URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-the...
Submission: On June 21 via api from DE — Scanned from DE

Summary

This website contacted 12 IPs in 3 countries across 9 domains to perform 65 HTTP transactions. The main IP is 13.32.121.98, located in United States and belongs to AMAZON-02, US. The main domain is blog.checkpoint.com. The Cisco Umbrella rank of the primary domain is 852974.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on October 25th 2022. Valid for: a year.
This is the only time blog.checkpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
31 13.32.121.98 16509 (AMAZON-02)
2 108.138.189.112 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
8 18.164.52.7 16509 (AMAZON-02)
3 23.57.17.43 16625 (AKAMAI-AS)
2 2001:4de0:ac1... 20446 (STACKPATH...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
13 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
65 12
Apex Domain
Subdomains
Transfer
42 checkpoint.com
blog.checkpoint.com — Cisco Umbrella Rank: 852974
www.checkpoint.com — Cisco Umbrella Rank: 166727
sc1.checkpoint.com — Cisco Umbrella Rank: 24626
641 KB
13 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 413
159 KB
2 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3657
71 KB
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 771
144 KB
2 awswaf.com
a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com
266 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 684
304 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 82
109 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 997
11 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 80
970 B
65 9
Domain Requested by
31 blog.checkpoint.com blog.checkpoint.com
13 cdn.cookielaw.org www.googletagmanager.com
cdn.cookielaw.org
8 www.checkpoint.com blog.checkpoint.com
sc1.checkpoint.com
3 sc1.checkpoint.com blog.checkpoint.com
sc1.checkpoint.com
2 cdn.onesignal.com blog.checkpoint.com
cdn.onesignal.com
2 code.jquery.com blog.checkpoint.com
2 a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com blog.checkpoint.com
a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 www.googletagmanager.com blog.checkpoint.com
1 maxcdn.bootstrapcdn.com blog.checkpoint.com
1 fonts.googleapis.com blog.checkpoint.com
65 11
Subject Issuer Validity Valid
*.checkpoint.com
GlobalSign GCC R3 DV TLS CA 2020
2022-10-25 -
2023-11-26
a year crt.sh
*.012104d9.eu-central-1.token.awswaf.com
Amazon RSA 2048 M01
2023-02-23 -
2023-09-21
7 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-05-29 -
2023-08-21
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2022-08-03 -
2023-07-14
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-12-30 -
2023-12-30
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-05-29 -
2023-08-21
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2023-04-01 -
2024-03-31
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-12-13 -
2023-12-13
a year crt.sh

This page contains 1 frames:

Primary Page: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Frame ID: 112C795161754DE0B9660E7B084C4E69
Requests: 68 HTTP requests in this frame

Screenshot

Page Title

‘Sign in to continue’ and suffer : Attackers abusing legitimate services for credential theft - Check Point BlogBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-service... Page URL
  2. https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-service... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

65
Requests

100 %
HTTPS

64 %
IPv6

9
Domains

11
Subdomains

12
IPs

3
Countries

1489 kB
Transfer

5461 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38*** Page URL
  2. https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38*** Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

65 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/
1 KB
2 KB
Document
General
Full URL
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
CloudFront /
Resource Hash
6648b11ed05230a8d51d31472c6840ba68ec80cff85866983530319004b7efe1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, max-age=0
content-length
1309
content-type
text/html; charset=UTF-8
date
Wed, 21 Jun 2023 14:13:33 GMT
server
CloudFront
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-id
IMHzom3igyU6cEaXuFUyNvP1HUnaMPUPyIjcp1-LmrPRBJcfSqUdHg==
x-amz-cf-pop
FRA60-P1
x-amzn-waf-action
challenge
x-cache
Error from cloudfront
challenge.js
a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com/a56a6a6f5963/c3e8f71e82c9/928d8296191b/
997 KB
265 KB
Script
General
Full URL
https://a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com/a56a6a6f5963/c3e8f71e82c9/928d8296191b/challenge.js
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.189.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-189-112.mxp64.r.cloudfront.net
Software
/
Resource Hash
34c57540fa6f2903770d1d603d090115ac8cc9b18caa0124eda65daf43fc63fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 21 Jun 2023 14:13:33 GMT
content-encoding
gzip
via
1.1 0dfe79aed7452aeeec8075594a25c0fe.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP64-P1
vary
Accept-Encoding
x-cache
Miss from cloudfront
x-amzn-waf-challenge-id
Root=1-6493058d-27ee197b779a9c1b77648240
content-type
text/javascript
cache-control
private, max-age=86400
x-amz-cf-id
98XD6OdM1phzEppoZOk5Wk1CkBrlcuaIcEAtbKrQ_3BTTyfVTh8oAA==
expires
0
verify
a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com/a56a6a6f5963/c3e8f71e82c9/928d8296191b/
308 B
728 B
Fetch
General
Full URL
https://a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com/a56a6a6f5963/c3e8f71e82c9/928d8296191b/verify
Requested by
Host: a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com
URL: https://a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com/a56a6a6f5963/c3e8f71e82c9/928d8296191b/challenge.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.189.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-189-112.mxp64.r.cloudfront.net
Software
/
Resource Hash
28a5fffb6adf80991284ba86c571c7fa98f00977e76bd60a0f42fa2eeda7a633

