon-styx-hostname
styx-fe4-a-54d497547b-xnqcq
GettyImages-507993976.jpg
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2020-10/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2020-10/GettyImages-507993976.jpg?h=cf8b8db7&itok=rxYASBM3
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ac0aecef7e27f027e401d791bac929719a521f003cf1a55edd03b86f41c0afa
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
823001
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
cf-bgj
h2pri
content-length
33487
cf-request-id
060d06240b0000177a1e9c0000000001
x-served-by
cache-mdw17353-MDW, cache-fra19136-FRA
last-modified
Mon, 12 Oct 2020 11:03:14 GMT
server
cloudflare
x-timer
S1603002109.471133,VS0,VE2
etag
"5f8437f2-82cf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-type
image/jpeg
x-styx-req-id
ce68630a-0c7a-11eb-bd8b-5ec4e29d31ab
expires
Wed, 13 Oct 2021 11:05:15 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5e8ea619ac82177a-FRA
x-pantheon-styx-hostname
styx-fe4-a-59d4d669dd-s5ztn
GettyImages-507072286.jpg
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2020-09/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2020-09/GettyImages-507072286.jpg?h=d1757362&itok=-Hv266ZT
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc4cb1e7de0d13a30a4d6dbcd555091fc6fc6484164e9676acd66c65786afe53
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
3360024
x-cache
HIT, MISS
status
200
x-cache-hits
1, 0
cf-bgj
h2pri
content-length
39066
cf-request-id
060d06240b0000177a07022000000001
x-served-by
cache-mdw17338-MDW, cache-fra19136-FRA
last-modified
Fri, 18 Sep 2020 19:17:36 GMT
server
cloudflare
x-timer
S1600465087.763020,VS0,VE107
etag
"5f6507d0-989a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-type
image/jpeg
x-styx-req-id
c3f59717-f9ec-11ea-880f-063fc8aa2200
expires
Sun, 19 Sep 2021 20:23:08 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5e8ea619ac85177a-FRA
x-pantheon-styx-hostname
styx-fe4-b-548c7f4b68-swdq2
8.jpg
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2020-09/ 		34 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2020-09/8.jpg?h=62bc044e&itok=lw3Fq-c6
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c253bcccc10889781e11b9cbbe00027c3167f8b50008c77e568275210c30be0
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
3447287
x-cache
MISS, MISS
status
200
x-cache-hits
0, 0
cf-bgj
h2pri
content-length
35061
cf-request-id
060d06240b0000177af936e000000001
x-served-by
cache-mdw17359-MDW, cache-fra19155-FRA
last-modified
Thu, 17 Sep 2020 15:48:06 GMT
server
cloudflare
x-timer
S1600377823.266979,VS0,VE362
etag
"5f638536-88f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-type
image/jpeg
x-styx-req-id
10298070-f92c-11ea-a83e-aeda1434bb81
expires
Sat, 18 Sep 2021 21:23:43 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5e8ea619ac86177a-FRA
x-pantheon-styx-hostname
styx-fe4-a-7d74f95bf6-v86tx
logo--white.svg
symantec-enterprise-blogs.security.com/blogs/assets/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://symantec-enterprise-blogs.security.com/blogs/assets/logo--white.svg
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d40ab27234d0b8b08c05d6659a47cbf578e77d7690e47be8776a64d627a78a8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
cf-cache-status
HIT
age
77636
status
200
cf-request-id
060d06240c0000177ac4bdf000000001
last-modified
Thu, 24 Sep 2020 20:59:21 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"226c-174c1e9d428"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 vegur
cache-control
public, max-age=86400
cf-ray
5e8ea619ac89177a-FRA
runtime-es2015.da0a6e8d67e0e9164a4b.js
symantec-enterprise-blogs.security.com/blogs/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/runtime-es2015.da0a6e8d67e0e9164a4b.js
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64ee3ad7460a82a339b132b289b4b74f1ae786fa12c0109dd7165ff4e8b48474
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://symantec-enterprise-blogs.security.com
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
cf-cache-status
HIT
age
18879
status
200
cf-request-id
060d0623eb0000177a0091d000000001
last-modified
Thu, 24 Sep 2020 20:59:22 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"923-174c1e9d810"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 vegur
