www.cyber.nj.gov Open in urlscan Pro
45.60.124.188 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Submission: On May 11 via api (May 11th 2022, 6:25:29 pm UTC) from US — Scanned from DE

Summary HTTP 62 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 20 IPs in 4 countries across 18 domains to perform 62 HTTP transactions. The main IP is 45.60.124.188, located in United States and belongs to INCAPSULA, US. The main domain is www.cyber.nj.gov.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q2 on April 28th 2022. Valid for: 6 months.

This is the only time www.cyber.nj.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 23	45.60.124.188 45.60.124.188	19551 (INCAPSULA) (INCAPSULA)
2	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
6	2600:9000:215... 2600:9000:2156:1200:17:108e:3bc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.225.84.188 13.225.84.188	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::282 2a04:4e42::282	54113 (FASTLY) (FASTLY)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
6	104.84.56.126 104.84.56.126	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.248.44 18.66.248.44	16509 (AMAZON-02) (AMAZON-02)
1	52.70.23.21 52.70.23.21	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700:303... 2606:4700:3030::6815:2c6a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.102.30.13 104.102.30.13	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:231... 2600:9000:2315:4000:a:e02a:3080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.216.25.190 52.216.25.190	16509 (AMAZON-02) (AMAZON-02)
62	20

23 45.60.124.188 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

www.cyber.nj.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2156:1200:17:108e:3bc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.buttercms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.84.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-188.fra2.r.cloudfront.net

d33wubrfki0l68.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::282 (United States)

ASN54113 (FASTLY, US)

cdn.polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.84.56.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-84-56-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.248.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-44.dus51.r.cloudfront.net

app.artibot.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.70.23.21 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-23-21.compute-1.amazonaws.com

api.artibot.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3030::6815:2c6a (United States)

ASN13335 (CLOUDFLARENET, US)

prod.artibotcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.102.30.13 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-30-13.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:4000:a:e02a:3080:93a1 (United States)

ASN16509 (AMAZON-02, US)

api-cdn.prod-aws.artibot.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.25.190 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	nj.gov 1 redirects www.cyber.nj.gov	341 KB
6	buttercms.com cdn.buttercms.com — Cisco Umbrella Rank: 120549	187 KB
5	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1493 m.addthis.com — Cisco Umbrella Rank: 1449	169 KB
4	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2363	80 KB
3	artibot.ai app.artibot.ai — Cisco Umbrella Rank: 270999 api.artibot.ai — Cisco Umbrella Rank: 270986 api-cdn.prod-aws.artibot.ai — Cisco Umbrella Rank: 334377	6 KB
3	gstatic.com fonts.gstatic.com	153 KB
3	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 3175 onesignal.com — Cisco Umbrella Rank: 1158	73 KB
2	artibotcdn.com prod.artibotcdn.com — Cisco Umbrella Rank: 286359	88 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	2 KB
1	amazonaws.com s3.amazonaws.com	23 KB
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1736	911 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 374	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 432	8 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 660	24 KB
1	polyfill.io cdn.polyfill.io — Cisco Umbrella Rank: 2426	416 B
1	cloudfront.net d33wubrfki0l68.cloudfront.net	130 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	39 KB
62	18

	Domain	Requested by
23	www.cyber.nj.gov	1 redirects www.cyber.nj.gov
6	cdn.buttercms.com	www.cyber.nj.gov
4	stackpath.bootstrapcdn.com	www.cyber.nj.gov
3	s7.addthis.com	www.cyber.nj.gov s7.addthis.com
3	fonts.gstatic.com	fonts.googleapis.com
2	m.addthis.com	s7.addthis.com
2	prod.artibotcdn.com	app.artibot.ai
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdn.onesignal.com	www.cyber.nj.gov cdn.onesignal.com
2	fonts.googleapis.com	www.cyber.nj.gov
1	s3.amazonaws.com
1	v1.addthisedge.com	s7.addthis.com
1	api-cdn.prod-aws.artibot.ai	prod.artibotcdn.com
1	z.moatads.com	s7.addthis.com
1	api.artibot.ai	app.artibot.ai
1	app.artibot.ai	www.cyber.nj.gov
1	onesignal.com	cdn.onesignal.com
1	cdn.jsdelivr.net	www.cyber.nj.gov
1	code.jquery.com	www.cyber.nj.gov
1	cdn.polyfill.io	www.cyber.nj.gov
1	d33wubrfki0l68.cloudfront.net	www.cyber.nj.gov
1	www.googletagmanager.com	www.cyber.nj.gov
62	22

This site contains links to these domains. Also see Links.

Domain
nj.gov
www.cisecurity.org
members.cyber.nj.gov
www.intego.com
blog.confiant.com
www.carbonblack.com
www.bleepingcomputer.com
twitter.com
www.facebook.com
www.instagram.com
www.nj.gov
www.addthis.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-04-28` - `2022-10-28`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.buttercms.com Sectigo RSA Domain Validation Secure Server CA	`2022-01-13` - `2023-02-07`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-03-08` - `2023-04-09`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
*.artibot.ai Amazon	`2022-04-19` - `2023-05-18`	a year	crt.sh
artibotcdn.com Cloudflare Inc ECC CA-3	`2022-04-14` - `2023-04-14`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Frame ID: B4694BE64C5D0EA86242646B8F6260D2
Requests: 61 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: F51F9E41C8F253EBF5AE469C422E1CDD
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 4AF663430D1F994CC9811CFB33837639
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NJCCIC Threat Profile Shlayer

Page URL History Show full URLs

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer Page URL
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer HTTP 301
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddThis (Widgets) Expand

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

62
Requests

97 %
HTTPS

63 %
IPv6

18
Domains

22
Subdomains

20
IPs

4
Countries

1346 kB
Transfer

3306 kB
Size

8
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://nj.gov/
Title: OFFICIAL SITE OF THE STATE OF NEW JERSEY

Search URL Search Domain Scan URL

URL: https://www.cisecurity.org/cybersecurity-threats/alert-level/
Title: NJ's Current Cyber Alert Level: "ELEVATED"

Search URL Search Domain Scan URL

URL: https://members.cyber.nj.gov/login?ec=302&startURL=%2Fs%2F
Title: Member Portal Login

Search URL Search Domain Scan URL

URL: https://members.cyber.nj.gov/
Title: Login

Search URL Search Domain Scan URL

URL: https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/
Title: here

Search URL Search Domain Scan URL

URL: https://blog.confiant.com/confiant-malwarebytes-uncover-steganography-based-ad-payload-that-drops-shlayer-trojan-on-mac-cd31e885c202
Title: Confiant

Search URL Search Domain Scan URL

URL: https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Title: Carbon Black

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/10-percent-of-all-macs-shlayered-malware-cocktail-served/
Title: Bleeping Computer

