URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Submission: On October 14 via api from CH

Summary

This website contacted 17 IPs in 7 countries across 15 domains to perform 75 HTTP transactions.
The main IP is 23.43.114.68, located in Netherlands and belongs to AKAMAI-ASN1, US. The main domain is unit42.paloaltonetworks.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 9th 2019. Valid for: a year.
This is the first time this domain was scanned on urlscan.io!

Verdict: Unknown

Domain & IP information

IP Address AS Autonomous System
1 49 23.43.114.68 20940 (AKAMAI-ASN1)
6 2.18.232.23 16625 (AKAMAI-AS)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2 52.50.119.187 16509 (AMAZON-02)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2 2.19.43.44 20940 (AKAMAI-ASN1)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 52.31.190.58 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.12.157 54113 (FASTLY)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 52.56.153.15 16509 (AMAZON-02)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
2 66.117.29.4 15224 (OMNITURE)
1 104.244.42.5 13414 (TWITTER)
1 104.244.42.195 13414 (TWITTER)
75 17
Domain
Subdomains
Transfer
54 paloaltonetworks.com
2 MB
6 adobedtm.com
120 KB
4 omtrdc.net
2 KB
4 google.com
931 B
3 linkedin.com
2 KB
2 google-analytics.com
17 KB
2 demdex.net
2 KB
1 twitter.com
636 B
1 t.co
448 B
1 clearbit.com
1 KB
1 licdn.com
2 KB
1 ads-twitter.com
2 KB
1 gstatic.com
90 KB
1 google.de
434 B
1 doubleclick.net
433 B
75 15
Domain Requested by
49 unit42.paloaltonetworks.com 1 redirects unit42.paloaltonetworks.com
6 assets.adobedtm.com unit42.paloaltonetworks.com
assets.adobedtm.com
4 www.google.com 1 redirects unit42.paloaltonetworks.com
www.gstatic.com
3 www.paloaltonetworks.com unit42.paloaltonetworks.com
2 paloaltonetworks.tt.omtrdc.net assets.adobedtm.com
2 px.ads.linkedin.com 1 redirects unit42.paloaltonetworks.com
2 paloaltonetworks.d1.sc.omtrdc.net assets.adobedtm.com
unit42.paloaltonetworks.com
2 ssl.google-analytics.com 1 redirects assets.adobedtm.com
2 dpm.demdex.net 1 redirects unit42.paloaltonetworks.com
1 analytics.twitter.com static.ads-twitter.com
1 t.co unit42.paloaltonetworks.com
1 www.linkedin.com 1 redirects
1 reveal.clearbit.com unit42.paloaltonetworks.com
1 snap.licdn.com unit42.paloaltonetworks.com
1 static.ads-twitter.com unit42.paloaltonetworks.com
1 www.gstatic.com www.google.com
1 www.google.de unit42.paloaltonetworks.com
1 stats.g.doubleclick.net 1 redirects
1 blog.paloaltonetworks.com unit42.paloaltonetworks.com
1 researchcenter.paloaltonetworks.com 1 redirects
75 20
Subject / Issuer Validity Valid
www.paloaltonetworks.com
DigiCert SHA2 Secure Server CA
2019-09-09 -
2020-08-12
a year
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA
2019-09-27 -
2021-10-01
2 years
*.paloaltonetworks.com
DigiCert SHA2 Secure Server CA
2018-05-12 -
2019-11-10
a year
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years
*.google-analytics.com
GTS CA 1O1
2019-09-17 -
2019-12-10
3 months
www.google.com
GTS CA 1O1
2019-09-17 -
2019-12-10
3 months
www.google.de
GTS CA 1O1
2019-09-17 -
2019-12-10
3 months
*.d1.sc.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2019-04-23 -
2020-04-14
a year
*.google.com
GTS CA 1O1
2019-09-17 -
2019-12-10
3 months
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-14 -
2020-08-18
a year
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years
clearbit.com
Amazon
2018-11-21 -
2019-12-21
a year
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2019-05-29 -
2021-06-29
2 years
*.tt.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2017-10-19 -
2020-11-25
3 years
t.co
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Web
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Web
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Web
Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

75 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set /
/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations
Redirect Chain
  • https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations
  • https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
231 KB
34 KB
Document
General
Full URL
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
77368f87956df4d585736259ba011882a17f340874fc8dcada1424f920328fad

Request headers

Host
unit42.paloaltonetworks.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Cookie
pvc_visits[0]=1571175590b99430
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Content-Type
text/html; charset=UTF-8
Server
Apache
Link
<https://unit42.paloaltonetworks.com/wp-json/>; rel="https://api.w.org/" <https://unit42.paloaltonetworks.com/?p=99430>; rel=shortlink
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Mon, 14 Oct 2019 21:39:52 GMT
Content-Length
34062
Connection
keep-alive
Set-Cookie
pvc_visits[0]=1571175590b99430; expires=Tue, 15-Oct-2019 21:39:50 GMT; Max-Age=86399; path=/; secure; HttpOnly

Redirect headers

Content-Type
text/html; charset=UTF-8
Content-Length
0
Server
Apache
X-Redirect-By
WordPress
Location
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Date
Mon, 14 Oct 2019 21:39:50 GMT
Connection
keep-alive
Set-Cookie
pvc_visits[0]=1571175590b99430; expires=Tue, 15-Oct-2019 21:39:50 GMT; Max-Age=86400; path=/; secure; HttpOnly
crayon.min.css?ver=_2.7.2_beta
/wp-content/plugins/crayon-syntax-highlighter/css/min
20 KB
4 KB
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 20 Aug 2018 10:09:13 GMT
Server
Apache
ETag
"4ecc-573db19e4a440"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3959
classic.css?ver=_2.7.2_beta
/wp-content/plugins/crayon-syntax-highlighter/themes/classic
4 KB
1011 B
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/themes/classic/classic.css?ver=_2.7.2_beta
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
01e43870a4218fe731a3516dd76725698c3aadfb285465086849c6b52ef71719

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 20 Aug 2018 10:09:13 GMT
Server
Apache
ETag
"1110-573db19e4a440"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
727
monaco.css?ver=_2.7.2_beta
/wp-content/plugins/crayon-syntax-highlighter/fonts
529 B
765 B
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8b33eebc11529672afc8f1ac6d5d4ef24bed8dfec1505a2510c805e0dd21565f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Mon, 20 Aug 2018 10:09:13 GMT
Server
Apache
ETag
"211-573db19e4a440"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
529
style.min.css?ver=5.1.2
/wp-includes/css/dist/block-library
25 KB
4 KB
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-includes/css/dist/block-library/style.min.css?ver=5.1.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a72261a5191d1485620242b7d3b735501757aef23dedc6d27c84919af838e756

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Apr 2019 07:49:58 GMT
Server
Apache
ETag
"629a-586dd5d89e353"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4258
dashicons.min.css?ver=5.1.2
/wp-includes/css
45 KB
28 KB
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-includes/css/dashicons.min.css?ver=5.1.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b81e56d299eb9260c65af214751e6dab1e591f1b979ec154ccfdf7c53d7581e5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Apr 2019 07:49:58 GMT
Server
Apache
ETag
"b516-586dd5d89cbe3"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
28661
frontend.css?ver=1.2.14
/wp-content/plugins/post-views-counter/css
289 B
525 B
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.2.14
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Wed, 03 Jul 2019 06:17:58 GMT
Server
Apache
ETag
"121-58cc0d292d180"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
289
svgs-attachment.css?ver=5.1.2
/wp-content/plugins/svg-support/css
222 B
457 B
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/svg-support/css/svgs-attachment.css?ver=5.1.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
756df835cdc3e6d51abfaa6f2cd0d48a3430e2bcc2c12566e06dc79f3ba4ff74