cache-control
public, max-age=86400
cf-ray
5e8ea6197bff177a-FRA
polyfills-es2015.b4a3bdae6bcd059f26dd.js
symantec-enterprise-blogs.security.com/blogs/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f84c9548165501ce3fa3bc51d975350c0ae3646e30f5d12535d0a906b8e05902
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://symantec-enterprise-blogs.security.com
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
cf-cache-status
HIT
age
83080
status
200
cf-request-id
060d0623f80000177a1e9be000000001
last-modified
Thu, 24 Sep 2020 20:59:47 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"911c-174c1ea39b8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 vegur
cache-control
public, max-age=86400
cf-ray
5e8ea6198c30177a-FRA
main-es2015.4b580e7d1bd14f30f498.js
symantec-enterprise-blogs.security.com/blogs/ 		455 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/main-es2015.4b580e7d1bd14f30f498.js
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b1a808d56844242866fb4c606b68c53d5ac0688dfd60730f38b226259599acb
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://symantec-enterprise-blogs.security.com
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
cf-cache-status
HIT
age
54410
status
200
cf-request-id
060d0624090000177a2296b000000001
last-modified
Thu, 24 Sep 2020 20:59:47 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"71a2a-174c1ea39b8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 vegur
cache-control
public, max-age=86400
cf-ray
5e8ea619ac6f177a-FRA
301196e0-93ad-473e-a572-975514574496.json
cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/301196e0-93ad-473e-a572-975514574496.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aec7d0fa1d98c93f893e600a11e3ce55456478ea42352ee936cb3d83c3cef0f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5lutxIeBani2G35xW7qVrQ==
age
7156
status
200
vary
Accept-Encoding
content-length
1241
cf-request-id
060d06240c0000d6ede1bbc000000001
x-ms-lease-status
unlocked
last-modified
Wed, 02 Sep 2020 05:54:32 GMT
server
cloudflare
etag
0x8D84F04A9E1A6F5
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
eb75a1a5-b01e-00c7-6af5-80a427000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5e8ea619af03d6ed-FRA
gtm.js
www.googletagmanager.com/ 		127 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KF7XWD
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
204ce81e2d01b1e22b91efcae62c35f2a163f7dc217561c43fa6c58c90b517b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40950
x-xss-protection
0
last-modified
Tue, 27 Oct 2020 18:19:02 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 27 Oct 2020 18:58:30 GMT
Gotham-Book_Web.d838b98f75e3cb9574f9.woff2
symantec-enterprise-blogs.security.com/blogs/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/Gotham-Book_Web.d838b98f75e3cb9574f9.woff2
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://symantec-enterprise-blogs.security.com
Referer
https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 vegur
vary
Accept-Encoding
cf-cache-status
HIT
age
28835
status
200
content-length
41728
cf-request-id
060d0624120000177a4084c000000001
last-modified
Thu, 24 Sep 2020 20:59:21 GMT
server
cloudflare
etag
W/"a300-174c1e9d428"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
5e8ea619bc9f177a-FRA
fontawesome-webfont.af7ae505a9eed503f8b8.woff2
symantec-enterprise-blogs.security.com/blogs/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/fontawesome-webfont.af7ae505a9eed503f8b8.woff2?v=4.7.0
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://symantec-enterprise-blogs.security.com
Referer
https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 vegur
vary
Accept-Encoding
cf-cache-status
HIT
age
28835
status
200
content-length
77160
cf-request-id
060d0624120000177a2221e000000001
last-modified
Thu, 24 Sep 2020 20:59:21 GMT
server
cloudflare
etag
W/"12d68-174c1e9d428"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
5e8ea619bca2177a-FRA
Gotham-Medium_Web.68ce85d44fef05344ea7.woff2
symantec-enterprise-blogs.security.com/blogs/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/Gotham-Medium_Web.68ce85d44fef05344ea7.woff2
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://symantec-enterprise-blogs.security.com