Search URL Search Domain Scan URL

URL: https://twitter.com/NJCybersecurity

Search URL Search Domain Scan URL

URL: https://www.facebook.com/NJCCIC/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/njcybersecurity/

Search URL Search Domain Scan URL

URL: https://www.nj.gov/nj/privacy.html
Title: here

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image&utm_campaign=Marketing%20tool%20logo

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer Page URL
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer HTTP 301
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

62 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 shlayer Show response
www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/ 212 B
590 B 194ms
23ms Document
text/html 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store
content-length: 212
content-type: text/html
strict-transport-security: max-age=300
x-iinfo: 14-132606608-0 0NNN RT(1652293520751 24) q(0 -1 -1 0) r(0 -1) B10(4,314,0) U18

GET
H2 200 _Incapsula_Resource Show response
www.cyber.nj.gov/ 183 KB
26 KB 30ms
30ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

062d2222576487a2a585cfea3426a5a9eb03dc9d5d28637775d757f3271a659c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 26559
content-type: application/javascript

GET
H2 200 _Incapsula_Resource
www.cyber.nj.gov/ 29 B
57 B 20ms
20ms XHR
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/_Incapsula_Resource?SWHANEDL=141815229548031761,5538639230999128898,1513548559533953054,763132

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=300
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 29
content-type: application/javascript

GET
H2

200

Primary Request / Show response
www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Redirect Chain

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

243 KB
43 KB

300ms
300ms

Document
text/html

45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

0f2d9f26db04d9e82f294b4ced09fe36acd5a2dc365b6d95a06ca67e922e384b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1
cache-control: public, max-age=0, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 11 May 2022 18:25:22 GMT
etag: "252527d80429984e463df18900100c42-ssl-df"
link: </webpack-runtime-1ce23a582d204897dca3.js>; rel=preload; as=script, </framework-a1ef71e2ff6c0346af04.js>; rel=preload; as=script, </app-12b34dbd342418d5d586.js>; rel=preload; as=script, </styles-407fe62976dc5310c43e.js>; rel=preload; as=script, </framework-a1ef71e2ff6c0346af04.js>; rel=preload; as=script, </b637e9a5-2a20e1ce6d8b15d59760.js>; rel=preload; as=script, </fa4afcbab4d24ae7f41b38f7bef43479c401fc53-1090f05d5008b829fbe8.js>; rel=preload; as=script, </db66ba054d2938ada4a9eb146b6d3fec7f594699-31bfb36b3c575697be43.js>; rel=preload; as=script, </component---src-templates-markdownpage-js-56a711809fbe9d0d3753.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/threat-center/threat-profiles/macos-malware-variants/shlayer/page-data.json>; rel=preload; as=fetch; crossorigin
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cdn: Imperva
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-iinfo: 14-132606608-132606724 NNNY CT(1 133 0) RT(1652293520751 789) q(0 0 0 -1) r(3 3) U12
x-nf-request-id: 01G2T5WMHYJ1W8R1F08S01C15P
x-xss-protection: 1; mode=block

Redirect headers

age: 0
cache-control: public, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8
date: Wed, 11 May 2022 18:25:21 GMT
etag: "252527d80429984e463df18900100c42-ssl-df"
link: </webpack-runtime-1ce23a582d204897dca3.js>; rel=preload; as=script, </framework-a1ef71e2ff6c0346af04.js>; rel=preload; as=script, </app-12b34dbd342418d5d586.js>; rel=preload; as=script, </styles-407fe62976dc5310c43e.js>; rel=preload; as=script, </framework-a1ef71e2ff6c0346af04.js>; rel=preload; as=script, </b637e9a5-2a20e1ce6d8b15d59760.js>; rel=preload; as=script, </fa4afcbab4d24ae7f41b38f7bef43479c401fc53-1090f05d5008b829fbe8.js>; rel=preload; as=script, </db66ba054d2938ada4a9eb146b6d3fec7f594699-31bfb36b3c575697be43.js>; rel=preload; as=script, </component---src-templates-markdownpage-js-56a711809fbe9d0d3753.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/threat-center/threat-profiles/macos-malware-variants/shlayer/page-data.json>; rel=preload; as=fetch; crossorigin
location: /threat-center/threat-profiles/macos-malware-variants/shlayer/
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-cdn: Imperva
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-iinfo: 14-132606608-132606640 NNNN CT(2 118 0) RT(1652293520751 161) q(0 0 1 -1) r(6 6) U11
x-nf-request-id: 01G2T5WM1ZPB86W85SS7E3TD37
x-xss-protection: 1; mode=block

GET
H2 200 _Incapsula_Resource
www.cyber.nj.gov/ 1 B
36 B 21ms
20ms Image
text/plain 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyber.nj.gov/_Incapsula_Resource?SWKMTFSR=1&e=0.7038485788960378

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=300
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET _Incapsula_Resource
www.cyber.nj.gov/ 0
0

GET
H2 200 webpack-runtime-1ce23a582d204897dca3.js Show response
www.cyber.nj.gov/ 16 KB
4 KB 27ms
22ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/webpack-runtime-1ce23a582d204897dca3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

7e65dbfe9d4a74d7e58760df80340d5ff3a61a21436ccace7e207a4bd2c2caaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:21 GMT
content-encoding: gzip
x-cdn: Imperva
etag: "fde060aee366ba39745623096c814c10-ssl-df"
strict-transport-security: max-age=300
content-type: application/javascript; charset=UTF-8
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 1109) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=31086079, public
content-length: 4292
expires: Sat, 06 May 2023 13:26:40 GMT

GET
H2 200 framework-a1ef71e2ff6c0346af04.js Show response
www.cyber.nj.gov/ 24 KB
9 KB 29ms
23ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/framework-a1ef71e2ff6c0346af04.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4e3bd35e4925399540d7d86a8880282f46c0666c62dbf4bff302cf86495721b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:21 GMT
content-encoding: gzip
x-cdn: Imperva
etag: "166e30e9893d3829beb28902049bd1b7-ssl-df"
strict-transport-security: max-age=300
content-type: application/javascript; charset=UTF-8
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 1112) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=31165957, public
content-length: 8637
expires: Sun, 07 May 2023 11:37:58 GMT

GET
H2 200 app-12b34dbd342418d5d586.js Show response
www.cyber.nj.gov/ 60 KB
16 KB 32ms
24ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/app-12b34dbd342418d5d586.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

50ec3038d8a8e5c59f60979b4b218a1a9bf1fd7c46429d0e8df8f96009982f2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:21 GMT
content-encoding: gzip
x-cdn: Imperva
etag: "98f22b0de8f247ebeec788ebd3cf80bb-ssl-df"
strict-transport-security: max-age=300
content-type: application/javascript; charset=UTF-8
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 1114) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=31165957, public
content-length: 16485
expires: Sun, 07 May 2023 11:37:58 GMT