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 31 May 2018 09:41:29 GMT
Server
Apache
ETag
"de-56d7d4590a440"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
222
wpp.css?ver=4.2.2
/wp-content/plugins/wordpress-popular-posts/public/css
1 KB
814 B
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/wordpress-popular-posts/public/css/wpp.css?ver=4.2.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
951c201eceb26489dc9b4cc8ea4e408ae957410ea32b0fc7d4845d851886739f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Jul 2019 12:37:07 GMT
Server
Apache
ETag
"4c1-58cc61e8502c0"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
531
style.css?ver=1
/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal
851 B
1 KB
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.css?ver=1
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e8b5c0f1aab454e3dd3d47bdb0d6be1a54c0c350dff5feaa3a595937e2006df1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 25 Jul 2019 13:36:18 GMT
Server
Apache
ETag
"353-58e8182af4212"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
851
style.css?ver=1
/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-post-translations
587 B
823 B
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-post-translations/style.css?ver=1
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3c8abdbf58c4ef59adb81fb06210686eded2b17e9d322d43b5c21c9030bcd650

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 25 Jul 2019 13:36:18 GMT
Server
Apache
ETag
"24b-58e8182af49e2"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
587
main.css
/wp-content/themes/unit42-v4/dist/styles
118 KB
17 KB
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
17c0020531b85ba4d8ab85d98c242a18dfaae0dd484043f834c34b1b791221a6

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Content-Encoding
gzip
Last-Modified
Tue, 27 Aug 2019 14:11:43 GMT
Server
Apache
ETag
"1d686-59119da29aa01"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17501
jquery.js?ver=1.12.4
/wp-includes/js/jquery
95 KB
95 KB
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 05 Sep 2019 07:31:59 GMT
Server
Apache
ETag
"17a69-591c9512cc11e"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
96873
jquery-migrate.min.js?ver=1.4.1
/wp-includes/js/jquery
10 KB
10 KB
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Fri, 20 May 2016 06:11:28 GMT
Server
Apache
ETag
"2748-5333ff613c400"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10056
crayon.min.js?ver=_2.7.2_beta
/wp-content/plugins/crayon-syntax-highlighter/js/min
22 KB
22 KB
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=_2.7.2_beta
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Mon, 20 Aug 2018 10:09:13 GMT
Server
Apache
ETag
"5741-573db19e4a440"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22337
wpp-4.2.0.min.js?ver=4.2.2
/wp-content/plugins/wordpress-popular-posts/public/js
1 KB
1 KB
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/wordpress-popular-posts/public/js/wpp-4.2.0.min.js?ver=4.2.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9fd7bfa229eec86e2b02fdcf85e49e5b2699a2d9cd53ee36b4df53513d1da1f3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Wed, 03 Jul 2019 12:37:07 GMT
Server
Apache
ETag
"47b-58cc61e8502c0"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1147
wpml-language-per-domain-sso.js?ver=5.1.2
/wp-content/plugins/sitepress-multilingual-cms/res/js
608 B
858 B
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/sitepress-multilingual-cms/res/js/wpml-language-per-domain-sso.js?ver=5.1.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ceaf937026c10d043faaa8c739dffade6a318234b9cae8ce2423c93f9d510c95

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 25 Jul 2019 13:36:17 GMT
Server
Apache
ETag
"260-58e8182ae9e01"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
608
satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2
222 KB
54 KB
Script
General
Full URL
https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
1410ed93d09f58ce1ef2f2725be39740155c675651eae118f202fa639a3f1227

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:52 GMT
content-encoding
gzip
last-modified
Sat, 28 Sep 2019 17:02:26 GMT
server
AkamaiNetStorage
etag
"42ec6ad9452e1df8863141b97c955a27:1569690145.895072"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
55063
expires
Mon, 14 Oct 2019 22:39:52 GMT
attribution.js
www.paloaltonetworks.com/content/dam/pan/en_US/includes
14 KB
3 KB
Script
General
Full URL
https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/attribution.js
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29e::c3a , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
0b5545869315589ebff4d4d34ba4b82611128a092ab4480f6b8353601b2aaa04
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:52 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 27 Sep 2019 21:53:28 GMT
server
Akamai Resource Optimizer
etag
"2608f5-3603-5938fd8ade9d8"
x-frame-options
SAMEORIGIN
content-type
text/javascript
status
200
cache-control
max-age=900
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
x-robots-tag
noindex
content-length
2811
expires
Mon, 14 Oct 2019 21:54:52 GMT
paloaltonetwork.svg
/wp-content/uploads/2019/07
6 KB
6 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/07/paloaltonetwork.svg
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fae07a533098c30def81bb1c4ff7b1ad6eb91e6f37f8f5f7a864da2643418fde

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 25 Jul 2019 12:31:37 GMT
Server
Apache
ETag
"1797-58e809b5bdc40"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6039
unit42.svg
/wp-content/uploads/2019/07
3 KB
4 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/07/unit42.svg
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9a01022937485049cf468c29d52e6ff63e304fd2f4fb36fc3b3af21eae6b3646

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 12:31:30 GMT
Server
Apache
ETag
"d28-58e809af10c80"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3368
Malware-r3d1-900x450.png
/wp-content/uploads/2019/09
307 KB
307 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/Malware-r3d1-900x450.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f68014a121dda3de78ad2b553972ce7868e90fe954222884cf8b231d1bde1ee4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 19 Sep 2019 21:33:33 GMT
Server
Apache
ETag
"4cb40-592eeb49c250c"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
314176
xHunt-1.png
/wp-content/uploads/2019/09
161 KB
162 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-1.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7a25095fd16e68f12c51827f3997bd7b5e582302fcd3a6af19c4064f35d49797

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 19 Sep 2019 20:13:43 GMT
Server
Apache
ETag
"28552-592ed9712bc91"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
165202
xHunt-2-768x167.png
/wp-content/uploads/2019/09
92 KB
92 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-2-768x167.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
80e54a1c894f34375aa06433b284cf487fed2b39ec968e310f1a6ed4075cd1c1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:52 GMT
Last-Modified
Thu, 19 Sep 2019 20:21:50 GMT
Server
Apache
ETag
"16f9a-592edb41af553"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
94106
xHunt-3-768x179.png
/wp-content/uploads/2019/09
76 KB
76 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-3-768x179.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
89c6db8df0481bda8fff7ae4f67cad116bf7480e96daee8c4691845814a63625

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 19 Sep 2019 20:25:11 GMT
Server
Apache
ETag
"12e6e-592edc0168902"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
77422
xHunt-4-1-768x183.png
/wp-content/uploads/2019/09
111 KB
111 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-4-1-768x183.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d254193fed4b3884a30f84598219a3cbbfb60733f4baab1e6a35eaeb4684f1fe