Referer
https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 vegur
vary
Accept-Encoding
cf-cache-status
HIT
age
28835
status
200
content-length
41488
cf-request-id
060d0624160000177a13a95000000001
last-modified
Thu, 24 Sep 2020 20:59:21 GMT
server
cloudflare
etag
W/"a210-174c1e9d428"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
5e8ea619bca6177a-FRA
Gotham-Bold_Web.003e90cf8cb3f8b4bef3.woff2
symantec-enterprise-blogs.security.com/blogs/ 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/Gotham-Bold_Web.003e90cf8cb3f8b4bef3.woff2
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://symantec-enterprise-blogs.security.com
Referer
https://symantec-enterprise-blogs.security.com/blogs/styles.cd3528d4d93891573cb5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
via
1.1 vegur
vary
Accept-Encoding
cf-cache-status
HIT
age
28835
status
200
content-length
39264
cf-request-id
060d0624180000177aec8b7000000001
last-modified
Thu, 24 Sep 2020 20:59:21 GMT
server
cloudflare
etag
W/"9960-174c1e9d428"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
5e8ea619bca8177a-FRA
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		164 B
515 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0cc0930a1ab7e9ae754783576228f3c32caa07605236711cf81035f3f45f0ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
5e8ea61a7964d6f9-FRA
cf-request-id
060d06248c0000d6f98e28f000000001
blogs
symantec-enterprise-blogs.security.com/blogs/api/v1/ 		2 MB
387 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/api/v1/blogs?aid=c07745ed
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73c677c9deb302658596aed8fe792f845d84a9ca10b16cf3e9bfec9f8f3e9554
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-cache
HIT, MISS
status
200
x-drupal-dynamic-cache
HIT
x-cache-hits
1, 0
vary
Accept-Encoding, Cookie
content-length
395954
cf-request-id
060d0624fe0000177a3b0a9000000001
x-served-by
cache-mdw17324-MDW, cache-fra19124-FRA
x-drupal-cache
HIT
last-modified
Sun, 25 Oct 2020 04:23:16 GMT
server
cloudflare
x-timer
S1603602233.998847,VS0,VE139
x-frame-options
SAMEORIGIN
etag
W/"1603599796"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-language
en
via
1.1 varnish
x-generator
Drupal 8 (https://www.drupal.org)
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
max-age=600, public
x-ua-compatible
IE=edge
accept-ranges
bytes
cf-ray
5e8ea61b2fa0177a-FRA
x-styx-req-id
6e8d8599-167f-11eb-bd3f-5a62f14391db
content-type
application/json
x-pantheon-styx-hostname
styx-fe4-b-55f8cd4fb8-2nsl8
announcement
symantec-enterprise-blogs.security.com/blogs/api/v1/blogs/ 		44 B
529 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/api/v1/blogs/announcement?aid=c07745ed
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d5de519d6ec314d664a272eb96cbc6b1cd36e995a3de2fe545568dfc099ac6d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-cache
HIT, HIT
status
200
x-drupal-dynamic-cache
MISS
x-cache-hits
1, 1
vary
Accept-Encoding, Cookie
content-length
59
cf-request-id
060d0624fe0000177a1e9d1000000001
x-served-by
cache-mdw17330-MDW, cache-fra19128-FRA
x-drupal-cache
HIT
last-modified
Wed, 21 Oct 2020 19:20:38 GMT
server
cloudflare
x-timer
S1603311196.571349,VS0,VE109
x-frame-options
SAMEORIGIN
etag
W/"1603308038"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-language
en
via
1.1 varnish
x-generator
Drupal 8 (https://www.drupal.org)
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
max-age=600, public
x-ua-compatible
IE=edge
accept-ranges
bytes
cf-ray
5e8ea61b3fa3177a-FRA
x-styx-req-id
17da8b69-13d4-11eb-bd3f-5a62f14391db
content-type
application/json
x-pantheon-styx-hostname
styx-fe4-b-55f8cd4fb8-2nsl8
api.js
www.google.com/recaptcha/ 		913 B
795 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/main-es2015.4b580e7d1bd14f30f498.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a95e5847c0b26e0f6a4101931fb287650c966d40730b6d7a2a7ea50af6f92c2c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
578
x-xss-protection
1; mode=block
expires
Tue, 27 Oct 2020 18:58:30 GMT
by-alias
symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/ 		174 KB
38 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=c07745ed&alias=blog-post/palmerworm-blacktech-espionage-apt