GET
H2 200 styles-407fe62976dc5310c43e.js Show response
www.cyber.nj.gov/ 61 B
220 B 45ms
37ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/styles-407fe62976dc5310c43e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0fae8b03858a764bad3e9af19bfc924ead5b9e25c760432c19e91cba3dff1cf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:21 GMT
content-encoding: gzip
x-cdn: Imperva
etag: "c2d73bbf9405802cf49e0515f30a2e9a-ssl"
strict-transport-security: max-age=300
content-type: application/javascript; charset=UTF-8
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 1117) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=31086080, public
content-length: 64
expires: Sat, 06 May 2023 13:26:41 GMT

GET
H2 200 b637e9a5-2a20e1ce6d8b15d59760.js Show response
www.cyber.nj.gov/ 88 KB
30 KB 42ms
36ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/b637e9a5-2a20e1ce6d8b15d59760.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

288fc7e36404204d7bdef33d189cc4b0c18a195f871e2b250b4f69cd1c9f5289

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:21 GMT
content-encoding: gzip
x-cdn: Imperva
etag: "a604d586aa07dd84a2b991c77ba13705-ssl-df"
strict-transport-security: max-age=300
content-type: application/javascript; charset=UTF-8
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 1118) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=31131905, public
content-length: 31016
expires: Sun, 07 May 2023 02:10:26 GMT

GET
H2 200 fa4afcbab4d24ae7f41b38f7bef43479c401fc53-1090f05d5008b829fbe8.js Show response
www.cyber.nj.gov/ 17 KB
6 KB 42ms
38ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/fa4afcbab4d24ae7f41b38f7bef43479c401fc53-1090f05d5008b829fbe8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

5432e4b7d5acc559d6df52a02c04cb177f3f2bd8769a2c0cc7fe79e3efa93378

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:21 GMT
content-encoding: gzip
x-cdn: Imperva
etag: "e851f2b6a0e6a280bdf5f4d8972bc35d-ssl-df"
strict-transport-security: max-age=300
content-type: application/javascript; charset=UTF-8
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 1120) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=31165958, public
content-length: 5829
expires: Sun, 07 May 2023 11:37:59 GMT

GET
H2 200 db66ba054d2938ada4a9eb146b6d3fec7f594699-31bfb36b3c575697be43.js Show response
www.cyber.nj.gov/ 82 KB
21 KB 46ms
42ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/db66ba054d2938ada4a9eb146b6d3fec7f594699-31bfb36b3c575697be43.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a47833054581de59110ced74ba3d12489abe41c6ea760d865ba44d51bbf72c73

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:21 GMT
content-encoding: gzip
x-cdn: Imperva
etag: "baff5f02ec5ee67d39ba185ded965bc0-ssl-df"
strict-transport-security: max-age=300
content-type: application/javascript; charset=UTF-8
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 1121) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=31086080, public
content-length: 20947
expires: Sat, 06 May 2023 13:26:41 GMT

GET
H2 200 component---src-templates-markdownpage-js-56a711809fbe9d0d3753.js Show response
www.cyber.nj.gov/ 3 KB
1 KB 46ms
43ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/component---src-templates-markdownpage-js-56a711809fbe9d0d3753.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

96b4cc2dc76f0aa76635630e828da4d599b7e6a75d395b575849ed15f81b3926

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:21 GMT
content-encoding: gzip
x-cdn: Imperva
etag: "f00667ea02d2f3b5bac18689ae3cb8ac-ssl-df"
strict-transport-security: max-age=300
content-type: application/javascript; charset=UTF-8
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 1122) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=31099111, public
content-length: 1047
expires: Sat, 06 May 2023 17:03:52 GMT

GET
H2 200 app-data.json
www.cyber.nj.gov/page-data/ 50 B
276 B 46ms
43ms Other
application/json 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/page-data/app-data.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

faea0aeb25941f56ca022dd371aa689c52a0049a3593b64c12aa519bdb19f02e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-nf-request-id: 01G2T5WMWHZCVEC1QCHEQ3W2S8
date: Wed, 11 May 2022 14:28:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
age: 14231
x-iinfo: 14-132606608-132606813 NNYY CT(1 129 0) RT(1652293520751 1123) q(0 0 0 -1) r(0 0) U2
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: SAMEORIGIN
etag: "653eaf1648c112071649bb04d1ac75bb-ssl"
strict-transport-security: max-age=31536000
content-type: application/json
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 page-data.json
www.cyber.nj.gov/page-data/threat-center/threat-profiles/macos-malware-variants/shlayer/ 4 KB
2 KB 349ms
347ms Other
application/json 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/page-data/threat-center/threat-profiles/macos-malware-variants/shlayer/page-data.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

1de9fea0feaebe97b8af082654c3b239388511327ab4bc3cbeb952dfd9437ef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-nf-request-id: 01G2T5WMWCFMM31J4XK18C2XQQ
date: Wed, 11 May 2022 18:25:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
age: 0
x-iinfo: 14-132606608-132606815 NNNY CT(1 125 0) RT(1652293520751 1124) q(0 0 0 -1) r(3 3) U2
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: SAMEORIGIN
etag: "88d8cfd62d88e583eeb7093c481580e8-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 t-you-stance-Exeunt-had-Hous-Foolength-Cast-be-s Show response
www.cyber.nj.gov/ 141 KB
45 KB 56ms
51ms Script
text/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/t-you-stance-Exeunt-had-Hous-Foolength-Cast-be-s

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

connector /

Resource Hash

e229b742f755cafd89dc64dd8181cfe82bc0e03025b4231f45277e5a4571a12d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:22 GMT
content-encoding: gzip
server: connector
strict-transport-security: max-age=300
content-type: text/javascript
access-control-allow-origin: *
x-iinfo: 14-132606608-132607056 NNNN CT(2 4 0) RT(1652293520751 2481) q(0 0 0 -1) r(0 0) U2
cache-control: private, max-age=60
server-timing: bon, total;dur=6.825981
content-length: 45950
x-cdn: Imperva

GET
H2 200 css
fonts.googleapis.com/ 0
873 B 87ms
33ms Other
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cardo|Nunito:300|Material+Icons&display=swap

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 May 2022 18:25:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 11 May 2022 18:25:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 May 2022 18:25:23 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 86ms
32ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cardo|Nunito:300|Material+Icons&display=swap

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

73ad8cc845fe98247d0ae46b7af630051c5c274299e70bf9b01a0f61a93c65ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 May 2022 18:25:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 11 May 2022 18:25:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 May 2022 18:25:23 GMT

GET
H2 200 2001626772.json
www.cyber.nj.gov/page-data/sq/d/ 6 KB
1 KB 30ms
29ms Other
application/json 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/page-data/sq/d/2001626772.json