Request headers

Referer
https://blog.checkpoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 21 Jun 2023 14:13:34 GMT
via
1.1 b238d3f6f579ec0d467edb5df6f43bbe.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP64-P1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,GET,POST
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amzn-waf-challenge-id
Root=1-6493058e-62af3953536fc53b2bf66c1f
cache-control
no-cache, no-store, must-revalidate
content-length
308
x-amz-cf-id
nw9YwHuyAPlrur3g-u_30S4UQ6g0uIeRblCu0XmzetKNoZRTW-LxSg==
expires
0
Primary Request /
blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/
151 KB
32 KB
Document
General
Full URL
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx / WP Engine
Resource Hash
79bc318b7610488070386f7a3c8ddb667f48a274e2e5497d8ccae7e7d189191b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=600, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 21 Jun 2023 14:13:35 GMT
link
<https://blog.checkpoint.com/?p=244455>; rel=shortlink
server
nginx
strict-transport-security
max-age=63072000
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding,Cookie
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-id
3PISS5N2iLSXr_y-0T1QJCQIYsTwBFlL_IHQWsfEKMnawZpdocqyKQ==
x-amz-cf-pop
FRA60-P1
x-cache
Miss from cloudfront
x-cache-group
normal
x-cacheable
SHORT
x-frame-options
SAMEORIGIN
x-powered-by
WP Engine
style.min.css
blog.checkpoint.com/wp-includes/css/dist/block-library/
95 KB
13 KB
Stylesheet
General
Full URL
https://blog.checkpoint.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 04 Apr 2023 16:08:57 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"642c4b99-17ced"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
7efpLLrXO1hye6dP_nk9_Lct_71pmzT4loBr_Hvn3SksPQ035KzlqQ==
classic-themes.min.css
blog.checkpoint.com/wp-includes/css/
291 B
645 B
Stylesheet
General
Full URL
https://blog.checkpoint.com/wp-includes/css/classic-themes.min.css?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 04 Apr 2023 16:08:57 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"642c4b99-123"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
fE8IShL4wzqIWi7-kdwUnJHQosqhOUmLsYagkb38J7r_-Af_FIoKFg==
boostrap.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/
118 KB
20 KB
Stylesheet
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/boostrap.css?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
c3a6ec18e8b49b442489672e17ac68678430968967b818d7772e8f495625aef3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-1d946"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
LJkkC3kwQNe-qbRzTA5VoNQdAR8PRdB_a0p3FR7oiGJCs9iJAIY0Cw==
owl-carousel.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/
3 KB
1 KB
Stylesheet
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/owl-carousel.css?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
f1be068e1e417b77745a1587d48b8ecdc27627d2a61983acb1b3df24eb383544
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-bd1"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
4RddNoj-r6ZOlxJeR4Ga3Nrg7ljAeooI-RGcjf4AV_9BPX_P1lyJ9Q==
perfect-scrollbar.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/
5 KB
1 KB
Stylesheet
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/perfect-scrollbar.css?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
5840ec787b934fc80f101b6e22686e9e779d28a7024ebff3a75804b40fef6be5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-1251"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
AsjkUZY1T5cPrTUJcCLXDnC4MveYq-oASXvEhFSUaFlDwMamVYKKTw==
magnific-popup.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/
5 KB
2 KB
Stylesheet
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/magnific-popup.css?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
39587eb320ad541e207d4feebd137e663a562402524bf5dba0a563731a01e4e0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-15d6"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
7avRFxtghZSmedYVgyhJPGDeEGcj_IdrqUCE90macTmSF06FCLYXFQ==
fotorama.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/
15 KB
3 KB
Stylesheet
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/fotorama.css?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
3e275292d958f60b0509448e22870378fc1e3d0c6528850eb2980efcc20f530f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-3b28"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
AEFeSYtUBy4zxou82WUWmUCWS253XmuhcYQ82BQoVdQHBJwt3Cy5PA==
style.css
blog.checkpoint.com/wp-content/themes/atoms/css/
997 KB
121 KB
Stylesheet
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/css/style.css?ver=6.0.5
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
da940e0ede527f5a28f3a0fab37b661b7c48025ed57f39d4450d5848c66c2690
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 16 May 2023 22:43:11 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"646406ff-f9353"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
agvjg2ttxCfv3O37Q-6P8gqj84auvNjmjb2P7_viwtq6k_JrHPOOSw==
css
fonts.googleapis.com/
5 KB
970 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700&display=swap&ver=1680554497
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
381b541a94988f35ef5f1e763c89a4250e7c4100fe28860b2cdde9a1220ff346
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 21 Jun 2023 14:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 21 Jun 2023 13:53:00 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 21 Jun 2023 14:13:35 GMT
jquery-3.7.0.min.js
blog.checkpoint.com/wp-content/plugins/jquery-updater/js/
85 KB
30 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-content/plugins/jquery-updater/js/jquery-3.7.0.min.js?ver=3.7.0
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Sat, 13 May 2023 02:48:05 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"645efa65-155a6"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
VB3NP6hgCoWK-ghzJgVi63DXYtF9ugt2myAD8ZY4wL2HiXEQA0AStw==
jquery-migrate-3.4.0.min.js
blog.checkpoint.com/wp-content/plugins/jquery-updater/js/
13 KB
5 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-content/plugins/jquery-updater/js/jquery-migrate-3.4.0.min.js?ver=3.4.0
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Sat, 13 May 2023 02:48:05 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"645efa65-3470"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
fNQsK9NkwK4xAOU0d3FwonT6Zza6MIgU1Ju0iDHH6dGS_Rpx69GM8A==
page-font-awesome-Base64.css
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/css/
105 KB
70 KB
Stylesheet
General
Full URL
https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/css/page-font-awesome-Base64.css
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-7.cdg50.r.cloudfront.net
Software
nginx /
Resource Hash
19cc00e7c06ab1a6fb3cb5991e7c81b7b25b3babad166141815663895a8d7801
Security Headers
Name Value
Content-Security-Policy 1
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
content-security-policy
1
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
CDG50-P4
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Tue, 23 Aug 2022 23:06:20 GMT
server
nginx
etag
W/"63055d6c-1a52d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
x-amz-cf-id
j6BWQGMf5faeNKKExRwge9jsotv7Ov7jlynVUg0sFpMSKxuGD0t9Kw==
page-font-DIN-Base64.css
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/css/
61 KB
46 KB
Stylesheet
General
Full URL
https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/css/page-font-DIN-Base64.css
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-7.cdg50.r.cloudfront.net
Software
nginx /
Resource Hash
30e7388b5f275fd1c09ad27e41ed9ad5fa01a97a02d4cd119d66699e62c982db
Security Headers
Name Value
Content-Security-Policy 1
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
content-security-policy
1
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
CDG50-P4
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Tue, 23 Aug 2022 23:06:20 GMT
server
nginx
etag
W/"63055d6c-f247"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
x-amz-cf-id
n_gBs_rc7jhpsK2cHktB9EeKoAh2Qlx-AM0ywgaozA7LQvx5K1Y1lA==
page-cp-unified-v1.css
sc1.checkpoint.com/sc1/css/
292 KB
38 KB
Stylesheet
General
Full URL
https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.57.17.43 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-57-17-43.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7173289d3ce39119fa628f8484128c8041d3270634a9f07afdd4f32a7d46079e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 21 Jun 2023 14:13:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Mar 2023 17:38:15 GMT
Server
AkamaiNetStorage
ETag
"ead5a9b550fcdc68812dbcd86c5f9dda:1678903383.838936"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
38535
jquery-3.4.0.js
code.jquery.com/
273 KB
81 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.4.0.js
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
0d864c082f074c2f900ebe5035a21c7d1ed548fb5c212ca477ee9e4a6056e6aa

