urlscan.io logo urlscan.io
SecurityTrails logo

reaqta.com Open in urlscan Pro
2a03:b0c0:3:e0::298:6001  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Effective URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Submission: On February 05 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 10 domains to perform 53 HTTP transactions. The main IP is 2a03:b0c0:3:e0::298:6001, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is reaqta.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 22nd 2019. Valid for: 3 months.
This is the only time reaqta.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

13    2a03:b0c0:3:e0::298:6001 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
reaqta.com
1    2a00:1450:4001:819::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
platform.twitter.com
31    209.182.234.229 (Dallas, United States)

ASN54540 (INCERO-HVVC, US)
upstream.rqt.io
1    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    172.217.21.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s12-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:81a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
Domain Requested by
31 upstream.rqt.io reaqta.com
13 reaqta.com 1 redirects reaqta.com
2 www.google.de reaqta.com
2 www.google.com 1 redirects reaqta.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 platform.twitter.com reaqta.com
platform.twitter.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 stats.g.doubleclick.net 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 cdn.jsdelivr.net reaqta.com
1 www.googletagmanager.com reaqta.com
53 11

This site contains no links.

Subject Issuer Validity Valid
reaqta.com
Let's Encrypt Authority X3		 2019-11-22 -
2020-02-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh
platform.twitter.com
DigiCert SHA2 High Assurance Server CA		 2019-08-28 -
2020-09-01		 a year crt.sh
upstream.rqt.io
Let's Encrypt Authority X3		 2020-01-02 -
2020-04-01		 3 months crt.sh
ssl363648.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-09-14 -
2020-03-22		 6 months crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-01-21 -
2020-04-14		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-01-21 -
2020-04-14		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-01-21 -
2020-04-14		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Frame ID: 2D765EBDFBF0EB0C88E2DE14DB51B8CE
Requests: 54 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html?origin=https%3A%2F%2Freaqta.com
Frame ID: 83C02F4A5A254DCD018B5FE423901755
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/ HTTP 301
    https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^Netlify/i

Page Statistics

53
Requests

100 %
HTTPS

73 %
IPv6

10
Domains

11
Subdomains

11
IPs

3
Countries

3896 kB
Transfer

4544 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/ HTTP 301
    https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49
  • https://www.google-analytics.com/r/collect?v=1&_v=j80&a=1616199131&t=pageview&_s=1&dl=https%3A%2F%2Freaqta.com%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&dp=%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&ul=en-us&de=UTF-8&dt=A%20dive%20into%20MuddyWater%20APT%20targeting%20Middle-East&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=KEBAAUAB~&jid=1193863628&gjid=1910177452&cid=1084130611.1580927732&tid=UA-54063955-1&_gid=1300090141.1580927732&_r=1&gtm=2ou1m0&z=1289107845 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-54063955-1&cid=1084130611.1580927732&jid=1193863628&_gid=1300090141.1580927732&gjid=1910177452&_v=j80&z=1289107845 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-54063955-1&cid=1084130611.1580927732&jid=1193863628&_v=j80&z=1289107845 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-54063955-1&cid=1084130611.1580927732&jid=1193863628&_v=j80&z=1289107845&slf_rd=1&random=2174718779

53 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Redirect Chain
  • http://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
  • https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
235 KB
51 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
df1ee81b1bd33d05ea63e0554e8faa11159bb87338111d96b3ffa73e32ea9b2c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
reaqta.com
:scheme
https
:path
/2017/11/muddywater-apt-targeting-middle-east/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
200
cache-control
public, max-age=0, must-revalidate
content-security-policy
frame-ancestors 'self'
content-type
text/html; charset=UTF-8
date
Thu, 30 Jan 2020 22:26:11 GMT
etag
"768bbfe90883fdc3c772586f33bf0c31-ssl-df"
link
</webpack-runtime-b08e5ceb1df584593fef.js>; rel=preload; as=script, </styles-f82247edd1920a4e61d2.js>; rel=preload; as=script, </commons-e4d1cf937e8afc4814a6.js>; rel=preload; as=script, </app-67b6f7a7af4974dbe53e.js>; rel=preload; as=script, </styles-f82247edd1920a4e61d2.js>; rel=preload; as=script, </component---src-templates-blog-post-index-js-3624399e161254b9cead.js>; rel=preload; as=script
referrer-policy
same-origin
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
content-encoding
gzip
age
504561
content-length
51207
server
Netlify
vary
Accept-Encoding
x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251198