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Wed, 25 Sep 2019 15:31:26 GMT
Server
Apache
ETag
"1bcae-59362589a14d0"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
113838
xHunt-5-768x152.png
/wp-content/uploads/2019/09
113 KB
113 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-5-768x152.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a209448bb0279fbc398bb62a26f63fdf945212e5462cfd3711096c2e6ef5a6c0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 19 Sep 2019 20:27:51 GMT
Server
Apache
ETag
"1c2e5-592edc9a7a97c"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
115429
xHunt-6-768x237.png
/wp-content/uploads/2019/09
169 KB
169 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-6-768x237.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d9ce3293ac4a6d0fbb600d74879b88fc505face6e219cbdab99aa3e45573c9d3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 19 Sep 2019 20:30:20 GMT
Server
Apache
ETag
"2a20d-592edd2827550"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
172557
xHunt-7-1024x534.jpg
/wp-content/uploads/2019/09
39 KB
39 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-7-1024x534.jpg
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c813ed7934707445409c4670af568f2568c2c2e691a69c85eac1666ab5756d06

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 19 Sep 2019 20:40:01 GMT
Server
Apache
ETag
"9abb-592edf52e9f9f"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
39611
xHunt-8-768x706.png
/wp-content/uploads/2019/09
233 KB
233 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-8-768x706.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
aa2c84a216fae657842d32c3ee39dce8ed06d98661781fb4932e81da8693286b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 19 Sep 2019 20:47:38 GMT
Server
Apache
ETag
"3a3dd-592ee1066b960"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
238557
xHunt-9-768x482.png
/wp-content/uploads/2019/09
224 KB
225 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-9-768x482.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9bdaee7145f5a4b666dcc14733979c2c7d42cd519a3c65653a8111f433b29c9d

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 19 Sep 2019 20:52:26 GMT
Server
Apache
ETag
"38142-592ee21901dc8"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
229698
xHunt-10.png
/wp-content/uploads/2019/09
161 KB
162 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/uploads/2019/09/xHunt-10.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7a25095fd16e68f12c51827f3997bd7b5e582302fcd3a6af19c4064f35d49797

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 19 Sep 2019 21:02:59 GMT
Server
Apache
ETag
"28552-592ee4744f525"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
165202
/
/wp-json/wordpress-popular-posts/v1/popular-posts
42 B
692 B
XHR
General
Full URL
https://unit42.paloaltonetworks.com/wp-json/wordpress-popular-posts/v1/popular-posts/
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/wp-content/plugins/wordpress-popular-posts/public/js/wpp-4.2.0.min.js?ver=4.2.2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3216935529948eb044dbdb2e7df6d6cbcb7e29a4b35e7b92e5dfa223e7e76d51
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Origin
Content-Length
42
Link
<https://unit42.paloaltonetworks.com/wp-json/>; rel="https://api.w.org/"
Server
Apache
Allow
GET, POST
Access-Control-Allow-Methods
OPTIONS, GET, POST, PUT, PATCH, DELETE
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://unit42.paloaltonetworks.com
X-WP-Nonce
72445cd591
Access-Control-Allow-Credentials
true
X-Robots-Tag
noindex
Access-Control-Allow-Headers
Authorization, Content-Type
Access-Control-Expose-Headers
X-WP-Total, X-WP-TotalPages
rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9A531C8B532965080A490D4D%40AdobeOrg&d_nsid=0&ts=1571089192735
dpm.demdex.net/id
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9A531C8B532965080A490D4D%40AdobeOrg&d_nsid=0&ts=1571089192735
  • https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9A531C8B532965080A490D4D%40AdobeOrg&d_nsid=0&ts=1571089192735
217 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9A531C8B532965080A490D4D%40AdobeOrg&d_nsid=0&ts=1571089192735
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.119.187 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-50-119-187.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b243c1aecd96ef967a2eb3778e5d83b5cc4021337eed2cfb36072e0adfe2bb16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v047-0c7dd76f2.edge-irl1.demdex.com 5.60.0.20191014092846 3ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
Y28OEHqhSw4=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://unit42.paloaltonetworks.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
217
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://unit42.paloaltonetworks.com
X-TID
5w5PMvDlSQg=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9A531C8B532965080A490D4D%40AdobeOrg&d_nsid=0&ts=1571089192735
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mbox-contents-14e1f91c94e4486c3d72408dca21c227c49d1f1b.js
assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2
76 KB
28 KB
Script
General
Full URL
https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/mbox-contents-14e1f91c94e4486c3d72408dca21c227c49d1f1b.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
db1ed7691f936e5f6711c0caf6efb4d0b143fb9e034af0e6b095de56df0744f3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 14 Oct 2019 21:39:52 GMT
content-encoding
gzip
last-modified
Sat, 28 Sep 2019 17:02:27 GMT
server
AkamaiNetStorage
etag
"cb84188790a15b00d7f49e4199be7208:1569690146.952704"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
27914
expires
Mon, 14 Oct 2019 22:39:52 GMT
ga.js
ssl.google-analytics.com
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
629
date
Mon, 14 Oct 2019 21:29:23 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17168
expires
Mon, 14 Oct 2019 23:29:23 GMT
search.svg
/wp-content/themes/unit42-v4/dist/images/svg
298 B
539 B
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/images/svg/search.svg
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2f47aba797927e8f53cbdcc4e411467c881d28fe0770110fce1d7b2e9522cb3a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:50:14 GMT
Server
Apache
ETag
"12a-58e81b484f3ee"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
298
article-header-bg.svg
/wp-content/themes/unit42-v4/dist/images/svg
2 KB
3 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/images/svg/article-header-bg.svg
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d47b97907e23c9ee25cc5ad69295b8f45e3af0f9620f9f1c868258d129d276d1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:50:13 GMT
Server
Apache
ETag
"92a-58e81b47bc83e"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2346
buttons.png
/wp-content/plugins/crayon-syntax-highlighter/css/images/toolbar
2 KB
2 KB
Image
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/css/images/toolbar/buttons.png
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
630d0a3cc8f4c4aa7bf49b40ae6f59f3a137707e0d7bba46ba44e2e5f2c53aab

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Mon, 20 Aug 2018 10:09:13 GMT
Server
Apache
ETag
"8bc-573db19e4a440"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2236
LatoLatin-Regular.woff2
/wp-content/themes/unit42-v4/dist/fonts
43 KB
43 KB
Font
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/fonts/LatoLatin-Regular.woff2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ddd4ef7f97f4361b60841d59753218a57134b0f99f5b46a9612234f1c2733ab0

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
Origin
https://unit42.paloaltonetworks.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:48:28 GMT
Server
Apache
Connection
keep-alive
Accept-Ranges
bytes
ETag
"aaf0-58e81ae323350"
Content-Length
43760
LatoLatin-Medium.woff2
/wp-content/themes/unit42-v4/dist/fonts
43 KB
43 KB
Font
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/fonts/LatoLatin-Medium.woff2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
60593ef08991381d651875bc78e259b2b66938e1b66175a445a7fefdb46e3d78

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
Origin
https://unit42.paloaltonetworks.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:48:20 GMT
Server
Apache
Connection
keep-alive
Accept-Ranges
bytes
ETag
"ab90-58e81adbe79e0"
Content-Length
43920
LatoLatin-Black.woff2
/wp-content/themes/unit42-v4/dist/fonts
42 KB
43 KB
Font
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/fonts/LatoLatin-Black.woff2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e2c997abb38ede2240d957b57a3216882e8416b1f757f26b92128a8875e00e73