Request headers

Referer
https://blog.checkpoint.com/
Origin
https://blog.checkpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
content-encoding
gzip
last-modified
Wed, 16 Feb 2022 10:50:39 GMT
server
nginx
etag
W/"620cd6ff-44534"
vary
Accept-Encoding
x-hw
1687356815.dop110.am5.t,1687356815.cds263.am5.hn,1687356815.cds324.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
82681
jquery-ui.min.js
code.jquery.com/ui/1.11.4/
235 KB
63 KB
Script
General
Full URL
https://code.jquery.com/ui/1.11.4/jquery-ui.min.js
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

Request headers

Referer
https://blog.checkpoint.com/
Origin
https://blog.checkpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
content-encoding
gzip
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
etag
W/"28feccc0-3ab2b"
vary
Accept-Encoding
x-hw
1687356815.dop110.am5.t,1687356815.cds263.am5.hn,1687356815.cds317.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
64296
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/
36 KB
11 KB
Script
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.checkpoint.com/
Origin
https://blog.checkpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
1053
age
6807031
cdn-cachedat
11/15/2022 10:30:01
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"5869c96cc8f19086aee625d670d741f9"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
72fdd4f76bae0ecd44199db6750d8616
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
7dacda610dd41e33-FRA
cdn-requestpullsuccess
True
under-attack.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/
3 KB
4 KB
Image
General
Full URL
https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/under-attack.png
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-7.cdg50.r.cloudfront.net
Software
nginx /
Resource Hash
7003b61166e5a477a9b5880cafe0a0420fef0af9e35562f81488c3b4c76cb156
Security Headers
Name Value
Content-Security-Policy 1
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
content-security-policy
1
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-P4
x-cache
Miss from cloudfront
content-length
3084
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Tue, 23 Aug 2022 23:06:20 GMT
server
nginx
etag
"63055d6c-c0c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges
bytes
x-amz-cf-id
WPovq17bP2A4TZEQaRWC7QsbKoa1hkzosgEc4IZd6dBqY-6dtwXOLA==
search-btn.png
blog.checkpoint.com/wp-content/themes/atoms/images/
2 KB
2 KB
Image
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/images/search-btn.png
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
a7d7aa09becb2494f61a590c32dd433a7b0daf2bddf29c5f622ac84a4c197007
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified
Tue, 23 Aug 2022 23:06:20 GMT
server
nginx
x-amz-cf-pop
FRA60-P1
etag
"63055d6c-729"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
1833
x-amz-cf-id
kM5WBCzZqNb4H7YypZRxBzMxSAvj14uKKKgvam4iOQOxTGhtJ2dXVQ==
wp-emoji-release.min.js
blog.checkpoint.com/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 04 Apr 2023 16:08:57 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"642c4b99-4904"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
tsERoiXehd7ls0-w55YLRCcNBiI3zaJtC2iyr_wCioAojqrsaWerYA==
search-btn.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/
2 KB
2 KB
Image
General
Full URL
https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search-btn.png
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-7.cdg50.r.cloudfront.net
Software
nginx /
Resource Hash
a7d7aa09becb2494f61a590c32dd433a7b0daf2bddf29c5f622ac84a4c197007
Security Headers
Name Value
Content-Security-Policy 1
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
content-security-policy
1
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-P4
x-cache
Miss from cloudfront
content-length
1833
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Tue, 23 Aug 2022 23:06:20 GMT
server
nginx
etag
"63055d6c-729"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges
bytes
x-amz-cf-id
4MrAVFmPBLfGyP8VqwO1wsdtwAkLu2_ZQ6tHsXOLUW7xCF9_vWeUFQ==
checkpoint-logo.png
blog.checkpoint.com/wp-content/themes/atoms/images/
6 KB
6 KB
Image
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/images/checkpoint-logo.png
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
872a5945dde72a609a3139fbd4090d0b187a80c1cf3eec95b1f8ed0ce6126f23
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified
Tue, 21 Feb 2023 21:18:18 GMT
server
nginx
x-amz-cf-pop
FRA60-P1
etag
"63f5351a-1840"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
6208
x-amz-cf-id
HObcSoR44JPz---Y23Z7RmAMmfPXZHSZcx_qyrRPqZW54-szjWsacw==
featured-image-default-a-1320x462.jpg
blog.checkpoint.com/wp-content/uploads/2023/03/
51 KB
51 KB
Image
General
Full URL
https://blog.checkpoint.com/wp-content/uploads/2023/03/featured-image-default-a-1320x462.jpg
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
bfa4803a49cf717fcd562cb697bf5f8aefe4979c6f3596893d07517c8db8c479
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified
Thu, 30 Mar 2023 22:52:06 GMT
server
nginx
x-amz-cf-pop
FRA60-P1
etag
"64261296-cab6"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
51894
x-amz-cf-id
v7mGPzo0YQ-gOwqwE5wGQxlWzAfyPeJZ5tLHFBnZOuQ8z49lpTfmmQ==
nav_unified.js
sc1.checkpoint.com/sc1/unified/js/
8 KB
2 KB
Script
General
Full URL
https://sc1.checkpoint.com/sc1/unified/js/nav_unified.js
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.57.17.43 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-57-17-43.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2036f63c988ea61768ec5387b03c0b9eb6a5901291a9b700806eb6d07d6a15bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 21 Jun 2023 14:13:36 GMT
Content-Encoding
gzip
Last-Modified
Thu, 20 Oct 2022 17:03:47 GMT
Server
AkamaiNetStorage
ETag
"714caa79dd5a7bac9d0c006768312dc0:1666287285.408875"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
1707
footer.js
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/js/
3 KB
2 KB
Script
General
Full URL
https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/js/footer.js
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-7.cdg50.r.cloudfront.net
Software
nginx /
Resource Hash
ba36ba3a5a611a0a0284b826442804783bf8524e7ca724f6c440d8a5dc6b8702
Security Headers
Name Value
Content-Security-Policy 1
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
content-security-policy
1
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
CDG50-P4
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Mon, 30 Jan 2023 16:17:32 GMT
server
nginx
etag
W/"63d7ed9c-a7c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
x-amz-cf-id
ewGRG1cwHloh6zag4Ba7sPy9NlmaVqBG-vIfGiQl2xOef28BxlCxYA==
imagesloaded.min.js
blog.checkpoint.com/wp-includes/js/
5 KB
2 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Sat, 13 Jun 2020 18:53:27 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"5ee520a7-15fd"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
-NWpECfV1ovSmo8EsxUXJlOWiO5qr72vBqcSlOiBr97PpQCDOMsruQ==
masonry.min.js
blog.checkpoint.com/wp-includes/js/
24 KB
8 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-includes/js/masonry.min.js?ver=4.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Sat, 13 Jun 2020 18:53:27 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"5ee520a7-5e4a"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
q9WHso0DOOsBs0CDIYzIEyYCioUmD6WJthQVEZZL5CDuKEROMo2jig==
jquery.masonry.min.js
blog.checkpoint.com/wp-includes/js/jquery/
2 KB
1 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 18 Aug 2016 18:55:30 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"57b604a2-71b"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
wtkgtdkemvp92FB1PUXKXia5orkQr0R5kcDO6zavELvxHW55kBm8Rw==