Redirect headers

Cache-Control
public, max-age=0, must-revalidate
Content-Length
80
Content-Security-Policy
frame-ancestors 'self'
Content-Type
text/plain
Date
Wed, 05 Feb 2020 18:35:32 GMT
Link
</webpack-runtime-b08e5ceb1df584593fef.js>; rel=preload; as=script, </styles-f82247edd1920a4e61d2.js>; rel=preload; as=script, </commons-e4d1cf937e8afc4814a6.js>; rel=preload; as=script, </app-67b6f7a7af4974dbe53e.js>; rel=preload; as=script, </styles-f82247edd1920a4e61d2.js>; rel=preload; as=script, </component---src-templates-blog-post-index-js-3624399e161254b9cead.js>; rel=preload; as=script
Location
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
Age
0
Connection
keep-alive
Server
Netlify
X-NF-Request-ID
5bcb1665-95cc-4714-b13b-4761197a9e21-4251145
webpack-runtime-b08e5ceb1df584593fef.js
reaqta.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/webpack-runtime-b08e5ceb1df584593fef.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
c99a6f6d84cbf3ca5f81d229391740ea0c83fc874658d6cb0405ab16d0d6e074
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251212
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
vary
Accept-Encoding
age
531038
status
200
date
Thu, 30 Jan 2020 15:04:54 GMT
content-length
2724
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
x-frame-options
SAMEORIGIN
etag
"29f6d126c688391af9595a4525b194ca-ssl-df"
strict-transport-security
max-age=31536000
content-type
application/javascript
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-content-type-options
nosniff
styles-f82247edd1920a4e61d2.js
reaqta.com/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/styles-f82247edd1920a4e61d2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
a1d576ffa1aabae6a9957614f282436b3a98dfc6c1b5dff5ce4c9c02d111c75d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251214
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
vary
Accept-Encoding
age
531038
status
200
date
Thu, 30 Jan 2020 15:04:54 GMT
content-length
2829
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
x-frame-options
SAMEORIGIN
etag
"31575659facbfefe6ace69f13cff4de0-ssl-df"
strict-transport-security
max-age=31536000
content-type
application/javascript
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-content-type-options
nosniff
commons-e4d1cf937e8afc4814a6.js
reaqta.com/ 		126 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/commons-e4d1cf937e8afc4814a6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
d8f489460b67e39208a8714e35ec01ae38c304668038f028b16a5de7ba5945fd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251217
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
vary
Accept-Encoding
age
531038
status
200
date
Thu, 30 Jan 2020 15:04:54 GMT
content-length
40757
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
x-frame-options
SAMEORIGIN
etag
"48b4a3fdcc49f4c40a1030972479bd1d-ssl-df"
strict-transport-security
max-age=31536000
content-type
application/javascript
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-content-type-options
nosniff
app-67b6f7a7af4974dbe53e.js
reaqta.com/ 		128 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/app-67b6f7a7af4974dbe53e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
ca8d9d4213a1f21b438ed32004480c0e8aefe20aca87b37fae200e5f1d203001
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251219
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
vary
Accept-Encoding
age
531038
status
200
date
Thu, 30 Jan 2020 15:04:54 GMT
content-length
41685
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
x-frame-options
SAMEORIGIN
etag
"b47a4fcceeb98cb7f7686eae56e5bd6c-ssl-df"
strict-transport-security
max-age=31536000
content-type
application/javascript
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-content-type-options
nosniff
component---src-templates-blog-post-index-js-3624399e161254b9cead.js
reaqta.com/ 		104 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/component---src-templates-blog-post-index-js-3624399e161254b9cead.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
01213b8e5130ec732059a49e8c8d7875a2adf6e1294c8de7bcfce98553e3bff0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251220
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
vary
Accept-Encoding
age
519358
status
200
date
Thu, 30 Jan 2020 18:19:34 GMT
content-length
33773
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
x-frame-options
SAMEORIGIN
etag
"0e339e161446bc3897f2baf398874e81-ssl-df"
strict-transport-security
max-age=31536000
content-type
application/javascript
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-content-type-options
nosniff
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
reaqta.com/google-fonts/s/montserrat/v14/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/google-fonts/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Origin
https://reaqta.com