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

8c93c91a88cce024ff3ee16ff346aa8b4bbb401504162634dab00df69ca9af57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-nf-request-id: 01G2T5WP6ZFK4ZKWSQ1MWSSZKG
date: Wed, 11 May 2022 14:28:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
age: 14232
x-iinfo: 14-132606608-132606724 PNNy RT(1652293520751 2488) q(0 0 0 -1) r(0 0) U2
strict-transport-security: max-age=31536000
content-length: 1293
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: SAMEORIGIN
etag: "eb428d150424e79ef32b708e9b261f1b-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 2628674228.json
www.cyber.nj.gov/page-data/sq/d/ 719 B
491 B 30ms
29ms Other
application/json 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/page-data/sq/d/2628674228.json

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

022278202b62f09d48ced661ad9d8116bf0bb72aecf1d4c06fc15377e8d99334

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-nf-request-id: 01G2T5WP6ZKRZ4Z7SV9F760G22
date: Wed, 11 May 2022 14:28:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
age: 14233
x-iinfo: 14-132606608-132606815 PNYy RT(1652293520751 2490) q(0 0 0 -1) r(0 0) U2
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: SAMEORIGIN
etag: "6839fa2a9aea2d07ecf02b307163358a-ssl"
strict-transport-security: max-age=31536000
content-type: application/json
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 2769593191.json
www.cyber.nj.gov/page-data/sq/d/ 8 KB
2 KB 31ms
30ms Other
application/json 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/page-data/sq/d/2769593191.json

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

fc15c8cc0362c2bdfff31836712656a9380e29015482afbe5fa5a16bf516b56d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-nf-request-id: 01G2T5WP72ZEJSN6X3VP9HPA05
date: Wed, 11 May 2022 14:28:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
age: 14233
x-iinfo: 14-132606608-132606813 PNNy RT(1652293520751 2491) q(0 0 0 -1) r(0 0) U2
strict-transport-security: max-age=31536000
content-length: 2076
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: SAMEORIGIN
etag: "67822465fc1334e75c15d4b6eb051dbf-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 157 KB
25 KB 91ms
42ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601
age: 10926078
cdn-cachedat: 08/03/2021 15:44:07
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: d065c1e5987c3b2f2a76b25fc1ea81b7
cf-ray: 709cf4fb4ef769a3-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 100ms
40ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-162455942-1

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

37c9702e946cb9673c5424b1da3d78fd20f27fdf89f0194766355f3ec2d71d77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39094
x-xss-protection: 0
last-modified: Wed, 11 May 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 May 2022 18:25:23 GMT

GET
H2 200 kWwPshCMTHmgpFkQuK4Q
cdn.buttercms.com/ 50 KB
51 KB 299ms
68ms Image
image/png 2600:9000:2156:1200:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/kWwPshCMTHmgpFkQuK4Q
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1200:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: a6ea5009d0ef07479970cc3bf6e6012d876d3f35bd8b5102f801c0d4ca826b71

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 09 May 2022 07:36:37 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
age: 442793
x-cache: Hit from cloudfront
content-disposition: inline; filename="Cream & Gray Massage Logo-seal.png"
content-length: 51068
x-served-by: cache-iad-kcgs7200119-IAD, cache-hhn4068-HHN
last-modified: Sat, 23 May 2020 14:48:06 GMT
x-file-name: Cream & Gray Massage Logo-seal.png
x-timer: S1652081797.216359,VS0,VE1
etag: "d6b6dce3a65b92bd2b046af24e07f7b5"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-File-Name
cache-control: public, max-age=2678400
filestack-trace-id: 1651850731-bG5RrklSQg
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: KWJeB-ok3C--JXYxkqOIFXEBGrtlaVpH9Qxjc2Nz3IRpSVJ95djgTg==
x-cache-hits: 1, 1

GET
H2 200 logo-e2523476d5c388367cf15d2e17790e83.png
d33wubrfki0l68.cloudfront.net/dd8b5edbb242e98deafa5dea15abba4853b89569/be0a0/static/ 130 KB
130 KB 92ms
27ms Image
image/png 13.225.84.188
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/dd8b5edbb242e98deafa5dea15abba4853b89569/be0a0/static/logo-e2523476d5c388367cf15d2e17790e83.png
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-188.fra2.r.cloudfront.net
Software: Netlify /
Resource Hash: de988cf3b2597025a198470b1f9982215468dab475c2ca81c7d1119793980d2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-nf-request-id: 01FV8ZZ1P0N2BPKXD495XJF26B
date: Mon, 07 Feb 2022 02:24:51 GMT
via: 1.1 ccfe5851ecd4194e2d976fb32dec7538.cloudfront.net (CloudFront)
server: Netlify
age: 8092832
etag: 730dc17fbc1430b27032ba02fd2615545b3241c9
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 132694
x-amz-cf-id: hMbobR6wVOKX5eqYVcQ_BQYPns8zEteeptu2udHIZL9nMaOwRAn0Fw==

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/ 157 KB
24 KB 52ms
52ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 617, 617
age: 6506131
cdn-cachedat: 2021-06-08 14:20:02
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:10 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 03155eb383693948b09c7d5f455ff7de
cf-ray: 709cf4fb8f7569a3-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/ 59 KB
15 KB 39ms
39ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632
age: 1057388
cdn-cachedat: 03/08/2022 23:00:23
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.02
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:10 GMT
server: cloudflare
cdn-requestpullcode: 200
etag: W/"6bea60c34c5db6797150610dacdc6bce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 2424e40de6c82c5c4aa2eb1fde2d89b4
cf-ray: 709cf4fb8f9369a3-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 polyfill.min.js Show response
cdn.polyfill.io/v3/ 101 B
416 B 88ms
36ms Script
text/javascript 2a04:4e42::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.polyfill.io/v3/polyfill.min.js?features=fetch
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
last-modified: Mon, 11 Apr 2022 21:36:08 GMT
age: 0
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
useragent_normaliser: chrome/101.0.0
server-timing: cache-hhn4029, PASS, fastly;desc="Edge time";dur=14
accept-ranges: bytes
content-length: 94

GET
H2 200 jquery-3.5.1.slim.min.js Show response
code.jquery.com/ 71 KB
24 KB 83ms
29ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.slim.min.js
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

Request headers

Referer
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-11abc"
vary: Accept-Encoding
x-hw: 1652293523.dop126.fr8.t,1652293523.cds156.fr8.hn,1652293523.cds240.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 24606

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/ 21 KB
8 KB 80ms
34ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4439023
x-jsd-version: 1.16.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19156-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MrkwgQWK91pr8OjuUAaQQKWsy3Ih5xEPAU573EyeD%2Be%2FNax3qqWusCelAkNDFhSwWnRhvq7bFncYYn3ojqLWWTun%2BzHCHR0FisZ6uQoy3ISEs1UT%2Bj75aS65ljID0Sda5jDS94Ye6m7YG9RlX3o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 709cf4fbd808917d-FRA