throttle-debounce.min.js
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/
497 B
762 B
Script
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/throttle-debounce.min.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
e2d885cb2748a4fc83a4e415466a529453aaaa0f537cb31fe2e6f108472fc5c7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-1f1"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
babdEc4LtalXnuyNTxCDz6BXL1LJ017g2XWuukV_msF2dy1UZTu_KQ==
bootstrap.min.js
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/
36 KB
10 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/bootstrap.min.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-90bb"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
I8px-PoLJH6PnRG36pE7rHfvZF4k7gfqyjio80lBqO1kl3c1Z5ZfyQ==
fotorama.min.js
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/
38 KB
16 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/fotorama.min.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
7b0efce477888066982b251fa52c0e442e90a0f7506cc5f9e838eeb6c1cfeb2c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-99ae"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
kzPp7rQLIKVG8y7zlO429DAZWEkDkUWvsESNMjsuHFDiGXAhq8tUvw==
owl-carousel.min.js
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/
43 KB
12 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/owl-carousel.min.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-ad3c"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
1Zm6yjdTnxv8xb03auV_D5TANyC4hXYeNohcPxAYTUo6IORBLM3k3w==
theiaStickySidebar.min.js
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/
5 KB
2 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/theiaStickySidebar.min.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
020ff6e3208f27e7c096ce43b605ff22e4b1acb2a34dbae3ecd07da10d25ead4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-13ff"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
znM5K4Gu-8fC4d1cQPxJQTWIzrUP3sEW8SVh69E_84E4HDMWO1yobA==
fitvids.js
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/
3 KB
2 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/fitvids.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
fa2f758609856d2932d4d2b2a59d474bd5db023128b8622ab111bd65078ec7e2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 23:54:28 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63460234-cf9"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
rqDhvvU_G81NsJ-53knD7tXP6BSFR1zc1yxK_Bu7V6B-CpqRHAVItg==
scripts.js
blog.checkpoint.com/wp-content/themes/atoms/js/
170 KB
26 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-content/themes/atoms/js/scripts.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
4f17c8a0e6cefa97ee8778b9c3bcdbde195b6e18ef434c8a377af2096a7320ff
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 23 Feb 2023 23:23:16 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"63f7f564-2a907"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
_9Xn0-Pw7xtE8yt15jhGkNY_Rl1_vagSTdUC7b270UzvLllvQFIR5Q==
comment-reply.min.js
blog.checkpoint.com/wp-includes/js/
3 KB
2 KB
Script
General
Full URL
https://blog.checkpoint.com/wp-includes/js/comment-reply.min.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Fri, 08 Apr 2022 20:07:18 GMT
server
nginx
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
etag
W/"625095f6-ba5"
vary
Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-id
4gbxcqg-ufEsh3T_f1pupzOTNQI71zQsLVqMbeq0wV-0-nFU0ArxvA==
OneSignalSDK.js
cdn.onesignal.com/sdks/
9 KB
3 KB
Script
General
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.2.2
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74475967bdd27d1efa3e20fd636afe5bb0c391494f9fa5768856bb25af4690d0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
285
etag
W/"2ae26a107abd543e72c24128b019bed7"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7dacda6619d26940-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Sat, 24 Jun 2023 14:13:36 GMT
gtm.js
www.googletagmanager.com/
388 KB
109 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ef3374a766937861517f3f69e08c75f3ed792200b11bb5f0a30a8a157c65586e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110841
x-xss-protection
0
last-modified
Wed, 21 Jun 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 21 Jun 2023 14:13:36 GMT
bullet-prod.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/
1 KB
2 KB
Image
General
Full URL
https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/bullet-prod.png
Requested by
Host: sc1.checkpoint.com
URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-7.cdg50.r.cloudfront.net
Software
nginx /
Resource Hash
b9d991f032b0f626a8b215af39aaae7ad4e1e262c9fad049b6f12a4fe7afb9bc
Security Headers
Name Value
Content-Security-Policy 1
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sc1.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
content-security-policy
1
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-P4
x-cache
Miss from cloudfront
content-length
1027
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Tue, 23 Aug 2022 23:06:20 GMT
server
nginx
etag
"63055d6c-403"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges
bytes
x-amz-cf-id
x81_cdIVVG-zAMbR3d1S18TY6C7JyXnQF-MdBg9IXQ27yQzq9W8_ew==
search.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/
2 KB
2 KB
Image
General
Full URL
https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search.png
Requested by
Host: sc1.checkpoint.com
URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-7.cdg50.r.cloudfront.net
Software
nginx /
Resource Hash
fb8acb6ca1149529e5e25600bfaaa2aa77a353369dd5c8f63869f63a42279db4
Security Headers
Name Value
Content-Security-Policy 1
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sc1.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
content-security-policy
1
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-P4
x-cache
Miss from cloudfront
content-length
1658
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Tue, 23 Aug 2022 23:06:20 GMT
server
nginx
etag
"63055d6c-67a"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges
bytes
x-amz-cf-id
ag9WM0FWiL0RZYl9WaZOm_e7inBGa2s0_jgsy-nCVtpis6GKofbGlw==
intl.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/
2 KB
3 KB
Image
General
Full URL
https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/intl.png
Requested by
Host: sc1.checkpoint.com
URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-7.cdg50.r.cloudfront.net
Software
nginx /
Resource Hash
76911468519fda64950773694e032587649fe089cf454e1f4afa005cd191772c
Security Headers
Name Value
Content-Security-Policy 1
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sc1.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
content-security-policy
1
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-P4
x-cache
Miss from cloudfront
content-length
2126
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Tue, 23 Aug 2022 23:06:20 GMT
server
nginx
etag
"63055d6c-84e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges
bytes
x-amz-cf-id
msvVoChTNsuyu7Ho3BJ_F0fXZ1psQPxDE1dL2ou548IOHWn4vIbKeA==
truncated
/
188 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a22a9f782432f61776fa13ac0a9bc16dac6c3d6ee86c51c4126c5e9715cd5ec8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
34CA47_6_0.woff2
sc1.checkpoint.com/wp-content/themes/checkpoint-theme-v2/fonts/
0
0
Font
General
Full URL
https://sc1.checkpoint.com/wp-content/themes/checkpoint-theme-v2/fonts/34CA47_6_0.woff2
Requested by
Host: sc1.checkpoint.com
URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.57.17.43 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-57-17-43.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash

