www.cyber.nj.gov Open in urlscan Pro
45.60.124.188 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Submission: On August 31 via api (August 31st 2020, 9:07:02 pm UTC) from US

Summary HTTP 42 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 15 IPs in 4 countries across 14 domains to perform 42 HTTP transactions. The main IP is 45.60.124.188, located in United States and belongs to INCAPSULA, US. The main domain is www.cyber.nj.gov.
TLS certificate: Issued by GlobalSign CloudSSL CA - SHA256 - G3 on March 6th 2020. Valid for: 9 months.

This is the only time www.cyber.nj.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	45.60.124.188 45.60.124.188	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
6	2600:9000:214... 2600:9000:214f:ea00:17:108e:3bc0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2001:4de0:ac1... 2001:4de0:ac19::1:b:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	143.204.208.22 143.204.208.22	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
6	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.111.216.96 104.111.216.96	16625 (AKAMAI-AS) (AKAMAI-AS)
42	15

13 45.60.124.188 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

www.cyber.nj.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:214f:ea00:17:108e:3bc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.buttercms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)

cdn.polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.208.22 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-208-22.fra53.r.cloudfront.net

d33wubrfki0l68.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.216.96 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-216-96.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	nj.gov 1 redirects www.cyber.nj.gov	161 KB
6	buttercms.com cdn.buttercms.com	244 KB
5	addthis.com s7.addthis.com m.addthis.com	143 KB
3	gstatic.com fonts.gstatic.com	109 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	polyfill.io cdn.polyfill.io	679 B
2	bootstrapcdn.com stackpath.bootstrapcdn.com	38 KB
1	addthisedge.com v1.addthisedge.com	907 B
1	moatads.com z.moatads.com	1 KB
1	cloudfront.net d33wubrfki0l68.cloudfront.net	48 KB
1	jquery.com code.jquery.com	24 KB
1	onesignal.com cdn.onesignal.com	3 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
42	14

	Domain	Requested by
13	www.cyber.nj.gov	1 redirects www.cyber.nj.gov
6	cdn.buttercms.com	www.cyber.nj.gov
3	s7.addthis.com	www.cyber.nj.gov s7.addthis.com
3	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	www.cyber.nj.gov
2	m.addthis.com	s7.addthis.com
2	www.google-analytics.com	www.googletagmanager.com www.cyber.nj.gov
2	cdn.polyfill.io	www.cyber.nj.gov
2	stackpath.bootstrapcdn.com	www.cyber.nj.gov
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	d33wubrfki0l68.cloudfront.net	www.cyber.nj.gov
1	code.jquery.com	www.cyber.nj.gov
1	cdn.onesignal.com	www.cyber.nj.gov
1	www.googletagmanager.com	www.cyber.nj.gov
42	15

This site contains links to these domains. Also see Links.

Domain
nj.gov
www.intego.com
blog.confiant.com
www.carbonblack.com
www.bleepingcomputer.com
twitter.com
www.facebook.com
www.addthis.com

Subject Issuer	Validity	Valid
incapsula.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-03-06` - `2020-11-23`	9 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.buttercms.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-08` - `2022-02-06`	2 years	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-08-17` - `2021-04-17`	8 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-07-22` - `2021-10-13`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Frame ID: 3226BD44131C1E04BE96C70423644D07
Requests: 41 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 8E184922844C579DC81CA71613E53107
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: AA0DE1C5FC40888317C44C6DE1788F3C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer HTTP 301
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/ Page URL

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^Netlify/i

Page Statistics

42
Requests

98 %
HTTPS

71 %
IPv6

14
Domains

15
Subdomains

15
IPs

4
Countries

827 kB
Transfer

1878 kB
Size

7
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://nj.gov/
Title: OFFICIAL SITE OF THE STATE OF NEW JERSEY

Search URL Search Domain Scan URL

URL: https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/
Title: here

Search URL Search Domain Scan URL

URL: https://blog.confiant.com/confiant-malwarebytes-uncover-steganography-based-ad-payload-that-drops-shlayer-trojan-on-mac-cd31e885c202
Title: Confiant

Search URL Search Domain Scan URL

URL: https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Title: Carbon Black

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/10-percent-of-all-macs-shlayered-malware-cocktail-served/
Title: Bleeping Computer

Search URL Search Domain Scan URL

URL: https://twitter.com/NJCybersecurity

Search URL Search Domain Scan URL

URL: https://www.facebook.com/NJCCIC/

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image&utm_campaign=Marketing%20tool%20logo

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer HTTP 301
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Redirect Chain