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251222
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
age
531038
status
200
strict-transport-security
max-age=31536000
content-length
19172
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
date
Thu, 30 Jan 2020 15:04:54 GMT
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=0, must-revalidate
etag
"80f426194bd2cfdee3c8dd7d2ac90f7a-ssl"
accept-ranges
bytes
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
reaqta.com/google-fonts/s/roboto/v20/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/google-fonts/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Origin
https://reaqta.com

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251223
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
age
531038
status
200
strict-transport-security
max-age=31536000
content-length
15816
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
date
Thu, 30 Jan 2020 15:04:54 GMT
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=0, must-revalidate
etag
"f94c4c59a2bd9608784c5ec8a524c19b-ssl"
accept-ranges
bytes
KFOmCnqEu92Fr1Mu4mxK.woff2
reaqta.com/google-fonts/s/roboto/v20/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/google-fonts/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Origin
https://reaqta.com

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251224
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
age
531038
status
200
strict-transport-security
max-age=31536000
content-length
15736
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
date
Thu, 30 Jan 2020 15:04:54 GMT
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=0, must-revalidate
etag
"175f553660c8e48f6409c60300c0a2ce-ssl"
accept-ranges
bytes
js
www.googletagmanager.com/gtag/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-54063955-1
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5b4672ab09079571da56305770a6c564771792b4fa2240f378cc568d53ce7e7f
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 05 Feb 2020 18:35:32 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=300; includeSubDomains
access-control-allow-headers
Cache-Control
content-length
28470
x-xss-protection
0
expires
Wed, 05 Feb 2020 18:35:32 GMT
page-data.json
reaqta.com/page-data/2017/11/muddywater-apt-targeting-middle-east/ 		64 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/page-data/2017/11/muddywater-apt-targeting-middle-east/page-data.json
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
40bf69809136ba22771b0fcaa0d60064aa974da9dd045a00e3ded102c9b899f4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Origin
https://reaqta.com

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251225
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
x-content-type-options
nosniff
age
504560
status
200
strict-transport-security
max-age=31536000
content-length
17043
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
x-frame-options
SAMEORIGIN
date
Thu, 30 Jan 2020 22:26:12 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
public, max-age=0, must-revalidate
etag
"23aa69b4b106743151face498ee81c5e-ssl-df"
accept-ranges
bytes
widgets.js
platform.twitter.com/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4dced00354b099d831f860145bbd0149f99889d4c45632e4d9e849f008123866

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 05 Feb 2020 18:35:32 GMT
content-encoding
gzip
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
28838
x-served-by
cache-iad2130-IAD, cache-fra19169-FRA
last-modified
Thu, 09 Jan 2020 22:50:12 GMT
etag
"09356930f7674f04e767f5b1203faeb7+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=1800
accept-ranges
bytes
tw-cdn
FT
Timeline.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Timeline.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
1c599ed787c1b6f4ded3dc1b1d51b97b6f5f8f36a71b3a768f41a5cb4092e4e3

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:32 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:01 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe5-1a551"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
107857
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Infrastructure.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		86 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Infrastructure.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ddcad993ce7ee1b37d1588bcc7f689d3cc554a53fe9b2bb4413537f7b0f1b5af

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:32 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:02 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe6-1599b"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88475
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Infections-Daily-Trend.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		127 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Infections-Daily-Trend.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
15da70355fee9e4c44b5552dc434e250ee5de78ca35319269429c2120a1e5f4e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:32 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:02 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe6-1fac6"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
129734
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Backdoors-Activity-per-Day.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		124 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Backdoors-Activity-per-Day.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
603f1f6f00cb97ec528c21a0f8cf55ca83382a95db015e9286aa5db9f0dcbd2b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:32 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe9-1f1a0"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
127392
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Backdoors-Activity-per-Hour.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		122 KB
122 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Backdoors-Activity-per-Hour.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
f09ab30d6f66cb389937d75991f009c42c803738cba118cf792f1223df793797