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
Origin
https://unit42.paloaltonetworks.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:47:27 GMT
Server
Apache
Connection
keep-alive
Accept-Ranges
bytes
ETag
"a9c0-58e81aa9e79fe"
Content-Length
43456
unit42-scope.ttf?9e4c90
/wp-content/themes/unit42-v4/dist/fonts
4 KB
5 KB
Font
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/fonts/unit42-scope.ttf?9e4c90
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
df35525390ccc434316ed0514469c12c622dd89e107148f71ab8b5256d06cc9b

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
Origin
https://unit42.paloaltonetworks.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:48:45 GMT
Server
Apache
ETag
"1198-58e81af3d4769"
Content-Type
application/font-sfnt
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4504
LatoLatin-Bold.woff2
/wp-content/themes/unit42-v4/dist/fonts
43 KB
44 KB
Font
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/fonts/LatoLatin-Bold.woff2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
276401632a998400be8a5895038f4f72d3760d3c3d6aaf3cf445d109cb9d1540

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
Origin
https://unit42.paloaltonetworks.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:47:40 GMT
Server
Apache
Connection
keep-alive
Accept-Ranges
bytes
ETag
"ad5c-58e81ab567c27"
Content-Length
44380
LatoLatin-Italic.woff2
/wp-content/themes/unit42-v4/dist/fonts
44 KB
45 KB
Font
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/fonts/LatoLatin-Italic.woff2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
23d062b46761d2148b84ca93d72dfdf2f16833f2ebb54ebdafdf25f1e10afc50

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/styles/main.css
Origin
https://unit42.paloaltonetworks.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:48:07 GMT
Server
Apache
Connection
keep-alive
Accept-Ranges
bytes
ETag
"b14c-58e81acfcdea6"
Content-Length
45388
monaco-webfont.woff
/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco
21 KB
21 KB
Font
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco/monaco-webfont.woff
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9c2e1d2864f53c224d6542bed9a1ab1de620dae21a2146eb4ff982dd8fcd4567

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta
Origin
https://unit42.paloaltonetworks.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Mon, 20 Aug 2018 10:09:13 GMT
Server
Apache
ETag
"537c-573db19e4a440"
Content-Type
application/font-woff
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21372
external-tracking.min.js?ver=6.4.9
blog.paloaltonetworks.com/wp-content/plugins/google-analyticator
Redirect Chain
  • https://researchcenter.paloaltonetworks.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.4.9
  • https://blog.paloaltonetworks.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.4.9
1 KB
954 B
Script
General
Full URL
https://blog.paloaltonetworks.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.4.9
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.43.44 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-43-44.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5a9dcb270ba38d94fd27a5ae4c6a6d10bb6a25fe0473df95fe4c405e82801289
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Original-Content-Length
1190
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
464
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 10 Jun 2016 15:10:32 GMT
Server
Apache
ETag
"4a6-534edf098ea00"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-cache
Accept-Ranges
bytes
Expires
Mon, 14 Oct 2019 21:39:53 GMT

Redirect headers

Location
https://blog.paloaltonetworks.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.4.9
Date
Mon, 14 Oct 2019 21:39:52 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
wpdevart_lightbox_front.css?ver=5.1.2
/wp-content/plugins/lightbox-popup/includes/style
1 KB
718 B
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/lightbox-popup/includes/style/wpdevart_lightbox_front.css?ver=5.1.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
094ba542d10bfe736b29264ed9423fcef4236e9b7b6501ddae79d7008128afcf

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Jul 2019 06:17:56 GMT
Server
Apache
ETag
"52e-58cc0d2744d00"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
435
effects_lightbox.css?ver=5.1.2
/wp-content/plugins/lightbox-popup/includes/style
20 KB
2 KB
Stylesheet
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/lightbox-popup/includes/style/effects_lightbox.css?ver=5.1.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1c34654c554418c5a458e7bdc59c5c36eefc8c4a18ae4b69cb95cf3210c3ecf0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Jul 2019 06:17:56 GMT
Server
Apache
ETag
"501a-58cc0d2744d00"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1361
api.js
www.google.com/recaptcha
729 B
612 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
ac2feca4963ef256b5de3dc7f92cd215fe0c5aeb9b77c9326470fdbb52b66579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
465
x-xss-protection
1; mode=block
expires
Mon, 14 Oct 2019 21:39:52 GMT
main.js
/wp-content/themes/unit42-v4/dist/scripts
119 KB
120 KB
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v4/dist/scripts/main.js
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6330df3731a3abe21341feb2697be5a4668680751a2af4ca1b37ef7d5084ec72

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:49:00 GMT
Server
Apache
ETag
"1ddac-58e81b01ed672"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
122284
sitepress.js?ver=5.1.2
/wp-content/plugins/sitepress-multilingual-cms/res/js
349 B
599 B
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js?ver=5.1.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
da8639265c27dd624482432b9f55d4903ef994868232113295f121b014adccc7

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:36:17 GMT
Server
Apache
ETag
"15d-58e8182ae9249"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
349
xdomain-data.js?ver=3.6.3
/wp-content/plugins/sitepress-multilingual-cms/res/js
2 KB
2 KB
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/sitepress-multilingual-cms/res/js/xdomain-data.js?ver=3.6.3
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
196337ffa5fb30712a0b07cce75c5e0c391935c81386c747d915625d36b505d5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 25 Jul 2019 13:36:17 GMT
Server
Apache
ETag
"89c-58e8182ae8e61"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2204
wp-embed.min.js?ver=5.1.2
/wp-includes/js
1 KB
2 KB
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-includes/js/wp-embed.min.js?ver=5.1.2
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Thu, 13 Dec 2018 03:32:40 GMT
Server
Apache
ETag
"57b-57cdef78379bf"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1403
wpdevart_lightbox_front.js?ver=1.0
/wp-content/plugins/lightbox-popup/includes/javascript
51 KB
51 KB
Script
General
Full URL
https://unit42.paloaltonetworks.com/wp-content/plugins/lightbox-popup/includes/javascript/wpdevart_lightbox_front.js?ver=1.0
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.114.68 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-114-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c452cf6e1316f6aa6da38b72be07abbeaff1d4df66de567e83d6cf1c6b6fcdc7