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

57 KB
14 KB

360ms
359ms

Document
text/html

45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

29bbb520c2c569652ce861483d6f8705c76358ecc8c70ce43649a9c2452cb8e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.cyber.nj.gov
:scheme: https
:path: /threat-center/threat-profiles/macos-malware-variants/shlayer/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: visid_incap_1613844=kl9STky2Ro+B8bFKl936nGNmTV8AAAAAQUIPAAAAAAAIOnm/W6q4LrRCcpp2+pvK; nlbi_1613844=cMcqMLjGA1Ixo+y33cr+KQAAAADeeJLAhiMBsrCTVxsnwSal; incap_ses_686_1613844=LWCTfnnKHEOYmHslfimFCWRmTV8AAAAAhW3qiyTzjFIHubTldQwyCA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: public, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8
date: Mon, 31 Aug 2020 21:06:45 GMT
etag: "1afa156620220b821079f06b03dbe8b7-ssl-df"
link: </webpack-runtime-d3cce4ca0c0db03d7c3b.js>; rel=preload; as=script, </framework-372884745509c1013bff.js>; rel=preload; as=script, </app-cb226810eac1eed4e854.js>; rel=preload; as=script, </styles-8636a280cbc61d53ad10.js>; rel=preload; as=script, </b637e9a5-84b19c1f307a51411637.js>; rel=preload; as=script, </5ae7efea01b1c314bae3d2fd428353af5bee5a61-74008e00e66ebca0d7df.js>; rel=preload; as=script, </component---src-templates-markdownpage-js-d7f6aad4282afdbce238.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/threat-center/threat-profiles/macos-malware-variants/shlayer/page-data.json>; rel=preload; as=fetch; crossorigin
referrer-policy: same-origin
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-encoding: gzip
age: 0
server: Netlify
vary: Accept-Encoding
x-nf-request-id: bf0cab79-39e9-4d15-8fab-079663a85330-8985753
x-cdn: Incapsula
x-iinfo: 5-12526822-12526823 NNNN CT(18 23 0) RT(1598908004773 0) q(0 0 1 -1) r(1 4) U12

Redirect headers

status: 301
cache-control: public, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8
date: Mon, 31 Aug 2020 21:06:45 GMT
etag: "1afa156620220b821079f06b03dbe8b7-ssl-df"
link: </webpack-runtime-d3cce4ca0c0db03d7c3b.js>; rel=preload; as=script, </framework-372884745509c1013bff.js>; rel=preload; as=script, </app-cb226810eac1eed4e854.js>; rel=preload; as=script, </styles-8636a280cbc61d53ad10.js>; rel=preload; as=script, </b637e9a5-84b19c1f307a51411637.js>; rel=preload; as=script, </5ae7efea01b1c314bae3d2fd428353af5bee5a61-74008e00e66ebca0d7df.js>; rel=preload; as=script, </component---src-templates-markdownpage-js-d7f6aad4282afdbce238.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/threat-center/threat-profiles/macos-malware-variants/shlayer/page-data.json>; rel=preload; as=fetch; crossorigin
referrer-policy: same-origin
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
age: 1
server: Netlify
x-nf-request-id: bf0cab79-39e9-4d15-8fab-079663a85330-8985457
location: /threat-center/threat-profiles/macos-malware-variants/shlayer/
set-cookie: visid_incap_1613844=kl9STky2Ro+B8bFKl936nGNmTV8AAAAAQUIPAAAAAAAIOnm/W6q4LrRCcpp2+pvK; expires=Tue, 31 Aug 2021 16:33:42 GMT; HttpOnly; path=/; Domain=.cyber.nj.gov nlbi_1613844=cMcqMLjGA1Ixo+y33cr+KQAAAADeeJLAhiMBsrCTVxsnwSal; path=/; Domain=.cyber.nj.gov incap_ses_686_1613844=LWCTfnnKHEOYmHslfimFCWRmTV8AAAAAhW3qiyTzjFIHubTldQwyCA==; path=/; Domain=.cyber.nj.gov
x-cdn: Incapsula
x-iinfo: 5-12526805-12526806 NNNN CT(18 160 0) RT(1598908003935 0) q(0 0 2 0) r(2 8) U11

GET
H2 200 webpack-runtime-d3cce4ca0c0db03d7c3b.js Show response
www.cyber.nj.gov/ 12 KB
4 KB 29ms
26ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyber.nj.gov/webpack-runtime-d3cce4ca0c0db03d7c3b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.124.188 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 2d1cf08f2738213957cfb0923fb40c4377e5612188f5c2499e38dd2bec0f799f

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:45 GMT
content-encoding: gzip
x-cdn: Incapsula
etag: "6b9e943fa4b6600c5671ed6b48a696ef-ssl-df"
content-type: application/javascript
status: 200
x-iinfo: 5-12526827-12486810 2CNN RT(1598908005137 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=86400, public
content-length: 3428
expires: Tue, 01 Sep 2020 21:06:45 GMT

GET
H2 200 framework-372884745509c1013bff.js Show response
www.cyber.nj.gov/ 126 KB
40 KB 31ms
28ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyber.nj.gov/framework-372884745509c1013bff.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.124.188 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 589451bcc20d242311403682bd42dfab938a1f7861832dcf6fee812d36a6da4e

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:45 GMT
content-encoding: gzip
x-cdn: Incapsula
etag: "43b984dc2cf37ba93a1224fc1a78cc75-ssl-df"
content-type: application/javascript
status: 200
x-iinfo: 5-12526828-12525167 2CNN RT(1598908005139 0) q(0 0 0 -1) r(0 0)
cache-control: max-age=86400, public
content-length: 40750
expires: Tue, 01 Sep 2020 21:06:45 GMT

GET
H2 200 app-cb226810eac1eed4e854.js Show response
www.cyber.nj.gov/ 100 KB
32 KB 32ms
30ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyber.nj.gov/app-cb226810eac1eed4e854.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.124.188 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 4c3f9b581bb2685e98fba1f9c2cfdf096a111cf457949d68ac72721a8439a8c1

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:45 GMT
content-encoding: gzip
x-cdn: Incapsula
etag: "fe766f58fb6a295b4c6a82fa0685473f-ssl-df"
content-type: application/javascript
status: 200
x-iinfo: 5-12526829-12520093 2CNN RT(1598908005140 0) q(0 0 0 -1) r(0 0)
cache-control: max-age=86400, public
content-length: 32407
expires: Tue, 01 Sep 2020 21:06:45 GMT