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:32 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:09 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fed-1e856"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
125014
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Unique-Victims-per-Country-768x509.jpg
upstream.rqt.io/wp-content/uploads/2017/11/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Unique-Victims-per-Country-768x509.jpg
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
db5f410f46d0f63d198d3e158bdce5a22eb9e24f3f3d85d08c4ff00c69e31a97

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:32 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:11 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fef-c844"
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
51268
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Backdoors_Acitivity_per_Country.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		77 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Backdoors_Acitivity_per_Country.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5f539333d4124bb5a04874d18060febaa376a514846229bd9a6bb7ebd78a1e62

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:04 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe8-1336e"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
78702
Expires
Thu, 31 Dec 2037 23:55:55 GMT
OS-Distribution.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		73 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/OS-Distribution.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
693dab14a0b8a60ecc8f4074fce8e884e27d74171fce7a94c1786fe61351d2bd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:06 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fea-12546"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
75078
Expires
Thu, 31 Dec 2037 23:55:55 GMT
decoy_1-232x300.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		89 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/decoy_1-232x300.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ab60ce4847c1a9c0b477ac8f61be445032076a04f3021481b8918ce026f2b3ff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fdc-163b2"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
91058
Expires
Thu, 31 Dec 2037 23:55:55 GMT
decoy_2-234x300.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/decoy_2-234x300.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
b8c338714ea2b53213c8b08e12d2ab1b047143389f95f01379689577aba2a396

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fdc-102a9"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
66217
Expires
Thu, 31 Dec 2037 23:55:55 GMT
decoy_3-236x300.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/decoy_3-236x300.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e15a39bbafeebb77bb5c7cdfaee0396d5014a144b5247367880197b7b15424ce

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fdc-d8e5"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
55525
Expires
Thu, 31 Dec 2037 23:55:55 GMT
decoy_4-232x300.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/decoy_4-232x300.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4cd3d34e365cf00ff0df32b01552e7e2b41c41244e583df7caa4515f355dfca9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fdc-d64a"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
54858
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Static_1.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Static_1.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
481bcdd49231f7add46b29bb1087907dbf8e0283c7f82ce823d823fe93440fe0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fdc-ab22"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43810
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Static_2.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Static_2.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
3063b373dfb53b9f76b8f8705920597b4039a234eb690ac3a49b7dd6c463fa4c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:53 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fdd-9d78"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
40312
Expires
Thu, 31 Dec 2037 23:55:55 GMT
debug-block-1-768x322.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		220 KB
220 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/debug-block-1-768x322.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
cb30bf66fad351f600fb896fe52203aefe2faae491019955dcfecb3b9a1d3639

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:53 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fdd-36f94"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
225172
Expires
Thu, 31 Dec 2037 23:55:55 GMT
debug-block-2-768x93.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		74 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/debug-block-2-768x93.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
35e4762af708440aeaa66a37183b4ff01161dbe420a3a4090ddf5988eb9d5322

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:54 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fde-12984"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
76164
Expires
Thu, 31 Dec 2037 23:55:55 GMT
func-block2.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/func-block2.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ec329163ce8ebba424a34115898353d893559c2e6192254bab47ce8e43851dbf

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:54 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fde-3579"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13689
Expires
Thu, 31 Dec 2037 23:55:55 GMT
backdoor-func-main.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/backdoor-func-main.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
daf71582f5feb1e85ec06eb196b73e5e13f841dc5213932eb9f83d5df4135912

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:54 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fde-c7d5"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
51157
Expires
Thu, 31 Dec 2037 23:55:55 GMT
func-persist-768x463.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		391 KB
391 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/func-persist-768x463.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
b9168484547c3bdc675e5a50e10250289c7f6d3f0edea417fb365eac79a02888