Request headers

Referer
https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Origin
https://blog.checkpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 21 Jun 2023 14:13:36 GMT
Server
AkamaiNetStorage
Access-Control-Allow-Methods
GET,POST
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
10
truncated
/
64 KB
64 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer
https://www.checkpoint.com/
Origin
https://blog.checkpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
font/opentype
truncated
/
23 KB
23 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e79cbb65ec0ac13329b541b9b1c51ffa16fd594139c6fdbe20dfc1d78173eac

Request headers

Referer
https://www.checkpoint.com/
Origin
https://blog.checkpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
author-image.png
blog.checkpoint.com/wp-content/uploads/2023/02/
752 B
1 KB
Image
General
Full URL
https://blog.checkpoint.com/wp-content/uploads/2023/02/author-image.png
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
01523462a4211ea90de73ad889719c964515e4be7fae2cc237e137f40ae5d0cf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified
Wed, 22 Feb 2023 22:29:41 GMT
server
nginx
x-amz-cf-pop
FRA60-P1
etag
"63f69755-2f0"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
752
x-amz-cf-id
_NqKBnCExdQYM_9W-dF6KADhf0Npd_1rwCEBb795aR4SO6iG3jnj-Q==
Picture1-1.png
blog.checkpoint.com/wp-content/uploads/2023/06/
42 KB
42 KB
Image
General
Full URL
https://blog.checkpoint.com/wp-content/uploads/2023/06/Picture1-1.png
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
b3fcff8b997f5fc8ad8db622a167ee1f37dd9c1da6ad87820d8e069527cc7dee
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified
Mon, 19 Jun 2023 00:10:36 GMT
server
nginx
x-amz-cf-pop
FRA60-P1
etag
"648f9cfc-a6ca"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
42698
x-amz-cf-id
AHKQGM9yQQJdMRGATR5TkvW-YOtsam09oeQtmi5lejr-wGndBtKdbA==
Picture2-2.png
blog.checkpoint.com/wp-content/uploads/2023/06/
18 KB
19 KB
Image
General
Full URL
https://blog.checkpoint.com/wp-content/uploads/2023/06/Picture2-2.png
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
5f6cadf948b97b3fa4e91c95bfa5bf2d2f133b003601807a1ea3d6447d99abd0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified
Mon, 19 Jun 2023 00:10:40 GMT
server
nginx
x-amz-cf-pop
FRA60-P1
etag
"648f9d00-49b8"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
18872
x-amz-cf-id
yH2U6j2COKxIHqMOiC6Mgr2m6n4voK9NDe6WswTV9MlMmCbY06-Pcg==
Picture3.jpg
blog.checkpoint.com/wp-content/uploads/2023/06/
30 KB
31 KB
Image
General
Full URL
https://blog.checkpoint.com/wp-content/uploads/2023/06/Picture3.jpg
Requested by
Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-98.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
ed30c92a5b03ff92c9e90ac56e249fcfe55c196eca1098cdfa4985e84006b03c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft/?p=244455******IOC%27s:***EmailJS:***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark:***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree:***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold:***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
strict-transport-security
max-age=63072000
via
1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified
Mon, 19 Jun 2023 00:10:42 GMT
server
nginx
x-amz-cf-pop
FRA60-P1
etag
"648f9d02-7946"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
31046
x-amz-cf-id
rm5lWhLESH1EZngCZvPUZfw2uJmDpoOidhBSwyhmT7gLrd88CenIpg==
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/
284 KB
68 KB
Script
General
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151602
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.2.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ed7f43d675c0d203d845162c122fd2a7ec79093655370e9ce24e9408c80227a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:36 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
2596
etag
W/"153f1c4acb6a72d6e5def93aaa717bee"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7dacda683c756940-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Sat, 24 Jun 2023 14:13:36 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/6be79097-5aaa-4b3b-8be4-f464d92cf186/
12 KB
5 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/6be79097-5aaa-4b3b-8be4-f464d92cf186/OtAutoBlock.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49e6085a83d493692a699bea227a31e109363c06854e28e1da65a04ef3d70fe2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
WwUkV5wh2t7Z7UjEoYbLXg==
age
9907
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
4498
x-ms-lease-status
unlocked
last-modified
Wed, 25 Jan 2023 19:56:22 GMT
server
cloudflare
etag
0x8DAFF0E3C195A14
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1916a8f4-501e-0028-64e1-5aaf59000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda696ccb36dc-FRA
expires
Thu, 22 Jun 2023 14:13:36 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0be44b8963766e88bfb1034f5cf93deb8710ec30e7a54537ff463951c5976234
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
0mEq0pw2uQHv5iDD8WI5Bw==
age
73653
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6759
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 19:30:16 GMT
server
cloudflare
etag
0x8DB6DD6F2F4383B
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
b0de61d4-001e-00de-3bc2-9f884f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda69bd2e36dc-FRA
6be79097-5aaa-4b3b-8be4-f464d92cf186.json
cdn.cookielaw.org/consent/6be79097-5aaa-4b3b-8be4-f464d92cf186/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/6be79097-5aaa-4b3b-8be4-f464d92cf186/6be79097-5aaa-4b3b-8be4-f464d92cf186.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cde084bc5ee04ea9bc5d4f5cd4c5c98443beed4311deecc87cb7eefc1533bcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
CqflGnWicKogdVwRp1k/JQ==
age
39380
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1762
x-ms-lease-status
unlocked
last-modified
Wed, 25 Jan 2023 19:56:24 GMT
server
cloudflare
etag
0x8DAFF0E3CE1BE4A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
8dc92276-f01e-0108-4470-7f85c0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda6a6f98365a-FRA
expires
Thu, 22 Jun 2023 14:13:37 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