GET
H2 200 styles-8636a280cbc61d53ad10.js Show response
www.cyber.nj.gov/ 61 B
176 B 35ms
32ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyber.nj.gov/styles-8636a280cbc61d53ad10.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.124.188 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 0fae8b03858a764bad3e9af19bfc924ead5b9e25c760432c19e91cba3dff1cf3

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:45 GMT
content-encoding: gzip
x-cdn: Incapsula
etag: "2366aea67fe512175a7f3047e50cd527-ssl"
content-type: application/javascript
status: 200
x-iinfo: 5-12526830-12486810 2CNN RT(1598908005142 0) q(0 0 0 -1) r(0 0)
cache-control: max-age=86400, public
content-length: 64
expires: Tue, 01 Sep 2020 21:06:45 GMT

GET
H2 200 b637e9a5-84b19c1f307a51411637.js Show response
www.cyber.nj.gov/ 86 KB
30 KB 49ms
47ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyber.nj.gov/b637e9a5-84b19c1f307a51411637.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.124.188 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 50c54f6f4cd441b2ccf1613479cb1915005ba3ba0d77e094582b5876522132ea

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:45 GMT
content-encoding: gzip
x-cdn: Incapsula
etag: "eb262424be84800bcd8f09ad0a40e182-ssl-df"
content-type: application/javascript
status: 200
x-iinfo: 5-12526831-12520090 2CNN RT(1598908005143 0) q(0 0 0 -1) r(0 0)
cache-control: max-age=86400, public
content-length: 30904
expires: Tue, 01 Sep 2020 21:06:45 GMT

GET
H2 200 5ae7efea01b1c314bae3d2fd428353af5bee5a61-74008e00e66ebca0d7df.js Show response
www.cyber.nj.gov/ 69 KB
19 KB 36ms
34ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyber.nj.gov/5ae7efea01b1c314bae3d2fd428353af5bee5a61-74008e00e66ebca0d7df.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.124.188 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8d452807b5436cc515010bae93cb29146e4ea4d18ee0de8fd5fad384a51c7a8a

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:45 GMT
content-encoding: gzip
x-cdn: Incapsula
etag: "dc3717707b0e711a8b532f8e1826999e-ssl-df"
content-type: application/javascript
status: 200
x-iinfo: 5-12526832-12486804 2CNN RT(1598908005144 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=86400, public
content-length: 19080
expires: Tue, 01 Sep 2020 21:06:45 GMT

GET
H2 200 component---src-templates-markdownpage-js-d7f6aad4282afdbce238.js Show response
www.cyber.nj.gov/ 3 KB
1 KB 634ms
632ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/component---src-templates-markdownpage-js-d7f6aad4282afdbce238.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

255adf891c0b1029bd96c810aa2271adff89b084c3de5008d3192d0fce19eb71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nf-request-id: f083c7eb-351e-4cb1-970b-b120f2ae4ac1-8663680
date: Mon, 31 Aug 2020 21:06:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
status: 200
x-iinfo: 5-12526833-12489639 2NNN RT(1598908005146 0) q(0 0 0 -1) r(6 6) U18
strict-transport-security: max-age=31536000
content-length: 1133
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "4a9f25b1892289f687acaffbf2402607-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 app-data.json
www.cyber.nj.gov/page-data/ 50 B
277 B 87ms
85ms Other
application/json 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/page-data/app-data.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

6a06aa257b9c019b58913187a57852aee9fe65e3f24b378240e06b70d613f5d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.cyber.nj.gov
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nf-request-id: bf0cab79-39e9-4d15-8fab-079663a85330-8985829
date: Sun, 30 Aug 2020 21:04:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Incapsula
age: 86536
status: 200
x-iinfo: 5-12526834-12526836 NNYY CT(0 0 0) RT(1598908005148 0) q(0 0 0 -1) r(0 0) U2
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "5be73f9b9a048a24bc0a4c3834b16a8c-ssl"
strict-transport-security: max-age=31536000
content-type: application/json
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 page-data.json
www.cyber.nj.gov/page-data/threat-center/threat-profiles/macos-malware-variants/shlayer/ 3 KB
1 KB 534ms
533ms Other
application/json 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/page-data/threat-center/threat-profiles/macos-malware-variants/shlayer/page-data.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

030413b3be13d3755cac5e0e7aa035681bf155c5af554b2b116fda8b9bb6dee3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.cyber.nj.gov
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nf-request-id: bf0cab79-39e9-4d15-8fab-079663a85330-8985831
date: Mon, 31 Aug 2020 21:06:46 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn: Incapsula
age: 1
status: 200
x-iinfo: 5-12526835-12526837 NNNY CT(0 0 0) RT(1598908005150 0) q(0 0 0 -1) r(5 5) U2
strict-transport-security: max-age=31536000
content-length: 1152
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "f86e677502caa6296521d8da3ebe131f-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-162455942-1

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d3140bc9151866991a0ef118c3dd4e11d1163851d19f8a663d55905b6141ac94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:46 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35820
x-xss-protection: 0
expires: Mon, 31 Aug 2020 21:06:46 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 8 KB
3 KB 41ms
24ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6825b92753d2d2ddd3fcbb3ec0481c2a48a93917f96e7758da2c330403b5740d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:46 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 188
etag: W/"07fe8328bd2f934c60350007c3e625e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=43200
cf-ray: 5cb9b79dbb0edfa5-FRA
cf-request-id: 04e7f1168f0000dfa523a98200000001
expires: Tue, 01 Sep 2020 09:06:46 GMT

GET
H2 200 icon
fonts.googleapis.com/ 596 B
471 B 19ms
15ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons&display=swap