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:58 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe2-61b7e"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
400254
Expires
Thu, 31 Dec 2037 23:55:55 GMT
peristence-flow-768x73.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/peristence-flow-768x73.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
8eedc43615b6f9bba13ad9094cc53ccfa60b4e502acb72b9549ef3abcd80c290

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:58 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe2-9ac3"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
39619
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Normal.dotm-script.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Normal.dotm-script.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
084837eb72a62b5839d9d1be870a7207b5dc9aff3fd2c26ba11f2bf1b86e5fe9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:10 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fee-5bd4"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23508
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Normal.dotm-macro-768x337.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		192 KB
192 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Normal.dotm-macro-768x337.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
b7547f655e8781eed7693477dd30268fac37d70f2f2dc7ee94593d7372190fee

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:10 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fee-30096"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
196758
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ 		583 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b743f03a182e6d505519d501f77b4753cc6cbd9768eada9f9544fcdcd234782c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/jpeg
Combined_Proc-768x211.jpg
upstream.rqt.io/wp-content/uploads/2017/11/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/Combined_Proc-768x211.jpg
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ecf4384ebb5012ca76014beaaffac6e01f1bffb60b8d9ac4435b33b02fad84e0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:59 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe3-2a13"
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10771
Expires
Thu, 31 Dec 2037 23:55:55 GMT
httpGet-diff-768x521.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		393 KB
393 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/httpGet-diff-768x521.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
6b4a75c2cffdd787a138c01fd2c896ab4776755550310d263246a6af2b0fd6dd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:57 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe1-62388"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
402312
Expires
Thu, 31 Dec 2037 23:55:55 GMT
httpGet-diff-sendexpanded-768x60.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/httpGet-diff-sendexpanded-768x60.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
09861ed93d6826eb7a8a5e982ff2f79ef9b39d428e8369dba0822f54258d1f68

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:57 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe1-c451"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
50257
Expires
Thu, 31 Dec 2037 23:55:55 GMT
combined_crvrun-1-768x38.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/combined_crvrun-1-768x38.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
bf43d7796550a7f3a2e28a3be548c840431e187966c4972e3f1f700123a1586e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:57 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe1-55bc"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21948
Expires
Thu, 31 Dec 2037 23:55:55 GMT
combined_schedtsk-1-768x31.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/combined_schedtsk-1-768x31.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
47b0d1b3f3723cbd4154d0c20582caf58a4075b9e16c5b3c257c6dd409243992

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:58 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe2-3e06"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15878
Expires
Thu, 31 Dec 2037 23:55:55 GMT
proxy_list.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		89 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/proxy_list.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
07b6665778bd6e0e9748261fc42f06bbe2d9ae643fed5b4fb02072a6e9d799ff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:59 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe3-1625c"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
90716
Expires
Thu, 31 Dec 2037 23:55:55 GMT
register_edited.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/register_edited.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
61eb9dc99f983246e555e514fd8f5a901be4ad299603e13fe7a173ee14af6bd9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:59 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe3-2c60"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11360
Expires
Thu, 31 Dec 2037 23:55:55 GMT
sh-768x218.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		186 KB
186 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/sh-768x218.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
27ea1def0d477bdbd4985eaaa4e73bcf7d6a9499fef4bc862d62e8291f8d92bb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:34:59 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe3-2e6b5"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
190133
Expires
Thu, 31 Dec 2037 23:55:55 GMT
proxy-diff-768x673.png
upstream.rqt.io/wp-content/uploads/2017/11/ 		657 KB
657 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upstream.rqt.io/wp-content/uploads/2017/11/proxy-diff-768x673.png
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
209.182.234.229 Dallas, United States, ASN54540 (INCERO-HVVC, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e10e598bc7527a1dbadbbc43c5f2c3741d3e6f9ed2f9d9419da3c4020cc2b24a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 05 Feb 2020 18:35:33 GMT
Last-Modified
Tue, 03 Sep 2019 11:35:00 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5d6e4fe4-a439e"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
672670
Expires
Thu, 31 Dec 2037 23:55:55 GMT
cookieconsent.min.js
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 05 Feb 2020 18:35:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
19404
cf-ray
5606fc16cb40c286-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21031-AMS, cache-hhn1530-HHN
server
cloudflare
etag
W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07eaf66f58ae7076ec8ea025c93ed1dc2e9ca0a37ee3d86750955fa86aada601