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ 59 KB
15 KB 41ms
40ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 6563367
cdn-cachedat: 2021-08-03 12:25:09
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: fb8b2ff123f65e94b402be06f8453d6d
cf-ray: 709cf4fb9fac69a3-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 108ms
48ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5df9eee36a61ef8f89d39c04ff402ded30aa9c627b6ef2134f55fa0e8b537153

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 3510
etag: W/"a393ad4e03deeab316f7121a80708ce6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 709cf4fbfe489b3a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 14 May 2022 18:25:23 GMT

GET
H2 200 XRXI3I6Li01BKofiOc5wtlZ2di8HDOUhdTQ3jw.woff2
fonts.gstatic.com/s/nunito/v24/ 14 KB
14 KB 135ms
80ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v24/XRXI3I6Li01BKofiOc5wtlZ2di8HDOUhdTQ3jw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cardo|Nunito:300|Material+Icons&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce8a080dbc437f0cae1b9998edf6a56d57ab6817ef072f4dbde02e145e663043

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 09 May 2022 21:58:53 GMT
x-content-type-options: nosniff
age: 159990
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13836
x-xss-protection: 0
last-modified: Mon, 09 May 2022 19:23:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 May 2023 21:58:53 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v128/ 125 KB
125 KB 76ms
22ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v128/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cardo|Nunito:300|Material+Icons&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f082f7fa9332a6055b254e19c987cc6f3a37b5ece6a1920978aaaa785d3df60b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 04 May 2022 19:26:25 GMT
x-content-type-options: nosniff
age: 601138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127508
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:12:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 May 2023 19:26:25 GMT

GET
H2 200 wlp_gwjKBV1pqhv43IE.woff2
fonts.gstatic.com/s/cardo/v19/ 15 KB
15 KB 130ms
76ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cardo/v19/wlp_gwjKBV1pqhv43IE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cardo|Nunito:300|Material+Icons&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1346360729e77380edf8f17fa421b76452289ae1b5f4be290b19c4d204e9587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyber.nj.gov
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:33:55 GMT
x-content-type-options: nosniff
age: 510688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 17:05:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 May 2023 20:33:55 GMT

GET
H2 200 Qn0dlkOAQhO8adwRg2C0
cdn.buttercms.com/ 88 KB
89 KB 191ms
27ms Image
image/png 2600:9000:2156:1200:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/Qn0dlkOAQhO8adwRg2C0
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1200:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 39fc3cf190b011ab899a8f5d5ba9e2442dfebb1bcaf4c87289ca98c05cc29b63

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 09 May 2022 08:46:21 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
age: 442572
x-cache: Hit from cloudfront
content-disposition: inline; filename="icons-footer-5-21.png"
content-length: 89868
x-served-by: cache-iad-kiad7000176-IAD, cache-hhn4062-HHN
last-modified: Sat, 23 May 2020 14:41:30 GMT
x-file-name: icons-footer-5-21.png
x-timer: S1652085981.209687,VS0,VE1
etag: "741c6511ab9ffd6544063467cd0742eb"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-File-Name
cache-control: public, max-age=2678400
filestack-trace-id: 1649172303-SCLhV8yqTt
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: fkCDcSbywFr3YTVqqJQ-djVCOVfmHRPBhXILfN8dEujMSaVuE6WYPQ==
x-cache-hits: 1, 1

GET
H2 200 yPnhycftTNGAh5m2V6uD
cdn.buttercms.com/ 14 KB
15 KB 245ms
81ms Image
image/png 2600:9000:2156:1200:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/yPnhycftTNGAh5m2V6uD
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1200:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b8e8a5e125fc685f61004c304e204222ed9f66b50eb663d812ebfb5ec0142f98

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 06:48:55 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
age: 1904719
x-cache: Hit from cloudfront
content-disposition: inline; filename="3.png"
content-length: 14324
x-served-by: cache-iad-kjyo7100027-IAD, cache-fra19126-FRA
last-modified: Mon, 06 Apr 2020 19:56:24 GMT
x-file-name: 3.png
x-timer: S1650955736.626955,VS0,VE89
etag: "2440d61115634bdba11e5d627c94753d"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-File-Name
cache-control: public, max-age=2678400
filestack-trace-id: 1650388805-cD1048j4RG
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: xm_ay7MTQi5gFq5TIrNVwywIziqT4NOfJZr3PPzfdpBMSQeEQxTzrA==
x-cache-hits: 1, 0

GET
H2 200 Gy9nQewnQIOPbCe8DGPF
cdn.buttercms.com/ 6 KB
7 KB 240ms
76ms Image
image/png 2600:9000:2156:1200:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/Gy9nQewnQIOPbCe8DGPF
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1200:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 46b24625f14216fcbb72db91af1aec8cd72a69513dfa48d1cc8cd62c91435d1a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 08 May 2022 06:15:36 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
age: 1321368
x-cache: Hit from cloudfront
content-disposition: inline; filename="2.png"
content-length: 6114
x-served-by: cache-iad-kjyo7100094-IAD, cache-hhn4042-HHN
last-modified: Mon, 06 Apr 2020 19:56:33 GMT
x-file-name: 2.png
x-timer: S1651990536.268651,VS0,VE1
etag: "41c819e5f85b125ed5f42393f675082d"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-File-Name
cache-control: public, max-age=2678400
filestack-trace-id: 1650972155-6NR88enCQe
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: TOFeNeZlzN7fGEk4Pfs12FK9Dp8NRO63Z4gdDfN36GXgpWfephUaFA==
x-cache-hits: 0, 1

GET
H2 200 W6tvy9nIRsu45tiOUO89
cdn.buttercms.com/ 14 KB
15 KB 245ms
81ms Image
image/png 2600:9000:2156:1200:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/W6tvy9nIRsu45tiOUO89
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1200:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b31da6455e725fab3e9a95eeef26dd077d327824a00c28b797123096499c200d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 05:39:14 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
age: 2465170
x-cache: Hit from cloudfront
content-disposition: inline; filename="Cream & Gray Massage Logo (2).png"
content-length: 14313
x-served-by: cache-iad-kiad7000033-IAD, cache-fra19158-FRA
last-modified: Fri, 25 Sep 2020 14:45:26 GMT
x-file-name: Cream & Gray Massage Logo (2).png
x-timer: S1649828354.189853,VS0,VE435
etag: "d7c9f28e093031db7e9106bd83ef8ff8"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-File-Name
cache-control: public, max-age=2678400
filestack-trace-id: 1649828354-r6tkxv0hQd
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: ALIXc-kcIUlxoJlyiSZkk7Trg2KkuWh5Wh9JlQLsx4ynx1eypb17fQ==
x-cache-hits: 0, 0