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a0ad364f275187751e22dd418e7c3fa8fb6ea2f26395c097fb2881253acf1c87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:06:46 GMT
server: ESF
date: Mon, 31 Aug 2020 21:06:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Aug 2020 21:06:46 GMT

GET
H2 200 kWwPshCMTHmgpFkQuK4Q
cdn.buttercms.com/ 50 KB
51 KB 51ms
21ms Image
image/png 2600:9000:214f:ea00:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/kWwPshCMTHmgpFkQuK4Q
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a6ea5009d0ef07479970cc3bf6e6012d876d3f35bd8b5102f801c0d4ca826b71

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 06:54:17 GMT
via: 1.1 varnish, 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
age: 1692290
x-cache: Hit from cloudfront
status: 200
content-disposition: inline; filename="Cream & Gray Massage Logo-seal.png"
content-length: 51068
x-served-by: cache-bwi5136-BWI, cache-hhn4076-HHN
last-modified: Sat, 23 May 2020 14:48:06 GMT
server: nginx
x-file-name: Cream & Gray Massage Logo-seal.png
x-timer: S1597906457.117899,VS0,VE1
etag: "d6b6dce3a65b92bd2b046af24e07f7b5"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2678400
filestack-trace-id: 1597215715-Dypxl8g6Ri
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: Pij2TcJChHVuTUFzcRtVCgAyNcCRX07cUE77bm2OuvxBapRQRv9v-A==
x-cache-hits: 1, 1

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/ 157 KB
24 KB 26ms
9ms Stylesheet
text/css 2001:4de0:ac19::1:b:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.cyber.nj.gov
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 May 2020 17:29:51 GMT
status: 200
etag: "1589304591"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 23841

GET
H2 200 zCC5PhwYS9Klxami3nT3
cdn.buttercms.com/ 52 KB
53 KB 48ms
19ms Image
image/png 2600:9000:214f:ea00:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/zCC5PhwYS9Klxami3nT3
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 54e02c1aad708d776f8aa97405117122d1915765bcbe0e5a6a91bee43b64af89

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 10:09:01 GMT
via: 1.1 varnish, 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
age: 1822827
x-cache: Hit from cloudfront
status: 200
content-disposition: inline; filename="NJCCIC (3).png"
content-length: 53257
x-served-by: cache-bwi5136-BWI, cache-hhn4022-HHN
last-modified: Fri, 23 Aug 2019 19:18:36 GMT
server: nginx
x-file-name: NJCCIC (3).png
x-timer: S1597658941.140168,VS0,VE1
etag: "d4d9bca3cdafe641d16fa67ea86a2d48"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2678400
filestack-trace-id: 1597085177-lOi52YJ7Rv
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: 3K7kKzA7G61n7rbk6ZxXLFr-D68mmRymgMtOJY2Q7Il20IB6AU-RhQ==
x-cache-hits: 1, 1

GET
H2 200 jquery-3.5.1.slim.min.js Show response
code.jquery.com/ 71 KB
24 KB 273ms
8ms Script
application/javascript 2001:4de0:ac19::1:b:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.slim.min.js
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

Request headers

Origin: https://www.cyber.nj.gov
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:46 GMT
content-encoding: gzip
last-modified: Mon, 04 May 2020 23:02:39 GMT
server: nginx
status: 200
etag: W/"5eb09f0f-11abc"
vary: Accept-Encoding
x-hw: 1598908006.dop053.fr8.t,1598908006.cds248.fr8.hc,1598908006.cds240.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 24606

GET
H2 200 css
fonts.googleapis.com/ 3 KB
699 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cardo|Nunito:300&display=swap

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02c0af9f628eb666f4cad989aa8885472294a4fec47a96c579f3e65e60090cea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:06:46 GMT
server: ESF
date: Mon, 31 Aug 2020 21:06:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Aug 2020 21:06:46 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/ 59 KB
15 KB 29ms
14ms Script
text/javascript 2001:4de0:ac19::1:b:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.cyber.nj.gov
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 May 2020 17:27:09 GMT
status: 200
etag: "1589304429"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 14885

GET
H2 200 polyfill.min.js Show response
cdn.polyfill.io/v3/ 72 B
515 B 10ms
8ms Script
text/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.polyfill.io/v3/polyfill.min.js?features=fetch

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 9615595
detected-user-agent: Chrome/83.0.4103
status: 200
request_came_from_shield: HHN
server-timing: HIT, fastly;desc="Edge time";dur=0, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Tue, 12 May 2020 13:13:16 GMT
date: Mon, 31 Aug 2020 21:06:46 GMT
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/83.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 _Incapsula_Resource Show response
www.cyber.nj.gov/ 120 KB
17 KB 33ms
32ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyber.nj.gov/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=381973027
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.124.188 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 425509e9e72c95867ff06f126890638a8ca6f6ad57169ded56acaaeda432727b

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-encoding: gzip
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 17561
content-type: application/javascript

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
fonts.gstatic.com/s/materialicons/v55/ 81 KB
81 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v55/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf72a72b82528382a139fe56546c4494dd64e82706c2cbef91739445ca6a3fbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cyber.nj.gov
Referer: https://fonts.googleapis.com/icon?family=Material+Icons&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 26 Aug 2020 20:22:45 GMT
x-content-type-options: nosniff
last-modified: Wed, 19 Aug 2020 20:12:32 GMT
server: sffe
age: 434641
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82492
x-xss-protection: 0
expires: Thu, 26 Aug 2021 20:22:45 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162455942-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 6666
date: Mon, 31 Aug 2020 19:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Mon, 31 Aug 2020 21:15:40 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/r/ 35 B
79 B 14ms
13ms Image
image/gif 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=880183224&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyber.nj.gov%2Fthreat-center%2Fthreat-profiles%2Fmacos-malware-variants%2Fshlayer%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1515238372&gjid=1342979196&cid=2117259612.1598908006&tid=UA-162455942-1&_gid=374701666.1598908006&_r=1&gtm=2ou8j2&z=1438792101