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/png
app-data.json
reaqta.com/page-data/ 		50 B
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://reaqta.com/page-data/app-data.json
Requested by
Host: reaqta.com
URL: https://reaqta.com/app-67b6f7a7af4974dbe53e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
8e980a6088a7d6dc21eba53413e6e84b885340a22b33030f0f760016371ae78a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251251
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
x-content-type-options
nosniff
age
531037
status
200
vary
Accept-Encoding
content-length
70
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
x-frame-options
SAMEORIGIN
date
Thu, 30 Jan 2020 15:04:55 GMT
strict-transport-security
max-age=31536000
content-type
application/json
cache-control
public, max-age=0, must-revalidate
etag
"fc500a3a8494e1c5448fa3f9e98adc19-ssl-df"
accept-ranges
bytes
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-54063955-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7edf06d6436ec9420c26e56bd02ef5f5c93a9fb189ed16b1db402e57a0ea796
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Jan 2020 01:10:36 GMT
server
Golfe2
age
120
date
Wed, 05 Feb 2020 18:33:32 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17926
expires
Wed, 05 Feb 2020 20:33:32 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-54063955-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
ec7024e764e94caa58c7a18f4624dc84c9ee15537ff5418fd44e2f037f8abc30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 05 Feb 2020 18:35:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9931
x-xss-protection
0
server
cafe
etag
8273558640064030436
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 05 Feb 2020 18:35:32 GMT
MuddyWater_featured.webp
reaqta.com/static/7ab0913b9dc473330012f7ffad10fcd9/991d2/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reaqta.com/static/7ab0913b9dc473330012f7ffad10fcd9/991d2/MuddyWater_featured.webp
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:e0::298:6001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
bc8d2506498c7b0c59ec355a049b381a08dc75b64ff808cc08b1d3c1fba9dd67
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nf-request-id
5bcb1665-95cc-4714-b13b-4761197a9e21-4251270
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
age
504560
status
200
strict-transport-security
max-age=31536000
content-length
14192
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
Netlify
date
Thu, 30 Jan 2020 22:26:12 GMT
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public,max-age=31536000,immutable
etag
"35b61f28fa84203e092d22d5e5323c3e-ssl"
accept-ranges
bytes
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j80&a=1616199131&t=pageview&_s=1&dl=https%3A%2F%2Freaqta.com%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&dp=%2F2017%2F11%2Fmuddywater-apt...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-54063955-1&cid=1084130611.1580927732&jid=1193863628&_gid=1300090141.1580927732&gjid=1910177452&_v=j80&z=1289107845
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-54063955-1&cid=1084130611.1580927732&jid=1193863628&_v=j80&z=1289107845
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-54063955-1&cid=1084130611.1580927732&jid=1193863628&_v=j80&z=1289107845&slf_rd=1&random=2174718779
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-54063955-1&cid=1084130611.1580927732&jid=1193863628&_v=j80&z=1289107845&slf_rd=1&random=2174718779
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Feb 2020 18:35:32 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 05 Feb 2020 18:35:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-54063955-1&cid=1084130611.1580927732&jid=1193863628&_v=j80&z=1289107845&slf_rd=1&random=2174718779
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html
platform.twitter.com/widgets/ Frame 83C0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html?origin=https%3A%2F%2Freaqta.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
platform.twitter.com
:scheme
https
:path
/widgets/widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html?origin=https%3A%2F%2Freaqta.com
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
200
last-modified
Thu, 09 Jan 2020 22:38:16 GMT
cache-control
public, max-age=315360000
content-type
text/html; charset=utf-8
etag
"4b563298f37eb3ef2a2f8897be83c714+gzip"
content-encoding
gzip
access-control-allow-methods
GET
access-control-allow-origin
*
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges
bytes
date
Wed, 05 Feb 2020 18:35:32 GMT
x-served-by
cache-iad2141-IAD, cache-fra19169-FRA
x-cache
HIT, HIT
vary
Accept-Encoding
tw-cdn
FT
content-length
5825
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/694569725/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/694569725/?random=1580927732431&cv=9&fst=1580927732431&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou1m0&sendb=1&ig=1&data=event%3Dpage_view%3Bpage_path%3D%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&frm=0&url=https%3A%2F%2Freaqta.com%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&tiba=A%20dive%20into%20MuddyWater%20APT%20targeting%20Middle-East&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6e48eb34c52b8cc8f5cc7bf81f278c89c096ee28b1edf691e0c3fb287852c8fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Feb 2020 18:35:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1079
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/694569725/ 		42 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/694569725/?random=1580927732431&cv=9&fst=1580925600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou1m0&sendb=1&data=event%3Dpage_view%3Bpage_path%3D%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&frm=0&url=https%3A%2F%2Freaqta.com%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&tiba=A%20dive%20into%20MuddyWater%20APT%20targeting%20Middle-East&async=1&fmt=3&is_vtc=1&random=3192027134&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Feb 2020 18:35:32 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/694569725/ 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/694569725/?random=1580927732431&cv=9&fst=1580925600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou1m0&sendb=1&data=event%3Dpage_view%3Bpage_path%3D%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&frm=0&url=https%3A%2F%2Freaqta.com%2F2017%2F11%2Fmuddywater-apt-targeting-middle-east%2F&tiba=A%20dive%20into%20MuddyWater%20APT%20targeting%20Middle-East&async=1&fmt=3&is_vtc=1&random=3192027134&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: reaqta.com
URL: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Feb 2020 18:35:32 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| gtag object| dataLayer string| pagePath object| ___chunkMapping object| webpackJsonp object| __core-js_shared__ object| core object| asyncRequires object| ___emitter object| ___loader boolean| __navigatingToLink function| ___push function| ___replace function| ___navigate object| cookieconsent object| google_tag_manager string| GoogleAnalyticsObject function| ga string| ___webpackCompilationHash object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| __twttrll object| twttr object| __twttr function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