GET
H2 200 QSZCMoTS5OvR8soCNfWP
cdn.buttercms.com/ 11 KB
12 KB 232ms
69ms Image
image/png 2600:9000:2156:1200:17:108e:3bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.buttercms.com/QSZCMoTS5OvR8soCNfWP
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1200:17:108e:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e800bcd0513a356d83750467536b76b377e1a3620c69a0f32b25355c8959dd50

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 06:48:55 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
age: 1892768
x-cache: Hit from cloudfront
content-disposition: inline; filename="Cream & Gray Massage Logo (1).png"
content-length: 11666
x-served-by: cache-iad-kiad7000134-IAD, cache-hhn4070-HHN
last-modified: Fri, 25 Sep 2020 14:16:14 GMT
x-file-name: Cream & Gray Massage Logo (1).png
x-timer: S1650955736.592275,VS0,VE94
etag: "e595313d4e0e164cec67b83a0786161e"
access-control-max-age: 21600
access-control-allow-methods: DELETE, GET, HEAD, POST, PUT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-File-Name
cache-control: public, max-age=2678400
filestack-trace-id: 1650400756-D8RaYmFUSx
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: Content-Type, X-No-Stream
x-amz-cf-id: veHB3IvQTNQDnossJjvgXUd1DXtMjTRKyrI_cjvnRnwZfsDxIdp8XQ==
x-cache-hits: 1, 0

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 87ms
53ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151513
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7512bf3b9ec62642bc0800d0ca3c5b8b37a1384814cc7a29d31f6823740fd403

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 3278
etag: W/"0e269028feac530d16f00d8dad8ece74"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 709cf4fc8f2f5c02-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 14 May 2022 18:25:23 GMT

GET
H2 200 logo-e2523476d5c388367cf15d2e17790e83.png
www.cyber.nj.gov/static/ 130 KB
130 KB 26ms
26ms Image
image/png 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyber.nj.gov/static/logo-e2523476d5c388367cf15d2e17790e83.png

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

de988cf3b2597025a198470b1f9982215468dab475c2ca81c7d1119793980d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
x-cdn: Imperva
etag: "1be1d72c07bdb113d39a76bc75002b9a-ssl"
strict-transport-security: max-age=300
content-type: image/png
x-iinfo: 14-132606608-0 0CNN RT(1652293520751 2727) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=604800, public
content-length: 132694
expires: Wed, 18 May 2022 18:25:23 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 759ms
25ms Script
application/javascript 104.84.56.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/fa4afcbab4d24ae7f41b38f7bef43479c401fc53-1090f05d5008b829fbe8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-84-56-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Wed, 11 May 2022 18:25:24 GMT
x-host: s7.addthis.com
content-length: 116419

GET
H2 200 chatbot.js Show response
www.cyber.nj.gov/ 500 B
708 B 204ms
204ms Script
application/javascript 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/chatbot.js

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/fa4afcbab4d24ae7f41b38f7bef43479c401fc53-1090f05d5008b829fbe8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Netlify /

Resource Hash

99b054bbf28ebb11f60fba7fa59854d940564492598afdb0c28c7e9110580e51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-nf-request-id: 01G2T5WPFAAD2KC49A014AE3C3
date: Wed, 11 May 2022 18:25:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
age: 1
x-iinfo: 14-132606608-132601348 2NYN RT(1652293520751 2734) q(0 0 0 -1) r(2 2) U2
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: SAMEORIGIN
etag: "dfc84510e04a0b34ae6f03c9c71ed19d-ssl"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 73ms
22ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162455942-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 375
date: Wed, 11 May 2022 18:19:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 11 May 2022 20:19:09 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/23af6411-8a6f-4af5-a856-8b5df1d67303/ 5 KB
2 KB 189ms
182ms Script
text/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/23af6411-8a6f-4af5-a856-8b5df1d67303/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151513

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9e02ecf445c2369ad3642055016d5435783c0160f12e641e039684ea2cf4331

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-permitted-cross-domain-policies: none
status: 200 OK
x-envoy-upstream-service-time: 41
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 55bdb665-a4ee-4ccb-98dc-5c58493f0c29
x-runtime: 0.037074
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"e9e02ecf445c2369ad3642055016d543"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 709cf4fd49899b3a-FRA
access-control-allow-headers: SDK-Version
expires: Wed, 11 May 2022 19:25:24 GMT

POST
H2 200 t-you-stance-Exeunt-had-Hous-Foolength-Cast-be-s Show response
www.cyber.nj.gov/ 584 B
729 B 59ms
59ms Fetch
application/json 45.60.124.188
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyber.nj.gov/t-you-stance-Exeunt-had-Hous-Foolength-Cast-be-s?d=www.cyber.nj.gov

Requested by

Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/t-you-stance-Exeunt-had-Hous-Foolength-Cast-be-s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.124.188 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

connector /

Resource Hash

f632b584590f43c24445b4efbceb9074df2d8b3a265d71e151d9e048c4eb5b77

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept: application/json; charset=utf-8
Referer: https://www.cyber.nj.gov/threat-center/threat-profiles/macos-malware-variants/shlayer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain; charset=utf-8

Response headers

date: Wed, 11 May 2022 18:25:23 GMT
content-encoding: gzip
server: connector
strict-transport-security: max-age=300
content-type: application/json
access-control-allow-origin: *
x-iinfo: 14-132606608-132607056 PNYN RT(1652293520751 2952) q(0 0 0 -1) r(0 0) U6
cache-control: no-cache, no-store
server-timing: bon, total;dur=35.946425999999995
x-cdn: Imperva

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 74ms
29ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1815068582&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyber.nj.gov%2Fthreat-center%2Fthreat-profiles%2Fmacos-malware-variants%2Fshlayer&ul=en-us&de=UTF-8&dt=NJCCIC%20Threat%20Profile%20Shlayer&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1293002415&gjid=1820154266&cid=1271974131.1652293524&tid=UA-162455942-1&_gid=1955680758.1652293524&_r=1&gtm=2ou590&z=550002062

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 May 2022 18:25:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyber.nj.gov
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader.js Show response
app.artibot.ai/ 10 KB
4 KB 134ms
25ms Script
application/javascript 18.66.248.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.artibot.ai/loader.js
Requested by: Host: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/chatbot.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-44.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b225ca7cc57ff95b76c8f8326e162088279cf92efd85e01b49f2fa38f07a40b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 12 Oct 2021 19:43:28 GMT
server: AmazonS3
age: 1835
etag: W/"bc87ff61d54f4865c2982a891c9a20af"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 a6848167f38570c4e775e8ba04d1f1d0.cloudfront.net (CloudFront)
cache-control: public, max-age=14400
date: Wed, 11 May 2022 17:54:50 GMT
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: C7FQ2VGFOME0WiSPLgyvzopY6trPlAmuXxnE2CdGzLc729lV5EpxnQ==