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Aug 2020 21:06:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 wlp_gwjKBV1pqhv43IE7225P.woff2
fonts.gstatic.com/s/cardo/v11/ 15 KB
15 KB 28ms
14ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cardo/v11/wlp_gwjKBV1pqhv43IE7225P.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cardo|Nunito:300&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8204d955949011c5828e9abf4d8b96d072565c688aef0b35b502e5c41529a7aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cyber.nj.gov
Referer: https://fonts.googleapis.com/css?family=Cardo|Nunito:300&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 11:06:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Jul 2019 00:02:27 GMT
server: sffe
age: 36027
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14860
x-xss-protection: 0
expires: Tue, 31 Aug 2021 11:06:19 GMT

GET
H3-Q050 200 XRXW3I6Li01BKofAnsSUYevIWzgPDA.woff2
fonts.gstatic.com/s/nunito/v13/ 13 KB
14 KB 25ms
13ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v13/XRXW3I6Li01BKofAnsSUYevIWzgPDA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cardo|Nunito:300&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ded984ad3aa0617a3ad1ee35e5d132434f76a461b7a6d5bc18f48c676ce1e9a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cyber.nj.gov
Referer: https://fonts.googleapis.com/css?family=Cardo|Nunito:300&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 11:04:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 13 Jul 2020 21:55:42 GMT
server: sffe
age: 36131
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13668
x-xss-protection: 0
expires: Tue, 31 Aug 2021 11:04:35 GMT

GET
H2 200 circuitboard-27e16bfcf3cd69d15212b2c703ae08b9.png
d33wubrfki0l68.cloudfront.net/8ae1924878e7ffb54e007f0bf97396de939ac2ae/ebc2c/static/ 48 KB
48 KB 151ms
61ms Image
image/png 143.204.208.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/8ae1924878e7ffb54e007f0bf97396de939ac2ae/ebc2c/static/circuitboard-27e16bfcf3cd69d15212b2c703ae08b9.png
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.208.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-208-22.fra53.r.cloudfront.net
Software: Netlify /
Resource Hash: 08445b890d17fe47afd2ff64d7afea8a9356a00ca635b1e6791eda8a472ae479

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nf-request-id: a988316a-3a6e-4aca-9c55-2cb0dbffddb7-2067149
date: Tue, 11 Aug 2020 04:38:59 GMT
via: 1.1 16dc09493f48bbc1fd2cdd6e175a94f7.cloudfront.net (CloudFront)
server: Netlify
age: 1787267
etag: 123b2f39b51b8465a8f757ff4c5c324111553a73
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 48919
x-amz-cf-id: BPpAMstfWJPVbO7YQhI6P9FnpR8MJ-4Z7xnuOSmG42uSTSrLQPrfaA==

GET
H2 200 tZSSHXB0QZ6S9l1PQvjR
cdn.buttercms.com/ 30 KB
31 KB 14ms
13ms Image
image/png 2600:9000:214f:ea00:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/tZSSHXB0QZ6S9l1PQvjR
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a0e636a68a658ecb12cc186d1f7f9eaf7d44c9ecf6b3daf9ea069ca0173e0e3f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 26 Aug 2020 09:23:56 GMT
via: 1.1 varnish, 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
age: 773153
x-cache: Hit from cloudfront
status: 200
content-disposition: inline; filename="N CCIC (9).png"
content-length: 30731
x-served-by: cache-bwi5139-BWI, cache-fra19156-FRA
last-modified: Mon, 06 Apr 2020 19:41:11 GMT
server: nginx
x-file-name: N CCIC (9).png
x-timer: S1598433836.360013,VS0,VE89
etag: "9faf37d72772f749a87cb21a510fefc8"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2678400
filestack-trace-id: 1598134852-s4WL2O97SZ
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: TW47V1yAYb-KrumLc_6b2tx9ksL_9ionLhIPd1HdwzQzh5UHDAzlTg==
x-cache-hits: 1, 0

GET
H2 200 Qn0dlkOAQhO8adwRg2C0
cdn.buttercms.com/ 88 KB
89 KB 20ms
19ms Image
image/png 2600:9000:214f:ea00:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/Qn0dlkOAQhO8adwRg2C0
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 39fc3cf190b011ab899a8f5d5ba9e2442dfebb1bcaf4c87289ca98c05cc29b63

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 09 Aug 2020 06:18:37 GMT
via: 1.1 varnish, 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
age: 2446542
x-cache: Hit from cloudfront
status: 200
content-disposition: inline; filename="icons-footer-5-21.png"
content-length: 89868
x-served-by: cache-bwi5126-BWI, cache-hhn4071-HHN
last-modified: Sat, 23 May 2020 14:41:30 GMT
server: nginx
x-file-name: icons-footer-5-21.png
x-timer: S1596953917.481777,VS0,VE1
etag: "741c6511ab9ffd6544063467cd0742eb"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2678400
filestack-trace-id: 1596461463-3YlFr9C2Rc
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: u9I_LoXopTKj2l6FsXYPyHK1NBx9gqSDPgrk9BFnUjrJdJFFdHiKBQ==
x-cache-hits: 1, 1