3 Cookies

Domain/Path Name / Value
.reaqta.com/ Name: _gat_gtag_UA_54063955_1
Value: 1
.reaqta.com/ Name: _gid
Value: GA1.2.1300090141.1580927732
.reaqta.com/ Name: _ga
Value: GA1.2.1084130611.1580927732

2 Console Messages

Source Level URL
Text
console-api error URL: https://reaqta.com/commons-e4d1cf937e8afc4814a6.js(Line 1)
Message:
TypeError: Cannot read property 'getItem' of null
console-api error URL: https://reaqta.com/commons-e4d1cf937e8afc4814a6.js(Line 1)
Message:
TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
googleads.g.doubleclick.net
platform.twitter.com
reaqta.com
stats.g.doubleclick.net
upstream.rqt.io
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
151.101.12.157
172.217.21.194
209.182.234.229
2606:4700::6810:5514
2a00:1450:4001:806::200e
2a00:1450:4001:818::2003
2a00:1450:4001:819::2008
2a00:1450:4001:81a::2004
2a00:1450:4001:820::2002
2a00:1450:400c:c00::9b
2a03:b0c0:3:e0::298:6001
01213b8e5130ec732059a49e8c8d7875a2adf6e1294c8de7bcfce98553e3bff0
07b6665778bd6e0e9748261fc42f06bbe2d9ae643fed5b4fb02072a6e9d799ff
07eaf66f58ae7076ec8ea025c93ed1dc2e9ca0a37ee3d86750955fa86aada601
084837eb72a62b5839d9d1be870a7207b5dc9aff3fd2c26ba11f2bf1b86e5fe9
09861ed93d6826eb7a8a5e982ff2f79ef9b39d428e8369dba0822f54258d1f68
15da70355fee9e4c44b5552dc434e250ee5de78ca35319269429c2120a1e5f4e
1c599ed787c1b6f4ded3dc1b1d51b97b6f5f8f36a71b3a768f41a5cb4092e4e3
27ea1def0d477bdbd4985eaaa4e73bcf7d6a9499fef4bc862d62e8291f8d92bb
3063b373dfb53b9f76b8f8705920597b4039a234eb690ac3a49b7dd6c463fa4c
35e4762af708440aeaa66a37183b4ff01161dbe420a3a4090ddf5988eb9d5322
40bf69809136ba22771b0fcaa0d60064aa974da9dd045a00e3ded102c9b899f4
47b0d1b3f3723cbd4154d0c20582caf58a4075b9e16c5b3c257c6dd409243992
481bcdd49231f7add46b29bb1087907dbf8e0283c7f82ce823d823fe93440fe0
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
4cd3d34e365cf00ff0df32b01552e7e2b41c41244e583df7caa4515f355dfca9
4dced00354b099d831f860145bbd0149f99889d4c45632e4d9e849f008123866
5b4672ab09079571da56305770a6c564771792b4fa2240f378cc568d53ce7e7f
5f539333d4124bb5a04874d18060febaa376a514846229bd9a6bb7ebd78a1e62
603f1f6f00cb97ec528c21a0f8cf55ca83382a95db015e9286aa5db9f0dcbd2b