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Last-Modified
Wed, 03 Jul 2019 06:17:56 GMT
Server
Apache
ETag
"ccac-58cc0d2744d00"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
52396
ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458&slf_rd=1&random=4044124326
www.google.de/ads
Redirect Chain
  • https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1745335458&utmhn=unit42.paloaltonetworks.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458&slf_rd=1&random=4044124326
42 B
434 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458&slf_rd=1&random=4044124326
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Oct 2019 21:39:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 14 Oct 2019 21:39:52 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458&slf_rd=1&random=4044124326
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=9A531C8B532965080A490D4D%40AdobeOrg&mid=25839815459279541910984023184227784010&ts=1571089192918
paloaltonetworks.d1.sc.omtrdc.net
3 B
277 B
XHR
General
Full URL
https://paloaltonetworks.d1.sc.omtrdc.net/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=9A531C8B532965080A490D4D%40AdobeOrg&mid=25839815459279541910984023184227784010&ts=1571089192918
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.31.190.58 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-31-190-58.eu-west-1.compute.amazonaws.com
Software
jag /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Mon, 14 Oct 2019 21:39:52 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-64d5676c7b-c2kk5
vary
Origin
x-c
master-1047.I1d1c81.M0-302
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://unit42.paloaltonetworks.com
access-control-allow-credentials
true
content-type
application/x-javascript
content-length
3
x-xss-protection
1; mode=block
recaptcha__en.js
www.gstatic.com/recaptcha/releases/xw1jR43fRSpRG88iDviKn3qM
253 KB
90 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/xw1jR43fRSpRG88iDviKn3qM/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6f33adecfa8dacb04b161289c89b2930d80324d5d0baa1c0da86ed08b9c1ebda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 09:53:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 07 Oct 2019 21:23:03 GMT
server
sffe
age
474386
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
92207
x-xss-protection
0
expires
Thu, 08 Oct 2020 09:53:27 GMT
satellite-5acf840964746d5f7e00405b.js
assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/scripts
383 B
467 B
Script
General
Full URL
https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/scripts/satellite-5acf840964746d5f7e00405b.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
127d91d3eb80a43a84a1dc7e56f4f537423b50b9d34646cec929583cc2c70434

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
content-encoding
gzip
last-modified
Sat, 28 Sep 2019 17:02:32 GMT
server
AkamaiNetStorage
etag
"57975e64dde8d3464ece8870090bdf09:1569690152.289661"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
222
expires
Mon, 14 Oct 2019 22:39:53 GMT
satellite-5cc8ab1e64746d0aa90024bf.js
assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/scripts
489 B
714 B
Script
General
Full URL
https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/scripts/satellite-5cc8ab1e64746d0aa90024bf.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
fd1cbcaf17c423a853787d21f18c8ddee9b748dfb01eaeb7bbfe99bc5dbf31e6

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
last-modified
Sat, 07 Sep 2019 00:08:54 GMT
server
AkamaiNetStorage
etag
"b1b07480953ab9dbc0f21eb17270a603:1567814934.491358"
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
489
expires
Mon, 14 Oct 2019 22:39:53 GMT
satellite-5cd1c43e64746d2ebc00152c.js
assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/scripts
1 KB
626 B
Script
General
Full URL
https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/scripts/satellite-5cd1c43e64746d2ebc00152c.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
6866f589dd9a7a2b290e4e61fd1a424638a427e9a3dd9bc617e33dcc0234f624

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
content-encoding
gzip
x-check-cacheable
YES
server
AkamaiNetStorage
etag
"c75667a7e116e3e3cb4659bc408e5c74:1569690150.509842"
x-serial
7808
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
last-modified
Sat, 28 Sep 2019 17:02:30 GMT
accept-ranges
bytes
timing-allow-origin
*
content-length
351
expires
Mon, 14 Oct 2019 22:39:53 GMT
uwt.js
static.ads-twitter.com
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
content-encoding
gzip
age
48392
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-fra19149-FRA
last-modified
Tue, 23 Jan 2018 20:09:00 GMT
x-timer
S1571089194.749920,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
insight.min.js
snap.licdn.com/li.lms-analytics
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 21:39:53 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=85962
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
s-code-contents-20fe37e21b06197de161fc72215f77955e6b1712.js
assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2
113 KB
37 KB
Script
General
Full URL
https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/s-code-contents-20fe37e21b06197de161fc72215f77955e6b1712.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/satelliteLib-c3d7b7de9b02c9d954ceaaf6bbd23274ad622720.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d371bad102b232c1971da45a36104d7719ff0fb845608590d0bd1573049fa057

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
content-encoding
gzip
last-modified
Sat, 07 Sep 2019 00:08:51 GMT
server
AkamaiNetStorage
etag
"6b40b63d265a1800e76e0533e230814c:1567814931.806227"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
37312
expires
Mon, 14 Oct 2019 22:39:53 GMT
jquery.auto-complete.min.js?_=1571089192717
www.paloaltonetworks.com/content/dam/pan/en_US/includes
4 KB
2 KB
Script
General
Full URL
https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/jquery.auto-complete.min.js?_=1571089192717
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29e::c3a , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
dac8bfebb4b63724c5ec1c068f142999c44950ec55208499d1ef0408025eedd9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
content-encoding
gzip
last-modified
Mon, 23 Apr 2018 23:43:21 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=900
server-timing
cdn-cache; desc=HIT, edge; dur=3
x-robots-tag
noindex
content-length
1359
expires
Mon, 14 Oct 2019 21:54:53 GMT
reveal?authorization=pk_a7b38d0c71f19d959e5ad59cd17bf59a&variable=reveal&_=1571089192718
reveal.clearbit.com/v1/companies
2 KB
1 KB
Script
General
Full URL
https://reveal.clearbit.com/v1/companies/reveal?authorization=pk_a7b38d0c71f19d959e5ad59cd17bf59a&variable=reveal&_=1571089192718
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.56.153.15 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-56-153-15.eu-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
1fba6c737fe72bc822b924afacedb0e1944af5dc4abcc9fad43a5088c6dbc51f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
content-encoding
gzip
server
envoy
x-api-version
2018-03-28
vary
Accept-Encoding
x-account-id
96cade97-8ba3-4ce2-ace2-12c2e36fec56
status
200
content-type
application/javascript;charset=utf-8
clearbit-autocomplete.css
www.paloaltonetworks.com/content/dam/pan/en_US/includes
2 KB
827 B
Stylesheet
General
Full URL
https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/clearbit-autocomplete.css
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29e::c3a , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
a3b5bbf736e60bb0ad1fc9696df0cb7631b9a1a4ea73a3e827c66288ef2d8918
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 27 Sep 2019 21:51:11 GMT
server
Akamai Resource Optimizer
etag
W/"260822-856-5938fe252ce0e"
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
cache-control
max-age=900
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
x-robots-tag
noindex
content-length
535
expires
Mon, 14 Oct 2019 21:54:53 GMT
anchor?ar=1&k=6LfKOrwUAAAAAOwgjxrEcx-pcfwe8OquUw6ommTK&co=aHR0cHM6Ly91bml0NDIucGFsb2FsdG9uZXR3b3Jrcy5jb206NDQz&hl=en&v=xw1jR43fRSpRG88iDviKn3qM&size=normal&cb=kbkcdkj9dhu
www.google.com/recaptcha/api2
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfKOrwUAAAAAOwgjxrEcx-pcfwe8OquUw6ommTK&co=aHR0cHM6Ly91bml0NDIucGFsb2FsdG9uZXR3b3Jrcy5jb206NDQz&hl=en&v=xw1jR43fRSpRG88iDviKn3qM&size=normal&cb=kbkcdkj9dhu
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xw1jR43fRSpRG88iDviKn3qM/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-3dgPcHypfkR/t9iZOA5HhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LfKOrwUAAAAAOwgjxrEcx-pcfwe8OquUw6ommTK&co=aHR0cHM6Ly91bml0NDIucGFsb2FsdG9uZXR3b3Jrcy5jb206NDQz&hl=en&v=xw1jR43fRSpRG88iDviKn3qM&size=normal&cb=kbkcdkj9dhu
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 14 Oct 2019 21:39:53 GMT
content-security-policy
script-src 'report-sample' 'nonce-3dgPcHypfkR/t9iZOA5HhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
9238
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
s18038957398384?AQB=1&ndh=1&pf=1&t=14%2F9%2F2019%2023%3A39%3A53%201%20-120&D=D%3D&mid=25839815459279541910984023184227784010&aamlh=6&ce=UTF-8&fpCookieDomainPeriods=2&pageName=unit42%3A%20xhunt-camp...
paloaltonetworks.d1.sc.omtrdc.net/b/ss/panw-prod/1/JS-2.13.1-D7QN
43 B
284 B
Image
General
Full URL
https://paloaltonetworks.d1.sc.omtrdc.net/b/ss/panw-prod/1/JS-2.13.1-D7QN/s18038957398384?AQB=1&ndh=1&pf=1&t=14%2F9%2F2019%2023%3A39%3A53%201%20-120&D=D%3D&mid=25839815459279541910984023184227784010&aamlh=6&ce=UTF-8&fpCookieDomainPeriods=2&pageName=unit42%3A%20xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations&g=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&cc=USD&server=unit42.paloaltonetworks.com&events=event18%3D2.77%2Cevent19%2Cevent99%3D28&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=2%3A39%20PM%7CMonday&v1=2%3A39%20PM%7CMonday&c2=First%20Visit&v2=First%20Visit&c4=1&v4=1&c5=New&v5=New&c6=xhunt%20campaign%3A%20attacks%20on%20kuwait%20shipping%20and%20transportation%20organizations&v6=xhunt%20campaign%3A%20attacks%20on%20kuwait%20shipping%20and%20transportation%20organizations&c7=D%3Dg&v7=D%3Dg&v8=Chrome%2074&c14=21.2%7CJS-DTM%3AAll%20Websites2.13.1%7C171127&c17=28&c32=0%7C0&c33=0x0&c34=0x0&c47=VisitorAPI%20Present&v58=28&v66=25839815459279541910984023184227784010&v109=id-n%2Fa&v117=Direct&v118=Direct&v127=Not%20Available&v140=no-machine-id&v220=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=9A531C8B532965080A490D4D%40AdobeOrg&AQE=1
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.31.190.58 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-31-190-58.eu-west-1.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
x-content-type-options
nosniff
x-c
master-1047.I1d1c81.M0-302
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 15 Oct 2019 21:39:53 GMT
server
jag
xserver
anedge-64d5676c7b-7mqgm
etag
3373888353664466944-4617456210893188262
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Sun, 13 Oct 2019 21:39:53 GMT
collect?v=2&fmt=js&pid=1117&url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&time=1571089193752&liSync=true
px.ads.linkedin.com
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1117&url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&time=1571089193752
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1117%26url%3Dhttps%253A%252F%252Funit42.paloaltonetworks.com%252Fxhunt-campaign-a...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1117&url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&time=1571089193...
0
120 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1117&url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&time=1571089193752&liSync=true
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:54 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
20
x-li-uuid
gKBTUEyhzRWgDxC9pSsAAA==