GET
H2 200 yPnhycftTNGAh5m2V6uD
cdn.buttercms.com/ 14 KB
15 KB 13ms
12ms Image
image/png 2600:9000:214f:ea00:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/yPnhycftTNGAh5m2V6uD
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b8e8a5e125fc685f61004c304e204222ed9f66b50eb663d812ebfb5ec0142f98

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 30 Aug 2020 07:12:16 GMT
via: 1.1 varnish, 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
age: 1281651
x-cache: Hit from cloudfront
status: 200
content-disposition: inline; filename="3.png"
content-length: 14324
x-served-by: cache-bwi5126-BWI, cache-fra19144-FRA
last-modified: Mon, 06 Apr 2020 19:56:24 GMT
server: nginx
x-file-name: 3.png
x-timer: S1598771537.613479,VS0,VE91
etag: "2440d61115634bdba11e5d627c94753d"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2678400
filestack-trace-id: 1597626355-fIxoK15gTL
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: 9lvr7nEAFK5JVqPU9FBhTD4htAphz8JZ_XoUdpYC0knDF8m3kTIH4A==
x-cache-hits: 1, 0

GET
H2 200 Gy9nQewnQIOPbCe8DGPF
cdn.buttercms.com/ 6 KB
7 KB 24ms
23ms Image
image/png 2600:9000:214f:ea00:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/Gy9nQewnQIOPbCe8DGPF
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 46b24625f14216fcbb72db91af1aec8cd72a69513dfa48d1cc8cd62c91435d1a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 07:14:16 GMT
via: 1.1 varnish, 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
age: 277342
x-cache: Hit from cloudfront
status: 200
content-disposition: inline; filename="2.png"
content-length: 6114
x-served-by: cache-bwi5136-BWI, cache-fra19148-FRA
last-modified: Mon, 06 Apr 2020 19:56:33 GMT
server: nginx
x-file-name: 2.png
x-timer: S1598858056.136884,VS0,VE89
etag: "41c819e5f85b125ed5f42393f675082d"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2678400
filestack-trace-id: 1598630664-0eYUWozwQv
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: 8iCSM0WugH41-vI3fUBj-3I6xKzZKyJXgAjBmaUdOeZNr0mZWPxYxg==
x-cache-hits: 1, 0

GET
H2 200 polyfill.min.js
cdn.polyfill.io/v3/ 72 B
164 B 7ms
6ms Other
text/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.polyfill.io/v3/polyfill.min.js?features=fetch

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 9615595
detected-user-agent: Chrome/83.0.4103
status: 200
request_came_from_shield: HHN
server-timing: HIT, fastly;desc="Edge time";dur=0, HIT, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Tue, 12 May 2020 13:13:16 GMT
date: Mon, 31 Aug 2020 21:06:46 GMT
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/83.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 _Incapsula_Resource
www.cyber.nj.gov/ 1 B
35 B 23ms
22ms Image
text/plain 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyber.nj.gov/_Incapsula_Resource?SWKMTFSR=1&e=0.22411724047104808
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.124.188 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H3-Q050 200 css
fonts.googleapis.com/ 3 KB
1 KB 36ms
21ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cardo|Nunito:300&display=swap

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/5ae7efea01b1c314bae3d2fd428353af5bee5a61-74008e00e66ebca0d7df.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02c0af9f628eb666f4cad989aa8885472294a4fec47a96c579f3e65e60090cea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:06:46 GMT
server: ESF
date: Mon, 31 Aug 2020 21:06:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Aug 2020 21:06:46 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 154ms
58ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/5ae7efea01b1c314bae3d2fd428353af5bee5a61-74008e00e66ebca0d7df.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: W/"5ed917ff-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Mon, 31 Aug 2020 21:06:46 GMT
x-host: s7.addthis.com
content-length: 116324

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 145ms
49ms Script
application/x-javascript 104.111.216.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.216.96 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-216-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:46 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 6CDA04CEF72D568E
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=61748
accept-ranges: bytes
content-length: 948
x-amz-id-2: vmrAbpbzrBs8g4V4M3AoGAqwWb0EhELJ1wy9AWvX/tuPVstbiwgv0ja/UaK2kknp20dNDPCNIa4=

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5e263a6ccdf8622d/ 1 KB
907 B 297ms
296ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5e263a6ccdf8622d/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1eabda625693f6181fcbcea53c06ed54c3de3c8e54a202908e4665d56d647abf

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 21:06:47 GMT
content-encoding: gzip
etag: 1605543805--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=58, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 731

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 88 B
248 B 226ms
224ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=5f4d6666220388e4&bkl=0&bl=1&pdt=2211&sid=5f4d6666220388e4&pub=ra-5e263a6ccdf8622d&rev=v8.28.7-wp&ln=en&pc=men&cb=0&ab=-&dp=www.cyber.nj.gov&fp=threat-center%2Fthreat-profiles%2Fmacos-malware-variants%2Fshlayer&fr=&of=1&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1598908006858&jsl=1&skipb=1&callback=addthis.cbs.jsonp__3489379083013280
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f14ef4f03bc76b177f90fa18b4a94cd793a2a0c1d5becc0ac05f5068a3d6defd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Mon, 31 Aug 2020 21:06:47 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 88
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 8E18 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame AA0D 0
0 55ms
54ms Document
text/html 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s7.addthis.com
:scheme: https
:path: /static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 09 Sep 2019 15:34:57 GMT
etag: W/"5d767121-1115f"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 25412
date: Mon, 31 Aug 2020 21:06:46 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 custom-messages.5799ddf75a30812a3d49.js Show response
s7.addthis.com/static/ 114 KB
28 KB 51ms
51ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/custom-messages.5799ddf75a30812a3d49.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

e08ee0a0555b2527719a5d5581fb11ae492e0a111be1f89ceedd3b51e995c7c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: W/"5ed917ff-1c9fc"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Mon, 31 Aug 2020 21:06:47 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 28521