61eb9dc99f983246e555e514fd8f5a901be4ad299603e13fe7a173ee14af6bd9
693dab14a0b8a60ecc8f4074fce8e884e27d74171fce7a94c1786fe61351d2bd
6b4a75c2cffdd787a138c01fd2c896ab4776755550310d263246a6af2b0fd6dd
6e48eb34c52b8cc8f5cc7bf81f278c89c096ee28b1edf691e0c3fb287852c8fc
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
8e980a6088a7d6dc21eba53413e6e84b885340a22b33030f0f760016371ae78a
8eedc43615b6f9bba13ad9094cc53ccfa60b4e502acb72b9549ef3abcd80c290
a1d576ffa1aabae6a9957614f282436b3a98dfc6c1b5dff5ce4c9c02d111c75d
ab60ce4847c1a9c0b477ac8f61be445032076a04f3021481b8918ce026f2b3ff
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
b743f03a182e6d505519d501f77b4753cc6cbd9768eada9f9544fcdcd234782c
b7547f655e8781eed7693477dd30268fac37d70f2f2dc7ee94593d7372190fee
b8c338714ea2b53213c8b08e12d2ab1b047143389f95f01379689577aba2a396
b9168484547c3bdc675e5a50e10250289c7f6d3f0edea417fb365eac79a02888
bc8d2506498c7b0c59ec355a049b381a08dc75b64ff808cc08b1d3c1fba9dd67
bf43d7796550a7f3a2e28a3be548c840431e187966c4972e3f1f700123a1586e
c99a6f6d84cbf3ca5f81d229391740ea0c83fc874658d6cb0405ab16d0d6e074
ca8d9d4213a1f21b438ed32004480c0e8aefe20aca87b37fae200e5f1d203001
cb30bf66fad351f600fb896fe52203aefe2faae491019955dcfecb3b9a1d3639
d8f489460b67e39208a8714e35ec01ae38c304668038f028b16a5de7ba5945fd
daf71582f5feb1e85ec06eb196b73e5e13f841dc5213932eb9f83d5df4135912
db5f410f46d0f63d198d3e158bdce5a22eb9e24f3f3d85d08c4ff00c69e31a97
ddcad993ce7ee1b37d1588bcc7f689d3cc554a53fe9b2bb4413537f7b0f1b5af
df1ee81b1bd33d05ea63e0554e8faa11159bb87338111d96b3ffa73e32ea9b2c
e10e598bc7527a1dbadbbc43c5f2c3741d3e6f9ed2f9d9419da3c4020cc2b24a
e15a39bbafeebb77bb5c7cdfaee0396d5014a144b5247367880197b7b15424ce
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
e7edf06d6436ec9420c26e56bd02ef5f5c93a9fb189ed16b1db402e57a0ea796
ec329163ce8ebba424a34115898353d893559c2e6192254bab47ce8e43851dbf
ec7024e764e94caa58c7a18f4624dc84c9ee15537ff5418fd44e2f037f8abc30
ecf4384ebb5012ca76014beaaffac6e01f1bffb60b8d9ac4435b33b02fad84e0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09ab30d6f66cb389937d75991f009c42c803738cba118cf792f1223df793797