304 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0d734d7b8016f22e077bc1e2d5929c74d5f992e72e28c54daa63f1e9a9ac84b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://blog.checkpoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Jun 2023 14:13:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
7dacda6b1bb930c3-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202301.1.0/
395 KB
94 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202301.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cda584e7c5036ad66d7d528d2209bc596a14179fa1792a559e2ae9eaa91e851
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
TPatHKMti4L8TVrK0PWkxg==
age
32342
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
96303
x-ms-lease-status
unlocked
last-modified
Wed, 22 Feb 2023 03:39:35 GMT
server
cloudflare
etag
0x8DB14866ADAA84A
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
2d40d1e3-301e-0137-62e1-5a321c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda6baf5236dc-FRA
en.json
cdn.cookielaw.org/consent/6be79097-5aaa-4b3b-8be4-f464d92cf186/6c0f7219-922c-429c-8b72-e13962a62e3c/
140 KB
25 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/6be79097-5aaa-4b3b-8be4-f464d92cf186/6c0f7219-922c-429c-8b72-e13962a62e3c/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202301.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
605b729d5714cedbe1a4e4a2bf496da36ca9ce49a49e2b71d20a2befd9f251db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
c+MpxVJOA8ow2bb1kvQPPA==
age
1749
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
24990
x-ms-lease-status
unlocked
last-modified
Wed, 25 Jan 2023 19:56:26 GMT
server
cloudflare
etag
0x8DAFF0E3DF1A8E0
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
d23b47fe-e01e-011c-2071-7f46a4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda6c6b5d365a-FRA
expires
Thu, 22 Jun 2023 14:13:37 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202301.1.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202301.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202301.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
JRquOrwnT+1fACynxEiZlA==
age
62320
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3020
x-ms-lease-status
unlocked
last-modified
Wed, 22 Feb 2023 03:39:28 GMT
server
cloudflare
etag
0x8DB148666B3B223
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
e510389d-b01e-00e5-5670-7fca11000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda6ccbeb365a-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202301.1.0/assets/v2/
61 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202301.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202301.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70fd7f6ced21739e10103744c72acdfc8e8422502d74d4fad2ddfab3aed0bbc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ykryv/G09FP6w4m7cogHHg==
age
20566
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12548
x-ms-lease-status
unlocked
last-modified
Wed, 22 Feb 2023 03:39:30 GMT
server
cloudflare
etag
0x8DB1486680298ED
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
5d0aa57e-801e-0003-2d70-7fdbe1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda6ccbec365a-FRA
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202301.1.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202301.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202301.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
wkJHHbnp3s43+NZzgCj5tg==
age
62320
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1767
x-ms-lease-status
unlocked
last-modified
Wed, 22 Feb 2023 03:39:30 GMT
server
cloudflare
etag
0x8DB148667BDAA3D
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
f21420df-e01e-013e-7870-7f2892000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda6ccbee365a-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202301.1.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202301.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202301.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
XcxlleAcPGO2n5kTZrHH2Q==
age
1749
x-ms-lease-status
unlocked
last-modified
Wed, 22 Feb 2023 03:39:39 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
e73727ec-801e-0125-5b70-7f0600000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7dacda6ccbf0365a-FRA
ot_close.svg
cdn.cookielaw.org/logos/static/
651 B
600 B
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
35223
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 19:30:18 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
953286eb-101e-008e-3d0d-a09747000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7dacda6d296136dc-FRA
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
498 B
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202301.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
61228
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 19:30:18 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
778c0509-b01e-010f-2b15-a07345000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7dacda6d3cc4365a-FRA
privacy-center.png
cdn.cookielaw.org/logos/47e3c59c-0525-4547-bb04-4b39430f40a8/9b630f80-0ad4-4be8-9223-a37ab5e74b02/5ea19ec2-7813-4a8e-b4ea-6f87c8959b4e/
1 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/47e3c59c-0525-4547-bb04-4b39430f40a8/9b630f80-0ad4-4be8-9223-a37ab5e74b02/5ea19ec2-7813-4a8e-b4ea-6f87c8959b4e/privacy-center.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cfe2988dd0e1d6bcc63e394d2818003d0a121a5a8de88a6ba8caf91dbc48c96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
HnzIqzk5bF7upvrzwNVyQA==
age
20674
content-length
1478
x-ms-lease-status
unlocked
last-modified
Fri, 28 Oct 2022 21:43:30 GMT
server
cloudflare
etag
0x8DAB92D747F1094
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
5b0f29a5-001e-0152-11e1-5a8341000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7dacda6d59ab36dc-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.checkpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Jun 2023 14:13:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
28892
x-ms-lease-status
unlocked
last-modified
Tue, 20 Jun 2023 16:31:27 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
010402d8-e01e-0171-0ba1-a3ec8a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7dacda6d59ad36dc-FRA