GET
H2 204 300vi.png
m.addthis.com/live/red_lojson/ 0
110 B 230ms
229ms Image
text/plain 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.addthis.com/live/red_lojson/300vi.png?cad=shba%3D1wte&positions=1wte%3Dbottom&goals=1wte%3Dshare&first=1&rv=0&uvs=5f4d66669e783d1c&pub=ra-5e263a6ccdf8622d&dp=www.cyber.nj.gov&rev=v8.28.7-wp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 31 Aug 2020 21:06:47 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 31 Aug 2020 21:06:47 GMT

GET
DATA 200
OK truncated
/ 98 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02a3d2b1c51fa7c978d0ceeabb1253da4b02194d2f4e3c83ce840aa26306b242

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cyber.nj.gov/	1969-12-31 23:59:59	Name: nlbi_1613844 Value: LRcdMMPauyVnTF/r3cr+KQAAAABdcmsrqeLYp6NAy8OOjr8C
.nj.gov/	1970-01-19 12:08:28	Name: _gat_gtag_UA_162455942_1 Value: 1
www.cyber.nj.gov/	1970-01-19 12:08:28	Name: ___utmvc Value: qp29KJlgFFUClAap2z5d0Lvq8t9IpNe92cPvL78FUEC9BpKRblbjpjqsdJYQbWonpJDeMQ+I5xAmg6xO4ezcKyYrqYUOaFZHMt4TCEFZ8MpdnVm31kTM3gdCUPJsUGEBV+F6vsp+O9L00Ozkak7WNODEz40OQLto4n575ntjO0J/3RAiiaC66ADpFbWDsRm0ogkOYY9PH21LmZZibjYOGQkwZ5uf08y41TIGeHpKObGgk/uXMUqgGL3ZlUAlCniKpKNQ/h1rv5uNHOYUkGr/+xgOFIZOasEXuvZQaTN8lOu2bXTKp5zDOGvcb+iNjPApVh7Mdg2d3M5tFjPAmCiLBJ8v9WPgGg3ETYrWwoemTR58Ts5Dyq5dmBOl+sX3fmZHoBPg9RpyN2UBV27XFtohpqUvCa5BaZSC9r/kzH/VEkgJI8brGh48YUc6hRrBlv0YmZUN92NvuWrZGJQ7URXTnuoGaDjX1HprdpLAwIiwnVwncVvMvklAAyxCNZNN496CH3KjtvUYOjXZ2ETLmiAWxYb1UVfWywLJu4OUCuFKJ0SScC+A2xA3Ux3TiMt7lFAmFHjqHWLSzteMW+c6kMtW9Zvx/pjlV7mFro73xf9avbJOJrJdD/1E9BhX7hupUPlfZGy3vlHpCqznfxpTjIMLTcc6AdaIwXEe6RLBpTQRxw4VvXc8UuJtca9EPOimZvhAkYOc67ARJGKgBPd63zGBW+IZDg1yiWd13py7IPzLZPf2RvTZm6Z/S2VO9SAJtxQw7Aom+brqMFu6JuOuVnaHPJMWokabbOev9Yn2SRIsDoDHvuRAV+9Km1x8Tnj0Z4a50PWZzOTLjrdCE+pPRqq1/Zf7kZJx5+Cug5fIdszo2wBxSxmjcU0VHRaf8kUD4FrUaKWRBruIBJJ3VqUtTYXD82iN9dkvf5GBg2zPg9UshPvQ41E96NOfnafvAkPQ+36aQYSQj6nKL0BrMzXlnbgaiOXkyPmx5Ib7XbWOnY+1AWXXu1Fpdv0HNo6+TrAYQqdLV8GsXGbst0hlggRCPUoYxvcnjHThcyIO/VLVy5dAe1ZnQJ93bP4qIGcLAy3AOC7eyQ/XiEpixwUbmXnlTJNoQERMnDG5lYyA1ZeHrwE+fi5+xozSgQ08W13UVv8C5+N8DitW0ATJ6+tA7emNrV11Vy9ljp+OCdoxD9L/xx9Y3QeWGx7J7WosloGCYAoKGptJno94ImlPvlOhV+ZstuT8jaqtNc+VjTUw7ucVUiqSpjDsl9IV3ljwI4QWmfVTd+knhR/i0JIb9sxPKJJZqr7Z+SlWxtlhgXWHfqGD6Z9H9TkfUK/q+U+CUAS0pwBI1ymYA78O7bONsNx0uciTSvmiTii3WSn6zP0/5nd+uWjIZq3oKNZP6CI3fZ0ipOFzCMAHA29iMc74xrG5vnrXN1PhDwzd8KPecYrnhH++q5Qyf+Xxfh0r5P9XgNtFOC+Bl2vDV1dL7XqfiFRvZVDEm/Lv2X3DgJZvgK/OTHXgJswGefmMhXiH+StXUKMoWj/PYEAkQc7ZzKMElnaShQNu8bMNI1xW+RY3aVdeCjAhJKqNn0uhiCPdBBS3ojajhgEUcjCrlaGKqmclgnYxuTaQipXsMhBuYM5sERGJKkRmSyxkaWdlc3Q9MTE0MzQ1LHM9YTVhNTYzODM3YjdjODg5NGE3OWM4MzYwODM5YzdlOGM2ZDdkOWE3Zjg4OTg5NjlmNzk1YzY1NmM4ZGEyYTlhNzlkYWE5ZjdiODg3MjcxNzA=
.nj.gov/	1970-01-19 12:09:54	Name: _gid Value: GA1.2.374701666.1598908006
.nj.gov/	1970-01-20 05:39:40	Name: _ga Value: GA1.2.2117259612.1598908006
.cyber.nj.gov/	1969-12-31 23:59:59	Name: incap_ses_686_1613844 Value: LWCTfnnKHEOYmHslfimFCWRmTV8AAAAAhW3qiyTzjFIHubTldQwyCA==
.cyber.nj.gov/	1970-01-19 20:53:47	Name: visid_incap_1613844 Value: kl9STky2Ro+B8bFKl936nGNmTV8AAAAAQUIPAAAAAAAIOnm/W6q4LrRCcpp2+pvK