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:31d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4cb51fbecd053df8a8e4b63e4938935ac2111fe96451d633e72857775fb9cb01
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-cache
HIT, MISS
status
200
x-drupal-dynamic-cache
MISS
x-cache-hits
1, 0
vary
Accept-Encoding, Cookie
content-length
38115
cf-request-id
060d0625140000177a00935000000001
x-served-by
cache-mdw17368-MDW, cache-fra19173-FRA
x-drupal-cache
HIT
last-modified
Sun, 25 Oct 2020 03:15:14 GMT
server
cloudflare
x-timer
S1603647240.937406,VS0,VE105
x-frame-options
SAMEORIGIN
etag
W/"1603595714"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubDomains
content-language
en
via
1.1 varnish, 1.1 varnish
x-generator
Drupal 8 (https://www.drupal.org)
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
max-age=600, public
x-ua-compatible
IE=edge
accept-ranges
bytes
cf-ray
5e8ea61b5fee177a-FRA
x-styx-req-id
28842ce3-16e7-11eb-8c6d-ee26e269d0e1
content-type
application/json
x-pantheon-styx-hostname
styx-fe4-b-55f8cd4fb8-rclfb
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.5.0/ 		325 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35c58621ebc497e8ed532d9df589e3dd703e1cb083bf2719bad754b87e43442f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
AvbD4VHYe4H/QnyU6j8v5w==
age
39
cf-polished
origSize=332939
status
200
vary
Accept-Encoding
cf-request-id
060d062528000016f2d2b6e000000001
x-ms-lease-status
unlocked
expires
Wed, 04 Nov 2020 18:58:30 GMT
last-modified
Thu, 27 Aug 2020 03:43:22 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
49fa1bd4-f01e-0103-71a9-9d9db4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
cf-ray
5e8ea61b7e5516f2-FRA
cf-bgj
minify
2903.js
script.crazyegg.com/pages/scripts/0020/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/scripts/0020/2903.js?445506
Requested by
Host: learn.broadcom.com
URL: https://learn.broadcom.com/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3GHW6zQCPW16bSGqW7_pSz24Bv11dW5sKYhD9bRRXCW3pN3V596My1ZW1SXSgQ3QS0fLW5f90hM4L3TTxW2XBG5v3sh82mW7KlLtg3gTVr-VKsVKZ81RS7QW6B49TY7j_hGsW2Szl8R7L5Yx9W86HC586YlH04VT-3361mXxPWV1xjfZ2_BSc-W4JC1nJ3sR4vnV-Z0wV6Z7MmbW7QP1Sd2zg8TjW9cxnYw6xcbRRW7Hh0588b_ShgW20hKqP50jD-KW7c4hZ82-hkcnW68jGTY5sVj4xW1lZFvk5gYP_k3kdg1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c38e16317d3870780693b877faf601bb0bc46fbfccb15dd6a29f3801b3dd6f62

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
cf-cache-status
HIT
ce-version
11.1.118
age
87457
cf-polished
origSize=2833
status
200
cf-request-id
060d0625420000dfdf7485d000000001
last-modified
Mon, 26 Oct 2020 18:40:53 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
cf-ray
5e8ea61b9c3cdfdf-FRA
cf-bgj
minify
recaptcha__en.js
www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/ 		341 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54f3aa37078dcd01911c9da1a5fd753b5834dde5acfd90c5bd55243bba87cf6d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://symantec-enterprise-blogs.security.com
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3504
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136962
x-xss-protection
0
last-modified
Mon, 12 Oct 2020 04:11:53 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Oct 2021 18:00:06 GMT
en.json
cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/a8f0ba8f-9627-4385-b7af-d3d443ea5fb9/ 		24 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/a8f0ba8f-9627-4385-b7af-d3d443ea5fb9/en.json
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87a6dc4a473c515faa2102ecad272feb530454e41d3626caf1183eb19a11339e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
p8UCxlmCne9kkI6iKDOcLw==
age
5191
status
200
vary
Accept-Encoding
content-length
6401
cf-request-id
060d06254e0000d6ed0a226000000001
x-ms-lease-status
unlocked
last-modified
Wed, 02 Sep 2020 00:00:49 GMT
server
cloudflare
etag
0x8D84ED3407A9C46
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f80a6d06-901e-00f2-22e1-800a72000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5e8ea61bab6dd6ed-FRA
2903.json
script.crazyegg.com/pages/data-scripts/0020/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0020/2903.json?t=5346083