Redirect headers

date
Mon, 14 Oct 2019 21:39:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
vary
Accept-Encoding
content-length
20
x-li-uuid
ENSnRUyhzRUQmWp/wyoAAA==
server
Play
pragma
no-cache
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1117&url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&time=1571089193752&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
json?mbox=target-global-mbox&mboxSession=bc339c0ebd11488cb500d72254bb4311&mboxPC=&mboxPage=9f07a95adbf4429e8fac30f33769e54c&mboxRid=7b4b8619430e4bbe8c480a440eece9fd&mboxVersion=1.7.1&mboxCount=1&mb...
paloaltonetworks.tt.omtrdc.net/m2/paloaltonetworks/mbox
465 B
733 B
XHR
General
Full URL
https://paloaltonetworks.tt.omtrdc.net/m2/paloaltonetworks/mbox/json?mbox=target-global-mbox&mboxSession=bc339c0ebd11488cb500d72254bb4311&mboxPC=&mboxPage=9f07a95adbf4429e8fac30f33769e54c&mboxRid=7b4b8619430e4bbe8c480a440eece9fd&mboxVersion=1.7.1&mboxCount=1&mboxTime=1571096393756&mboxHost=unit42.paloaltonetworks.com&mboxURL=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&mboxReferrer=&browserHeight=1200&browserWidth=1585&browserTimeOffset=120&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&pageChannel=&pageName=&server=unit42.paloaltonetworks.com&localeCode=&companyDomain=&companyName=&profile.companyDomain=&profile.companyName=&mboxMCSDID=0CFC7B6E2271A63A-7737CCA4EC140479&vst.trk=paloaltonetworks.d1.sc.omtrdc.net&mboxMCGVID=25839815459279541910984023184227784010&mboxAAMB=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&mboxMCGLH=6
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/mbox-contents-14e1f91c94e4486c3d72408dca21c227c49d1f1b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.117.29.4 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
/
Resource Hash
59ad854465aad88ea7a7f11c48bfb3974adbb4dd7cd09d376b8e18fdf7a02e5a

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Oct 2019 21:39:53 GMT
status
200
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://unit42.paloaltonetworks.com
cache-control
no-cache
access-control-allow-credentials
true
timing-allow-origin
*
content-length
465
x-request-id
7b4b8619430e4bbe8c480a440eece9fd
json?mbox=panw-custom-global-mbox&mboxSession=bc339c0ebd11488cb500d72254bb4311&mboxPC=&mboxPage=9f07a95adbf4429e8fac30f33769e54c&mboxRid=6374c41b35e2494196e3407fccdc9702&mboxVersion=1.7.1&mboxCount...
paloaltonetworks.tt.omtrdc.net/m2/paloaltonetworks/mbox
470 B
539 B
XHR
General
Full URL
https://paloaltonetworks.tt.omtrdc.net/m2/paloaltonetworks/mbox/json?mbox=panw-custom-global-mbox&mboxSession=bc339c0ebd11488cb500d72254bb4311&mboxPC=&mboxPage=9f07a95adbf4429e8fac30f33769e54c&mboxRid=6374c41b35e2494196e3407fccdc9702&mboxVersion=1.7.1&mboxCount=2&mboxTime=1571096393759&mboxHost=unit42.paloaltonetworks.com&mboxURL=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&mboxReferrer=&browserHeight=1200&browserWidth=1585&browserTimeOffset=120&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&companyDomain=&companyName=&pageChannel=&pageName=&profile.companyDomain=&profile.companyName=&mboxMCSDID=0CFC7B6E2271A63A-7737CCA4EC140479&vst.trk=paloaltonetworks.d1.sc.omtrdc.net&mboxMCGVID=25839815459279541910984023184227784010&mboxAAMB=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&mboxMCGLH=6
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/mbox-contents-14e1f91c94e4486c3d72408dca21c227c49d1f1b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.117.29.4 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
/
Resource Hash
753879c5cae9f6a2d475ef2a0d22934c26aefb92f72a9a0fbf99b0c57357b25f