GET
H2 200 version Show response
api.artibot.ai/api/bots/021304d7-ea6f-4035-bec0-698b42ca0a81/ 90 B
203 B 428ms
115ms XHR
application/json 52.70.23.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.artibot.ai/api/bots/021304d7-ea6f-4035-bec0-698b42ca0a81/version
Requested by: Host: app.artibot.ai
URL: https://app.artibot.ai/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.70.23.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-70-23-21.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 2cd338f6b86d12683f8da909a4c8e1434f6ff076bf3119fa2286ab1acd51251e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 11 May 2022 18:25:24 GMT
server: Kestrel
content-type: application/json; charset=utf-8

GET
H2 200 _ArtiBotLauncherCB_Manifest Show response
prod.artibotcdn.com/manifest/ 1 KB
1 KB 117ms
50ms Script
application/javascript 2606:4700:3030::6815:2c6a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.artibotcdn.com/manifest/_ArtiBotLauncherCB_Manifest?_=_
Requested by: Host: app.artibot.ai
URL: https://app.artibot.ai/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2c6a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74b58f0c2210bc088265af6bd50ee19d47622066825ace6e307b873b5cfc644f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:24 GMT
via: 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 139
cf-ray: 709cf501ef629b31-FRA
x-cache: Hit from cloudfront
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 12 Oct 2021 19:43:29 GMT
server: cloudflare
etag: W/"30f5a5230e5fa350c423fcf8a1ef11f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Mnk2we9tjicYEITWfJ%2BTHVWFrXSTiuQTo%2FClPHY7zaA%2BYnJvCM7iXxpcCq1g6GrTDh8%2F3GS0uHhI9eS46ZR5BA%2FBlhdjeGXQ7yh5rcMjikJnH3oXOLuBDOHZiFIQRqhi9uyg3xcJp7Ts8syVQMHWSRu"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: null
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 0f4p1OQgaYXU30klaCpGpZuyEJ7oFchxnNVYetZyvciEnB22To64zg==

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 129ms
42ms Script
application/x-javascript 104.102.30.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.30.13 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-30-13.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:24 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 45EED864711A619E
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=53357
accept-ranges: bytes
content-length: 948
x-amz-id-2: 6A9pVmW8y8aTdybVpxpT5jqSXDHjLXIW1mfSZXu3pRcgpvl2LsGORCbBv0W7aRgfRtAV1dZmxOQ=

GET
H3 200 launcher.4514.js Show response
prod.artibotcdn.com/ 289 KB
87 KB 91ms
46ms Script
application/javascript 2606:4700:3030::6815:2c6a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.artibotcdn.com/launcher.4514.js
Requested by: Host: app.artibot.ai
URL: https://app.artibot.ai/loader.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2c6a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c089bd2b92f926c1552627e8827f78598bb797deeef2a0daa202fe4ccd0a8a9a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:24 GMT
via: 1.1 f4137273db9ae377298b8f8daf5b93f0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9199237
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 12 Oct 2021 19:43:23 GMT
server: cloudflare
etag: W/"7deaa8108362bbdd03720d8b30e9dc39"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUwR0Bpgx6%2B9ZO5Z%2BbAWfbZRuf01stUpaoGS1ytBzWnouLyk0JBabm6eppI6sq4rn7Glo2qAAwHhawRvm67yMMGqjXwTVLJMEtreDlunuq7DH8Q%2Fb57beNqaCGCgT1YwpSUzMIRxhpNCXJvITLo3GYpR"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA56-P2
cf-ray: 709cf50289d49bdd-FRA
x-amz-cf-id: ZS4HYv842112qH6fiNH0EU7F5l3OGakE42zdD4EeMCAxkX3BgWeBqg==

GET
H/1.1 200
OK settings Show response
api-cdn.prod-aws.artibot.ai/api/bots/021304d7-ea6f-4035-bec0-698b42ca0a81/ 623 B
1 KB 138ms
25ms XHR
application/json 2600:9000:2315:4000:a:e02a:3080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-cdn.prod-aws.artibot.ai/api/bots/021304d7-ea6f-4035-bec0-698b42ca0a81/settings?settingsVersion=26&botVersionId=7a6c326a-a628-4c78-b408-36d3bfc6f231
Requested by: Host: prod.artibotcdn.com
URL: https://prod.artibotcdn.com/launcher.4514.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:4000:a:e02a:3080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 90ef887d3809abe6982921b63a5f08a02e13664291207fc0404a080a45b6115a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 07:45:52 GMT
Via: 1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
Connection: keep-alive
Server: Kestrel
Age: 14553573
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=2147483647
X-Amz-Cf-Pop: DUS51-P2
X-Amz-Cf-Id: q61RIHF9sCq7Uh7XAwpQPAsl-nJwXjztCA9ZCfYO4e-I0Lrt5DPBnw==

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5e263a6ccdf8622d/ 1 KB
911 B 211ms
189ms Script
application/javascript 104.84.56.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5e263a6ccdf8622d/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.84.56.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-84-56-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ba804fd763c5bb7b453d45e8fe61afa5f2c8ee4bd0828dc4e50c8f86aaf07826

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:25:25 GMT
content-encoding: gzip
etag: 128670746--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 736

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 90 B
250 B 379ms
159ms Script
application/javascript 104.84.56.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=627bff9476e680f6&bkl=0&bl=1&pdt=2576&sid=627bff9476e680f6&pub=ra-5e263a6ccdf8622d&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.cyber.nj.gov&fp=threat-center%2Fthreat-profiles%2Fmacos-malware-variants%2Fshlayer&fr=threat-center%2Fthreat-profiles%2Fmacos-malware-variants%2Fshlayer&of=1&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=2&gen=100&chr=UTF-8&colc=1652293525039&jsl=1&skipb=1&callback=addthis.cbs.jsonp__335135859734960960
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.84.56.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-84-56-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 351f90db6ab24e81efee2ae18d4a0e2c7f58659df3e74c7f380379206d7bcaa9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 May 2022 18:25:25 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 90
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame F51F 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 4AF6 71 KB
26 KB 37ms
35ms Document
text/html 104.84.56.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-84-56-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Wed, 11 May 2022 18:25:25 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H/1.1 200
OK botImage
s3.amazonaws.com/artibot-account-files-prod/ed/ed970824-bdf0-4739-9bde-cec1af330a41/021304d7-ea6f-4035-bec0-698b42ca0a81/ 23 KB
23 KB 488ms
138ms Image
image/png 52.216.25.190
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/artibot-account-files-prod/ed/ed970824-bdf0-4739-9bde-cec1af330a41/021304d7-ea6f-4035-bec0-698b42ca0a81/botImage?v=637344160031844726
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.25.190 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 9bad9ac5e80d98acbb10f67395739bcfcf9141b1e23c4549f68f04e6358c8d27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Wed, 11 May 2022 18:25:26 GMT
Last-Modified: Sun, 30 Aug 2020 20:26:44 GMT
Server: AmazonS3
x-amz-request-id: QE4Y2J45MPYTC9J7
ETag: "2cf68ca7d0143e0cc480accf3541ebe1"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 23490
x-amz-id-2: DQghJYtWelmbV7fC6rR9n4NZEcJcmDNLfnKjb1XEUosZAsMKo9Jef42NMo64zBmw+aieMV7k0Hs=