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbf0de93f7d7cbb5d1ca96e0d8baa5678cfbaa194e615fdf619972631fe7172d

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
cf-cache-status
HIT
age
87491
ce-version
11.1.118
status
200
content-length
1195
cf-request-id
060d0625730000dfbfe798a000000001
last-modified
Mon, 26 Oct 2020 18:40:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
cf-ray
5e8ea61beaf5dfbf-FRA
anchor
www.google.com/recaptcha/api2/ Frame 9233 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&size=normal&cb=dhhgv6vqacqz
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__en.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Q3Jvr92JpDBlvReC/7PHLw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&size=normal&cb=dhhgv6vqacqz
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 27 Oct 2020 18:58:30 GMT
content-security-policy
script-src 'report-sample' 'nonce-Q3Jvr92JpDBlvReC/7PHLw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
10871
server
GSE
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
otFlat.json
cdn.cookielaw.org/scripttemplates/6.5.0/assets/ 		12 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.5.0/assets/otFlat.json
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
NgHQTHCGWwGmNE0ie37G8A==
age
1637241
status
200
vary
Accept-Encoding
content-length
3248
cf-request-id
060d0625830000d6edf6362000000001
x-ms-lease-status
unlocked
last-modified
Thu, 27 Aug 2020 03:43:16 GMT
server
cloudflare
etag
0x8D84A3B556B9C39
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
2565cbeb-d01e-0114-3daf-9d5dd7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5e8ea61c0c50d6ed-FRA
expires
Wed, 04 Nov 2020 18:58:30 GMT
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.5.0/assets/ 		61 KB
15 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.5.0/assets/otPcCenter.json
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f5bf5edcefe950e16d287cdcb9c28690952439098ee0639f4a960fe268ae231
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ebGLXbyX4UjJx8DgFc7F7g==
age
1637241
status
200
vary
Accept-Encoding
content-length
14901
cf-request-id
060d0625840000d6edeb867000000001
x-ms-lease-status
unlocked
last-modified
Thu, 27 Aug 2020 03:43:17 GMT
server
cloudflare
etag
0x8D84A3B55B1B344
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
8852adbd-901e-0035-51af-9d76b3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5e8ea61c0c58d6ed-FRA
expires
Wed, 04 Nov 2020 18:58:30 GMT
11.1.118.js
script.crazyegg.com/pages/versioned/common-scripts/ 		99 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/11.1.118.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0020/2903.js?445506
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 27 Oct 2020 18:58:30 GMT
content-encoding
gzip
cf-cache-status
HIT
age
87499
cf-polished
origSize=105320
status
200
cf-request-id
060d06258b0000dfdfdc3af000000001
last-modified
Mon, 14 Sep 2020 15:45:13 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
cf-ray
5e8ea61c1d25dfdf-FRA
cf-bgj
minify
truncated
/ 		817 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KF7XWD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
4145
date
Tue, 27 Oct 2020 17:49:25 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Tue, 27 Oct 2020 19:49:25 GMT
collect
www.google-analytics.com/j/ 		1 B
82 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&aip=1&a=1442396363&t=pageview&_s=1&dl=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fpalmerworm-blacktech-espionage-apt%3Futm_campaign%3DSED_2020_Endpoint_Security_Newsletter%26utm_medium%3Demail%26_hsmi%3D98381915%26_hsenc%3Dp2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg%26utm_content%3D98381915%26utm_source%3Dhs_email&dp=%2Fblogs%2Fthreat-intelligence%2Fpalmerworm-blacktech-espionage-apt%3Futm_campaign%3DSED_2020_Endpoint_Security_Newsletter%26utm_medium%3Demail%26_hsmi%3D98381915%26_hsenc%3Dp2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg%26utm_content%3D98381915%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Palmerworm%3A%20Espionage%20Gang%20Targets%20the%20Media%2C%20Finance%2C%20and%20Other%20Sectors%20%7C%20Symantec%20Blogs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=1630390625&gjid=1853524148&cid=951118959.1603825111&tid=UA-61260089-18&_gid=189161966.1603825111&_r=1&gtm=2wgae2KF7XWD&z=1927693263