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend string| ajaxurl object| _wpemojiSettings function| $ function| jQuery function| documentInitOneSignal function| OneSignal object| CP object| dataLayer object| dropdown function| onCatChange object| menuItems object| mobileSubMenuItems object| body object| dark string| cpMenu string| cpMenuItem string| menuItemul string| menuItemli string| showSub string| showMenu string| fade string| mainActive string| subActive string| cpMenuMobile string| innerMenu object| menuElArray function| hideMe function| mobileTabs function| showMe function| showMeMobile function| footerMobile function| setBannerCookie function| getBannerCookie object| cp_head_band object| cpHeader object| header object| mCont function| showBanner function| closeDark function| feedbackOpen function| feedbackClose boolean| boxOpen function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry string| fotoramaVersion object| twemoji object| wp object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| ajax_buff object| dark_mode_buff object| ATBS object| addComment function| onYouTubeIframeAPIReady number| __oneSignalSdkLoadCount object| _oneSignalInitOptions object| cpxUrls string| queryParams object| paramString undefined| j undefined| currentElement undefined| currentHref undefined| modifiedHref object| OneTrustStub function| OptanonWrapper string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| Optanon object| OneTrust

5 Cookies

Domain/Path Name / Value
blog.checkpoint.com/security/sign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft Name: p244455IOC27sEmailJS053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278dd36908ce63f5386ddffaa390a0baef6a045e2254FormSpark2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa856b2d8a45e34384c4eb2c886037f22c9c90f3721FormSpreeb07876f8254667e0f023559eed548de7ad9679414c4a0d818dff16566e4bbad0d3e3fbba18e7063dFormBoldf82fb2f5f17a5bad4a0dce32ceaea377fe78c9055da1c26703a80b3f8e663461ef9d612b4ccdee38
Value: 1
.checkpoint.com/ Name: aws-waf-token
Value: 74ecd693-461c-413b-9a16-a2e179c38828:CQoAplZkASkAAAAA:KF5e15ufN/D4JEBJD541gt3xdtlGt/0XOzZT3/IkFw5VA6JRLmQ/22UQDYbfccs4wrN8wCNcEZEioREXpwirs/GABMsXsGrmF61EToN2bctogGUusJ9c2Z3AmSR6G6jBHiy8WYeouQDJC6dhcmNMpDIvenJ0PfN/H+szGQHAd2EtBW++upx/gbc/cvvARVRkt6oDz9mKTfCHJa854WmWK1/zy+yx3zD3kjRF
.onesignal.com/ Name: __cf_bm
Value: 93Pi7JR8_G5xU7V5dErdOvg3FJmPd1SOpqloBd6dxFA-1687356816-0-AWmCrJrQRa94iE3EHollWOHHw8oaBDQTVL6rB/Gh37/2ipn47M6YMB32UnTzV/lWe296Zo3OFvvxjfHsnYkar5k=
.checkpoint.com/ Name: _gcl_au
Value: 1.1.258742818.1687356817
.checkpoint.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Wed+Jun+21+2023+14%3A13%3A37+GMT%2B0000+(GMT)&version=202301.1.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fblog.checkpoint.com%2Fsecurity%2Fsign-in-to-continue-and-suffer-attackers-abusing-legitimate-services-for-credential-theft%2F%3Fp%3D244455******IOC%2527s%3A***EmailJS%3A***053c0cd2f56b2d8276d0c5e11cbe3a5c96ec278d***d36908ce63f5386ddffaa390a0baef6a045e2254***FormSpark%3A***2c6fe45dbf760970b624b08cb1ff7bc5a5e21aa8***56b2d8a45e34384c4eb2c886037f22c9c90f3721***FormSpree%3A***b07876f8254667e0f023559eed548de7ad967941***4c4a0d818dff16566e4bbad0d3e3fbba18e7063d***FormBold%3A***f82fb2f5f17a5bad4a0dce32ceaea377fe78c905***5da1c26703a80b3f8e663461ef9d612b4ccdee38***&groups=C0003%3A0%2CC0001%3A1%2CC0002%3A0%2CC0004%3A0