Request headers

Sec-Fetch-Mode
cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Oct 2019 21:39:53 GMT
status
200
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://unit42.paloaltonetworks.com
cache-control
no-cache
access-control-allow-credentials
true
timing-allow-origin
*
content-length
470
x-request-id
6374c41b35e2494196e3407fccdc9702
adsct?p_id=Twitter&p_user_id=0&txn_id=nx71t&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1
t.co/i
43 B
448 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nx71t&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1
Requested by
Host: unit42.paloaltonetworks.com
URL: https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
116
pragma
no-cache
last-modified
Mon, 14 Oct 2019 21:39:53 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
c629c50725d7dfd9691ef8109bd579a4
x-transaction
00453fc6000bf1a9
expires
Tue, 31 Mar 1981 05:00:00 GMT
bframe?hl=en&v=xw1jR43fRSpRG88iDviKn3qM&k=6LfKOrwUAAAAAOwgjxrEcx-pcfwe8OquUw6ommTK&cb=h50lj1v7ha2u
www.google.com/recaptcha/api2
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=xw1jR43fRSpRG88iDviKn3qM&k=6LfKOrwUAAAAAOwgjxrEcx-pcfwe8OquUw6ommTK&cb=h50lj1v7ha2u
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xw1jR43fRSpRG88iDviKn3qM/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Pfvn7g5k7hwukIDM2hUAyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=en&v=xw1jR43fRSpRG88iDviKn3qM&k=6LfKOrwUAAAAAOwgjxrEcx-pcfwe8OquUw6ommTK&cb=h50lj1v7ha2u
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 14 Oct 2019 21:39:53 GMT
content-security-policy
script-src 'report-sample' 'nonce-Pfvn7g5k7hwukIDM2hUAyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1132
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
adsct?p_id=Twitter&p_user_id=0&txn_id=nx71t&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tpx_cb=twttr.conversion.loadPixels&tw_document_href=http...
analytics.twitter.com/i
31 B
636 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nx71t&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 21:39:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
121
pragma
no-cache
last-modified
Mon, 14 Oct 2019 21:39:54 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
7dda339835307f230db26e799701bcea
x-transaction
00b4bdfc009ccb55
expires
Tue, 31 Mar 1981 05:00:00 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations
  • https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Request 33
  • https://dpm.demdex.net/id?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9A531C8B532965080A490D4D%40AdobeOrg&d_nsid=0&ts=1571089192735
  • https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9A531C8B532965080A490D4D%40AdobeOrg&d_nsid=0&ts=1571089192735
Request 46
  • https://researchcenter.paloaltonetworks.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.4.9
  • https://blog.paloaltonetworks.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.4.9
Request 55
  • https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1745335458&utmhn=unit42.paloaltonetworks.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-494959-2&cid=1155280384.1571089193&jid=994115582&_v=5.7.2&z=1745335458&slf_rd=1&random=4044124326
Request 69
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1117&url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&time=1571089193752
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1117%26url%3Dhttps%253A%252F%252Funit42.paloaltonetworks.com%252Fxhunt-campaign-a...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1117&url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fxhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2F&time=1571089193...

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| CrayonSyntaxSettings object| CrayonSyntaxStrings function| jQueryCrayon object| CrayonUtil object| jqueryPopup function| popupWindow function| popdownWindow object| CrayonSyntax object| wpp_params object| WordPressPopularPosts boolean| do_request undefined| num object| wpml_sso function| e function| Visitor object| _satellite object| s_c_il number| s_c_in function| targetPageParams object| _gaq object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate function| callBuyBox function| getSerializedTracking object| _gat object| gaGlobal boolean| isProcessing function| alter_ul_post_values object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client undefined| typingTimer boolean| subscribeSuccess function| captchaComplete object| autocomplete function| Popper object| bootstrap object| jQuery112408414354403987814 object| icl_vars string| icl_lang string| icl_home function| addLoadEvent object| wpml_xdomain_data object| recaptcha object| wp object| wpdevart_lb_variables object| wpdevart_lightbox function| twq string| _linkedin_partner_id object| _linkedin_data_partner_ids string| currentURL string| currentDir object| GET object| cbVarMap string| currentFormId object| closure_lm_76140 function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_Media function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq string| s_account number| s_objectID number| s_giq object| s object| jaaulde object| webData string| f0 number| d object| eo number| y object| s_Obj string| s_PPVid function| s_PPVevent number| s_PPVi number| s_PPVt number| s_loadT object| s_i_panw-prod function| lintrk boolean| _already_called_lintrk function| getAllVarsPageLoad object| twttr object| ttMETA object| reveal

22 Cookies

Domain/Path Name / Value
.paloaltonetworks.com/ Name: s_ppv
Value: unit42%253A%2520xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2C5%2C5%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.paloaltonetworks.com/ Name: mboxEdgeCluster
Value: 26
.paloaltonetworks.com/ Name: mbox
Value: session#bc339c0ebd11488cb500d72254bb4311#1571091054|PC#bc339c0ebd11488cb500d72254bb4311.26_31#1634333994
.paloaltonetworks.com/ Name: s_ppn
Value: unit42%3A%20xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations
.paloaltonetworks.com/ Name: s_plt
Value: unit42%3A%20xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations
.paloaltonetworks.com/ Name: s_nr
Value: 1571089193747-New
.paloaltonetworks.com/ Name: AMCV_9A531C8B532965080A490D4D%40AdobeOrg
Value: 1994364360%7CMCIDTS%7C18184%7CMCMID%7C25839815459279541910984023184227784010%7CMCAAMLH-1571693992%7C6%7CMCAAMB-1571693992%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1571096392s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.4.0
.paloaltonetworks.com/ Name: __utma
Value: 96134659.1155280384.1571089193.1571089193.1571089193.1
.paloaltonetworks.com/ Name: s_lv
Value: 1571089193745
.paloaltonetworks.com/ Name: s_cc
Value: true
.paloaltonetworks.com/ Name: s_vnum
Value: 1572562800746%26vn%3D1
.paloaltonetworks.com/ Name: __utmb
Value: 96134659.1.10.1571089193
.paloaltonetworks.com/ Name: AMCVS_9A531C8B532965080A490D4D%40AdobeOrg
Value: 1
.paloaltonetworks.com/ Name: s_invisit
Value: true
.paloaltonetworks.com/ Name: __utmt_c7f32f540bb60f2813d71c97b5608929
Value: 1
.paloaltonetworks.com/ Name: gpv_v9
Value: unit42%3A%20xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations
.paloaltonetworks.com/ Name: s_lv_s
Value: First%20Visit
.paloaltonetworks.com/ Name: __utmz
Value: 96134659.1571089193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.paloaltonetworks.com/ Name: s_ppvl
Value: unit42%253A%2520xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations%2C5%2C5%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.paloaltonetworks.com/ Name: __utmc
Value: 96134659
.paloaltonetworks.com/ Name: s_pv
Value: unit42%3A%20xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations
.paloaltonetworks.com/ Name: check
Value: true

4 Console Messages

Source Level URL
Text
console-api log URL: https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1, Line 2, Column552
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api log URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/s-code-contents-20fe37e21b06197de161fc72215f77955e6b1712.js, Line 53, Column414
Message:
Error, missing Report Suite ID in AppMeasurement initialization
console-api log URL: https://assets.adobedtm.com/90b129d72f4716e69353423cbd3d35a4caed23e2/s-code-contents-20fe37e21b06197de161fc72215f77955e6b1712.js, Line 206, Column13
Message:
Analytics loaded, version: 21.2|JS-DTM:All Websites2.13.1|171127
console-api log URL: https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/attribution.js, Line 113, Column29
Message:
tracking analytics cbVarMap