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 27 Oct 2020 18:58:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://symantec-enterprise-blogs.security.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&aip=1&a=1442396363&t=pageview&_s=1&dl=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fpalmerworm-blacktech-espionage-apt%3Futm_campaign%3DSED_2020_Endpoint_Security_Newsletter%26utm_medium%3Demail%26_hsmi%3D98381915%26_hsenc%3Dp2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg%26utm_content%3D98381915%26utm_source%3Dhs_email&dp=%2Fblogs%2Fthreat-intelligence%2Fpalmerworm-blacktech-espionage-apt%3Futm_campaign%3DSED_2020_Endpoint_Security_Newsletter%26utm_medium%3Demail%26_hsmi%3D98381915%26_hsenc%3Dp2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg%26utm_content%3D98381915%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Palmerworm%3A%20Espionage%20Gang%20Targets%20the%20Media%2C%20Finance%2C%20and%20Other%20Sectors%20%7C%20Symantec%20Blogs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAAABAAAAAC~&jid=189810004&gjid=687428135&cid=951118959.1603825111&tid=UA-61260089-1&_gid=189161966.1603825111&_r=1&gtm=2wgae2KF7XWD&z=560608917
Requested by
Host: symantec-enterprise-blogs.security.com
URL: https://symantec-enterprise-blogs.security.com/blogs/polyfills-es2015.b4a3bdae6bcd059f26dd.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 27 Oct 2020 18:58:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://symantec-enterprise-blogs.security.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
bframe
www.google.com/recaptcha/api2/ Frame 4F9E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&cb=lf0wh2wtusct
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__en.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-U7s84zh1YeuIrR3ai9n4Ow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&cb=lf0wh2wtusct
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt?utm_campaign=SED_2020_Endpoint_Security_Newsletter&utm_medium=email&_hsmi=98381915&_hsenc=p2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg&utm_content=98381915&utm_source=hs_email

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 27 Oct 2020 18:58:30 GMT
content-security-policy
script-src 'report-sample' 'nonce-U7s84zh1YeuIrR3ai9n4Ow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1173
server
GSE
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Verdicts & Comments Add Verdict or Comment

209 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper function| jsonFeed object| webpackJsonp function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__fetch function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched object| google_tag_manager object| __zone_symbol__loadfalse object| ng object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| ng2recaptchaloaded function| onYouTubeIframeAPIReady object| otStubData object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| CE2 string| CE_USER_DATA_URL object| __zone_symbol__testfalse object| recaptcha object| closure_lm_180403 object| __zone_symbol__messagefalse object| Optanon object| OneTrust object| google_tag_data string| GoogleAnalyticsObject function| ga object| CE2BH object| __zone_symbol__loadtrue object| gaplugins object| gaGlobal object| gaData object| domains_to_track string| folders_to_track string| extDoc string| noExtDownload string| socSites boolean| isSubDomainTracker boolean| isSeparateDomainTracker string| anchorEvent string| taggingType boolean| trackEmails boolean| trackDownloads boolean| trackOutbounds boolean| trackPhones boolean| trackSocial object| eValues string| mainDomain undefined| pageIsDownload number| flag object| mDownAtt string| doname string| linkType object| mailPattern object| urlPattern object| telPattern boolean| condition object| mainDomainRegex number| k boolean| condition1 object| mainDomainRegex1 function| _isSocial function| _isInternalFolder function| _isDownload function| _setDownloadData function| _tagLinks object| __zone_symbol__scrollfalse object| __zone_symbol__resizefalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

6 Cookies

Domain/Path Name / Value
.security.com/ Name: __cfduid