1 Console Messages

Source Level URL
Text
network error URL: https://sc1.checkpoint.com/wp-content/themes/checkpoint-theme-v2/fonts/34CA47_6_0.woff2
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a56a6a6f5963.012104d9.eu-central-1.token.awswaf.com
blog.checkpoint.com
cdn.cookielaw.org
cdn.onesignal.com
code.jquery.com
fonts.googleapis.com
geolocation.onetrust.com
maxcdn.bootstrapcdn.com
sc1.checkpoint.com
www.checkpoint.com
www.googletagmanager.com
108.138.189.112
13.32.121.98
18.164.52.7
2001:4de0:ac18::1:a:3b
23.57.17.43
2606:4700::6812:1d26
2606:4700::6812:a972
2606:4700::6812:bcf
2606:4700::6812:d73b
2a00:1450:4001:802::2008
2a00:1450:4001:82a::200a
01523462a4211ea90de73ad889719c964515e4be7fae2cc237e137f40ae5d0cf
020ff6e3208f27e7c096ce43b605ff22e4b1acb2a34dbae3ecd07da10d25ead4
0be44b8963766e88bfb1034f5cf93deb8710ec30e7a54537ff463951c5976234
0cda584e7c5036ad66d7d528d2209bc596a14179fa1792a559e2ae9eaa91e851
0d864c082f074c2f900ebe5035a21c7d1ed548fb5c212ca477ee9e4a6056e6aa
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19cc00e7c06ab1a6fb3cb5991e7c81b7b25b3babad166141815663895a8d7801
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
1ed7f43d675c0d203d845162c122fd2a7ec79093655370e9ce24e9408c80227a
2036f63c988ea61768ec5387b03c0b9eb6a5901291a9b700806eb6d07d6a15bf
28a5fffb6adf80991284ba86c571c7fa98f00977e76bd60a0f42fa2eeda7a633
30e7388b5f275fd1c09ad27e41ed9ad5fa01a97a02d4cd119d66699e62c982db
34c57540fa6f2903770d1d603d090115ac8cc9b18caa0124eda65daf43fc63fe
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
381b541a94988f35ef5f1e763c89a4250e7c4100fe28860b2cdde9a1220ff346
39587eb320ad541e207d4feebd137e663a562402524bf5dba0a563731a01e4e0
3e275292d958f60b0509448e22870378fc1e3d0c6528850eb2980efcc20f530f
49e6085a83d493692a699bea227a31e109363c06854e28e1da65a04ef3d70fe2
4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029
4e79cbb65ec0ac13329b541b9b1c51ffa16fd594139c6fdbe20dfc1d78173eac
4f17c8a0e6cefa97ee8778b9c3bcdbde195b6e18ef434c8a377af2096a7320ff
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5840ec787b934fc80f101b6e22686e9e779d28a7024ebff3a75804b40fef6be5
5f6cadf948b97b3fa4e91c95bfa5bf2d2f133b003601807a1ea3d6447d99abd0
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
605b729d5714cedbe1a4e4a2bf496da36ca9ce49a49e2b71d20a2befd9f251db
6648b11ed05230a8d51d31472c6840ba68ec80cff85866983530319004b7efe1
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
7003b61166e5a477a9b5880cafe0a0420fef0af9e35562f81488c3b4c76cb156
70fd7f6ced21739e10103744c72acdfc8e8422502d74d4fad2ddfab3aed0bbc5
7173289d3ce39119fa628f8484128c8041d3270634a9f07afdd4f32a7d46079e
74475967bdd27d1efa3e20fd636afe5bb0c391494f9fa5768856bb25af4690d0
76911468519fda64950773694e032587649fe089cf454e1f4afa005cd191772c
79bc318b7610488070386f7a3c8ddb667f48a274e2e5497d8ccae7e7d189191b
7b0efce477888066982b251fa52c0e442e90a0f7506cc5f9e838eeb6c1cfeb2c
7cfe2988dd0e1d6bcc63e394d2818003d0a121a5a8de88a6ba8caf91dbc48c96
872a5945dde72a609a3139fbd4090d0b187a80c1cf3eec95b1f8ed0ce6126f23
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
9cde084bc5ee04ea9bc5d4f5cd4c5c98443beed4311deecc87cb7eefc1533bcd
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a22a9f782432f61776fa13ac0a9bc16dac6c3d6ee86c51c4126c5e9715cd5ec8
a7d7aa09becb2494f61a590c32dd433a7b0daf2bddf29c5f622ac84a4c197007
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
b3fcff8b997f5fc8ad8db622a167ee1f37dd9c1da6ad87820d8e069527cc7dee
b9d991f032b0f626a8b215af39aaae7ad4e1e262c9fad049b6f12a4fe7afb9bc
ba36ba3a5a611a0a0284b826442804783bf8524e7ca724f6c440d8a5dc6b8702
bfa4803a49cf717fcd562cb697bf5f8aefe4979c6f3596893d07517c8db8c479
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
c3a6ec18e8b49b442489672e17ac68678430968967b818d7772e8f495625aef3
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
d0d734d7b8016f22e077bc1e2d5929c74d5f992e72e28c54daa63f1e9a9ac84b
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
da940e0ede527f5a28f3a0fab37b661b7c48025ed57f39d4450d5848c66c2690
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e2d885cb2748a4fc83a4e415466a529453aaaa0f537cb31fe2e6f108472fc5c7
ed30c92a5b03ff92c9e90ac56e249fcfe55c196eca1098cdfa4985e84006b03c
ef3374a766937861517f3f69e08c75f3ed792200b11bb5f0a30a8a157c65586e
f1be068e1e417b77745a1587d48b8ecdc27627d2a61983acb1b3df24eb383544
fa2f758609856d2932d4d2b2a59d474bd5db023128b8622ab111bd65078ec7e2
fb8acb6ca1149529e5e25600bfaaa2aa77a353369dd5c8f63869f63a42279db4
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869