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

analytics.twitter.com
assets.adobedtm.com
blog.paloaltonetworks.com
dpm.demdex.net
paloaltonetworks.d1.sc.omtrdc.net
paloaltonetworks.tt.omtrdc.net
px.ads.linkedin.com
researchcenter.paloaltonetworks.com
reveal.clearbit.com
snap.licdn.com
ssl.google-analytics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
unit42.paloaltonetworks.com
www.google.com
www.google.de
www.gstatic.com
www.linkedin.com
www.paloaltonetworks.com


104.244.42.195
104.244.42.5
151.101.12.157
2.18.232.23
2.19.43.44
23.43.114.68
2a00:1450:4001:81c::2003
2a00:1450:4001:820::2004
2a00:1450:4001:821::2008
2a00:1450:4001:824::2003
2a00:1450:400c:c04::9a
2a02:26f0:6c00:28c::25ea
2a02:26f0:6c00:29e::c3a
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
52.31.190.58
52.50.119.187
52.56.153.15
66.117.29.4

01e43870a4218fe731a3516dd76725698c3aadfb285465086849c6b52ef71719
094ba542d10bfe736b29264ed9423fcef4236e9b7b6501ddae79d7008128afcf
0b5545869315589ebff4d4d34ba4b82611128a092ab4480f6b8353601b2aaa04
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127d91d3eb80a43a84a1dc7e56f4f537423b50b9d34646cec929583cc2c70434
1410ed93d09f58ce1ef2f2725be39740155c675651eae118f202fa639a3f1227
17c0020531b85ba4d8ab85d98c242a18dfaae0dd484043f834c34b1b791221a6
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
196337ffa5fb30712a0b07cce75c5e0c391935c81386c747d915625d36b505d5
1c34654c554418c5a458e7bdc59c5c36eefc8c4a18ae4b69cb95cf3210c3ecf0
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fba6c737fe72bc822b924afacedb0e1944af5dc4abcc9fad43a5088c6dbc51f
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
23d062b46761d2148b84ca93d72dfdf2f16833f2ebb54ebdafdf25f1e10afc50
276401632a998400be8a5895038f4f72d3760d3c3d6aaf3cf445d109cb9d1540
2f47aba797927e8f53cbdcc4e411467c881d28fe0770110fce1d7b2e9522cb3a
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
3216935529948eb044dbdb2e7df6d6cbcb7e29a4b35e7b92e5dfa223e7e76d51
3c8abdbf58c4ef59adb81fb06210686eded2b17e9d322d43b5c21c9030bcd650
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
59ad854465aad88ea7a7f11c48bfb3974adbb4dd7cd09d376b8e18fdf7a02e5a
5a9dcb270ba38d94fd27a5ae4c6a6d10bb6a25fe0473df95fe4c405e82801289
60593ef08991381d651875bc78e259b2b66938e1b66175a445a7fefdb46e3d78
630d0a3cc8f4c4aa7bf49b40ae6f59f3a137707e0d7bba46ba44e2e5f2c53aab
6330df3731a3abe21341feb2697be5a4668680751a2af4ca1b37ef7d5084ec72
6866f589dd9a7a2b290e4e61fd1a424638a427e9a3dd9bc617e33dcc0234f624
6f33adecfa8dacb04b161289c89b2930d80324d5d0baa1c0da86ed08b9c1ebda
753879c5cae9f6a2d475ef2a0d22934c26aefb92f72a9a0fbf99b0c57357b25f
756df835cdc3e6d51abfaa6f2cd0d48a3430e2bcc2c12566e06dc79f3ba4ff74
77368f87956df4d585736259ba011882a17f340874fc8dcada1424f920328fad
7a25095fd16e68f12c51827f3997bd7b5e582302fcd3a6af19c4064f35d49797
80e54a1c894f34375aa06433b284cf487fed2b39ec968e310f1a6ed4075cd1c1
89c6db8df0481bda8fff7ae4f67cad116bf7480e96daee8c4691845814a63625
8b33eebc11529672afc8f1ac6d5d4ef24bed8dfec1505a2510c805e0dd21565f
951c201eceb26489dc9b4cc8ea4e408ae957410ea32b0fc7d4845d851886739f
9a01022937485049cf468c29d52e6ff63e304fd2f4fb36fc3b3af21eae6b3646
9bdaee7145f5a4b666dcc14733979c2c7d42cd519a3c65653a8111f433b29c9d
9c2e1d2864f53c224d6542bed9a1ab1de620dae21a2146eb4ff982dd8fcd4567
9fd7bfa229eec86e2b02fdcf85e49e5b2699a2d9cd53ee36b4df53513d1da1f3
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a209448bb0279fbc398bb62a26f63fdf945212e5462cfd3711096c2e6ef5a6c0
a3b5bbf736e60bb0ad1fc9696df0cb7631b9a1a4ea73a3e827c66288ef2d8918
a72261a5191d1485620242b7d3b735501757aef23dedc6d27c84919af838e756
aa2c84a216fae657842d32c3ee39dce8ed06d98661781fb4932e81da8693286b
ac2feca4963ef256b5de3dc7f92cd215fe0c5aeb9b77c9326470fdbb52b66579
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b243c1aecd96ef967a2eb3778e5d83b5cc4021337eed2cfb36072e0adfe2bb16
b81e56d299eb9260c65af214751e6dab1e591f1b979ec154ccfdf7c53d7581e5
c452cf6e1316f6aa6da38b72be07abbeaff1d4df66de567e83d6cf1c6b6fcdc7
c813ed7934707445409c4670af568f2568c2c2e691a69c85eac1666ab5756d06
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ceaf937026c10d043faaa8c739dffade6a318234b9cae8ce2423c93f9d510c95
d254193fed4b3884a30f84598219a3cbbfb60733f4baab1e6a35eaeb4684f1fe
d371bad102b232c1971da45a36104d7719ff0fb845608590d0bd1573049fa057
d47b97907e23c9ee25cc5ad69295b8f45e3af0f9620f9f1c868258d129d276d1
d9ce3293ac4a6d0fbb600d74879b88fc505face6e219cbdab99aa3e45573c9d3
da8639265c27dd624482432b9f55d4903ef994868232113295f121b014adccc7
dac8bfebb4b63724c5ec1c068f142999c44950ec55208499d1ef0408025eedd9
db1ed7691f936e5f6711c0caf6efb4d0b143fb9e034af0e6b095de56df0744f3
ddd4ef7f97f4361b60841d59753218a57134b0f99f5b46a9612234f1c2733ab0
df35525390ccc434316ed0514469c12c622dd89e107148f71ab8b5256d06cc9b
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e2c997abb38ede2240d957b57a3216882e8416b1f757f26b92128a8875e00e73
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7
e8b5c0f1aab454e3dd3d47bdb0d6be1a54c0c350dff5feaa3a595937e2006df1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e
f68014a121dda3de78ad2b553972ce7868e90fe954222884cf8b231d1bde1ee4
fae07a533098c30def81bb1c4ff7b1ad6eb91e6f37f8f5f7a864da2643418fde
fd1cbcaf17c423a853787d21f18c8ddee9b748dfb01eaeb7bbfe99bc5dbf31e6