Value: dde45f53289443a1e4c9aa94f78a987401603825109
.security.com/ Name: _gat_siteTracker
Value: 1
.security.com/ Name: _gat
Value: 1
.security.com/ Name: _gid
Value: GA1.2.189161966.1603825111
.security.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Tue+Oct+27+2020+19%3A58%3A30+GMT%2B0100+(Central+European+Standard+Time)&version=6.5.0&hosts=&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fpalmerworm-blacktech-espionage-apt%3Futm_campaign%3DSED_2020_Endpoint_Security_Newsletter%26utm_medium%3Demail%26_hsmi%3D98381915%26_hsenc%3Dp2ANqtz-8-TTVmKHKU_RFenE0mkLB2IpI6QE73z3azU8nlO01RkfR_OWtFsXhltj8Zd8oZLLNSmTcMI8UDcXXX_BpyProZoitdBg%26utm_content%3D98381915%26utm_source%3Dhs_email&groups=1%3A1%2C2%3A0%2C4%3A0
.security.com/ Name: _ga
Value: GA1.2.951118959.1603825111

1 Console Messages

Source Level URL
Text
console-api debug URL: https://learn.broadcom.com/e2t/tc/VX6qWk3HczDVW3lFQwm1ZXcLnW89-nNw4hHzR8N7lCd-_5nxGrV3Zsc37CgLjjW42Rbdr777hX7W1KtXXk1Jp030W3_Vdq14h2sZ-W1JzLzQ3Cbw6HN965DjGpBqJgW8StDSn7335LqW7bTcbK8PjfHMMtrHYrh8P0kW8jJ0LT3gpxR0N40c1QpqD7M0MmFQVcvz3GHW6zQCPW16bSGqW7_pSz24Bv11dW5sKYhD9bRRXCW3pN3V596My1ZW1SXSgQ3QS0fLW5f90hM4L3TTxW2XBG5v3sh82mW7KlLtg3gTVr-VKsVKZ81RS7QW6B49TY7j_hGsW2Szl8R7L5Yx9W86HC586YlH04VT-3361mXxPWV1xjfZ2_BSc-W4JC1nJ3sR4vnV-Z0wV6Z7MmbW7QP1Sd2zg8TjW9cxnYw6xcbRRW7Hh0588b_ShgW20hKqP50jD-KW7c4hZ82-hkcnW68jGTY5sVj4xW1lZFvk5gYP_k3kdg1(Line 13)
Message:
toS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.cookielaw.org
geolocation.onetrust.com
learn.broadcom.com
script.crazyegg.com
symantec-enterprise-blogs.security.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
2606:4700:10::6814:b944
2606:4700:10::6816:31d7
2606:4700::6810:9440
2606:4700::6811:73b4
2606:4700::6813:9308
2a00:1450:4001:806::2008
2a00:1450:4001:808::200e
2a00:1450:4001:816::2003
2a00:1450:4001:819::2004
0ea50094677d2425f0c171153b70fcd3a976e721b069861878560309e925980f
204ce81e2d01b1e22b91efcae62c35f2a163f7dc217561c43fa6c58c90b517b7
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b1a808d56844242866fb4c606b68c53d5ac0688dfd60730f38b226259599acb
2d5de519d6ec314d664a272eb96cbc6b1cd36e995a3de2fe545568dfc099ac6d
2f5bf5edcefe950e16d287cdcb9c28690952439098ee0639f4a960fe268ae231
319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1
35c58621ebc497e8ed532d9df589e3dd703e1cb083bf2719bad754b87e43442f
36af8a7d264590ebd878bd978c36b1284e40879b8f7ccca2090ef68cd096734f
391d8e580c8319aea02862331de876b546a106084a4c17b2536960ea7c55da89
3c68b1e75b76cd26f0b5e00be54a90af41b9ec4d68d2549b638b018c0f0cffae
3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e
4cb51fbecd053df8a8e4b63e4938935ac2111fe96451d633e72857775fb9cb01
54f3aa37078dcd01911c9da1a5fd753b5834dde5acfd90c5bd55243bba87cf6d
5ac0aecef7e27f027e401d791bac929719a521f003cf1a55edd03b86f41c0afa
5edf0591c4287e707f07925cd102e6c8a2ebeaa6147f55e9184dd07c3af5a963
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
64ee3ad7460a82a339b132b289b4b74f1ae786fa12c0109dd7165ff4e8b48474
6607878d81b4679d09e23a0723bdb6c9aa045047cd547bfcfd7773a43e7fc828
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c253bcccc10889781e11b9cbbe00027c3167f8b50008c77e568275210c30be0
6d40ab27234d0b8b08c05d6659a47cbf578e77d7690e47be8776a64d627a78a8
73c677c9deb302658596aed8fe792f845d84a9ca10b16cf3e9bfec9f8f3e9554
87a6dc4a473c515faa2102ecad272feb530454e41d3626caf1183eb19a11339e
a67989d8193195ad85ae9d28865d0342f16bef88a97337f04048c272e721efe6
a95e5847c0b26e0f6a4101931fb287650c966d40730b6d7a2a7ea50af6f92c2c
ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951
aec7d0fa1d98c93f893e600a11e3ce55456478ea42352ee936cb3d83c3cef0f2
ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303
c38e16317d3870780693b877faf601bb0bc46fbfccb15dd6a29f3801b3dd6f62
c8724f4c1fee72e368f9ddf81921f11abbcb006d1944de1ea0559fa082b5c55a
d042932d99f9a523a46ef911217920a971ba7833d6ab930a94a5b91348413668
d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dbf0de93f7d7cbb5d1ca96e0d8baa5678cfbaa194e615fdf619972631fe7172d
dc4cb1e7de0d13a30a4d6dbcd555091fc6fc6484164e9676acd66c65786afe53
e0cc0930a1ab7e9ae754783576228f3c32caa07605236711cf81035f3f45f0ea
f6c5c5972b2462878c512cde9dd47f607518af8d1690e3cfb448cef7d06a08d7
f84c9548165501ce3fa3bc51d975350c0ae3646e30f5d12535d0a906b8e05902