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.buttercms.com
cdn.onesignal.com
cdn.polyfill.io
code.jquery.com
d33wubrfki0l68.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
m.addthis.com
s7.addthis.com
stackpath.bootstrapcdn.com
v1.addthisedge.com
www.cyber.nj.gov
www.google-analytics.com
www.googletagmanager.com
z.moatads.com
s7.addthis.com
104.111.216.96
143.204.208.22
2001:4de0:ac19::1:b:3a
23.210.248.44
2600:9000:214f:ea00:17:108e:3bc0:93a1
2606:4700::6812:e134
2a00:1450:4001:800::2008
2a00:1450:4001:801::200e
2a00:1450:4001:808::2003
2a00:1450:4001:81c::200a
2a00:1450:4001:81e::2003
2a00:1450:4001:821::200a
2a04:4e42:1b::621
45.60.124.188
02a3d2b1c51fa7c978d0ceeabb1253da4b02194d2f4e3c83ce840aa26306b242
02c0af9f628eb666f4cad989aa8885472294a4fec47a96c579f3e65e60090cea
030413b3be13d3755cac5e0e7aa035681bf155c5af554b2b116fda8b9bb6dee3
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
08445b890d17fe47afd2ff64d7afea8a9356a00ca635b1e6791eda8a472ae479
0fae8b03858a764bad3e9af19bfc924ead5b9e25c760432c19e91cba3dff1cf3
1eabda625693f6181fcbcea53c06ed54c3de3c8e54a202908e4665d56d647abf
255adf891c0b1029bd96c810aa2271adff89b084c3de5008d3192d0fce19eb71
29bbb520c2c569652ce861483d6f8705c76358ecc8c70ce43649a9c2452cb8e3
2d1cf08f2738213957cfb0923fb40c4377e5612188f5c2499e38dd2bec0f799f
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
39fc3cf190b011ab899a8f5d5ba9e2442dfebb1bcaf4c87289ca98c05cc29b63
425509e9e72c95867ff06f126890638a8ca6f6ad57169ded56acaaeda432727b
46b24625f14216fcbb72db91af1aec8cd72a69513dfa48d1cc8cd62c91435d1a
4c3f9b581bb2685e98fba1f9c2cfdf096a111cf457949d68ac72721a8439a8c1
50c54f6f4cd441b2ccf1613479cb1915005ba3ba0d77e094582b5876522132ea
54e02c1aad708d776f8aa97405117122d1915765bcbe0e5a6a91bee43b64af89
589451bcc20d242311403682bd42dfab938a1f7861832dcf6fee812d36a6da4e
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
6825b92753d2d2ddd3fcbb3ec0481c2a48a93917f96e7758da2c330403b5740d
6a06aa257b9c019b58913187a57852aee9fe65e3f24b378240e06b70d613f5d8
8204d955949011c5828e9abf4d8b96d072565c688aef0b35b502e5c41529a7aa
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8d452807b5436cc515010bae93cb29146e4ea4d18ee0de8fd5fad384a51c7a8a
a0ad364f275187751e22dd418e7c3fa8fb6ea2f26395c097fb2881253acf1c87
a0e636a68a658ecb12cc186d1f7f9eaf7d44c9ecf6b3daf9ea069ca0173e0e3f
a6ea5009d0ef07479970cc3bf6e6012d876d3f35bd8b5102f801c0d4ca826b71
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
b8e8a5e125fc685f61004c304e204222ed9f66b50eb663d812ebfb5ec0142f98
bf72a72b82528382a139fe56546c4494dd64e82706c2cbef91739445ca6a3fbb
d3140bc9151866991a0ef118c3dd4e11d1163851d19f8a663d55905b6141ac94
ded984ad3aa0617a3ad1ee35e5d132434f76a461b7a6d5bc18f48c676ce1e9a3
e08ee0a0555b2527719a5d5581fb11ae492e0a111be1f89ceedd3b51e995c7c5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
f14ef4f03bc76b177f90fa18b4a94cd793a2a0c1d5becc0ac05f5068a3d6defd
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

www.cyber.nj.gov Open in urlscan Pro 45.60.124.188 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

42 Requests

98 %HTTPS

71 %IPv6

14 Domains

15 Subdomains

15 IPs

4 Countries

827 kBTransfer

1878 kBSize

7 Cookies

8 Outgoing links

Page URL History

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyber.nj.gov Open in urlscan Pro
45.60.124.188 Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

98 %
HTTPS

71 %
IPv6

14
Domains

15
Subdomains

15
IPs

4
Countries

827 kB
Transfer

1878 kB
Size

7
Cookies

42 HTTP transactions
1 data transactions