GET
H2 200 custom-messages.5799ddf75a30812a3d49.js Show response
s7.addthis.com/static/ 114 KB
28 KB 26ms
26ms Script
application/javascript 104.84.56.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/custom-messages.5799ddf75a30812a3d49.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-84-56-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6e91e73fa61993cea2208718d670f5ed1161039b2c7c9fe38e21cdbd5d5ab181

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-1c9fc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Wed, 11 May 2022 18:25:25 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 28519

GET
H2 204 300vi.png
m.addthis.com/live/red_lojson/ 0
110 B 129ms
129ms Image
text/plain 104.84.56.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.addthis.com/live/red_lojson/300vi.png?cad=shba%3Duim1&positions=uim1%3Dbottom&goals=uim1%3Dshare&first=1&rv=0&uvs=627bff94b18e1aa2&pub=ra-5e263a6ccdf8622d&dp=www.cyber.nj.gov&rev=v8.28.8-wp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.84.56.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-84-56-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 May 2022 18:25:25 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 11 May 2022 18:25:25 GMT

GET
DATA 200
OK truncated
/ 98 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02a3d2b1c51fa7c978d0ceeabb1253da4b02194d2f4e3c83ce840aa26306b242

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.cyber.nj.gov
URL: https://www.cyber.nj.gov/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A1%2Cc%3A24%2Cr%3A962)

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cyber.nj.gov/	1970-01-20 11:42:38	Name: visid_incap_1613844 Value: XgKgbSfHQrOLiZrJoQihIJD/e2IAAAAAQUIPAAAAAAAdL6lq4LVj4m9s/AopVmao
.cyber.nj.gov/	1969-12-31 23:59:59	Name: incap_ses_876_1613844 Value: RGY9VSlZ1Th2j7eN9S0oDJD/e2IAAAAATppyS24YmZUXM7DhmqDZoA==
.cyber.nj.gov/	1969-12-31 23:59:59	Name: nlbi_1613844 Value: jGZeOh7OhCv4BK6aAZ7VgwAAAAAzmP640I5dFWxqXfVYx3e7
.nj.gov/	1970-01-20 20:29:25	Name: _ga Value: GA1.2.1271974131.1652293524
.nj.gov/	1970-01-20 02:59:39	Name: _gid Value: GA1.2.1955680758.1652293524
.nj.gov/	1970-01-20 02:58:13	Name: _gat_gtag_UA_162455942_1 Value: 1
.cyber.nj.gov/	1969-12-31 23:59:59	Name: nlbi_1613844_2147483392 Value: CbHMXAX1Hk8/5MacAZ7VgwAAAADwmfRhvUZwQR2aXjJB+nIp
.www.cyber.nj.gov/	1970-01-20 03:41:25	Name: reese84 Value: 3:RC1K11fzBOrcECXzvdKNXw==:jLGshE0HtQXhdlY3Nb1nqU7uIc//qO+xS2VCYnPULB+zTOQaOf7VSO9psl+SyQ+dedldJx+1ICOhiRGjUVQ4INPU9aYuhyyP3JVnU/IBzXdxEaVR1cjuOAATNvpZYzLtGAN6OoF1rFJTBtFCnryQGtnxyu2oo4CHlnZlHd42ubORfqjDDtEvq2auE6vzPj7rDWpKErKD7OfJ0Wq/5dA1XeaVOxSZLh3+sV9pfKAlpAj3r5qYtLAL3Ox5x9oaUHs4QvlDwBHwQq8XRDCfK5qT5961zZeC5jo1CyvcjKBzVdmtEZGJAYUS8OHr39R65RkX+GAaCBqFebcWE/C/0Xryg4d0FLNWZtasXU6kYuWMKZPkPbHmAG7U5ESz9SMbUbOw1AzsI46qZMoQ7jfmz8I2FAoolUPvlc3pJgT1vWHv6qxc1S0UnGYuz/R8Yco/coJU:W/J2NOQ3Ez0svn06P7zExDidSdMykAO5C3xM/43o8BI=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-cdn.prod-aws.artibot.ai
api.artibot.ai
app.artibot.ai
cdn.buttercms.com
cdn.jsdelivr.net
cdn.onesignal.com
cdn.polyfill.io
code.jquery.com
d33wubrfki0l68.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
m.addthis.com
onesignal.com
prod.artibotcdn.com
s3.amazonaws.com
s7.addthis.com
stackpath.bootstrapcdn.com
v1.addthisedge.com
www.cyber.nj.gov
www.google-analytics.com
www.googletagmanager.com
z.moatads.com
s7.addthis.com
www.cyber.nj.gov
104.102.30.13
104.84.56.126
13.225.84.188
18.66.248.44
2001:4de0:ac18::1:a:2b
2600:9000:2156:1200:17:108e:3bc0:93a1
2600:9000:2315:4000:a:e02a:3080:93a1
2606:4700:3030::6815:2c6a
2606:4700::6810:5814
2606:4700::6812:bcf
2606:4700::6812:e234
2a00:1450:4001:800::200a
2a00:1450:4001:810::2008
2a00:1450:4001:828::200e
2a00:1450:4001:830::2003
2a04:4e42::282
45.60.124.188
52.216.25.190
52.70.23.21
022278202b62f09d48ced661ad9d8116bf0bb72aecf1d4c06fc15377e8d99334
02a3d2b1c51fa7c978d0ceeabb1253da4b02194d2f4e3c83ce840aa26306b242
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
062d2222576487a2a585cfea3426a5a9eb03dc9d5d28637775d757f3271a659c
0f2d9f26db04d9e82f294b4ced09fe36acd5a2dc365b6d95a06ca67e922e384b
0fae8b03858a764bad3e9af19bfc924ead5b9e25c760432c19e91cba3dff1cf3
1b225ca7cc57ff95b76c8f8326e162088279cf92efd85e01b49f2fa38f07a40b
1de9fea0feaebe97b8af082654c3b239388511327ab4bc3cbeb952dfd9437ef4
288fc7e36404204d7bdef33d189cc4b0c18a195f871e2b250b4f69cd1c9f5289
2cd338f6b86d12683f8da909a4c8e1434f6ff076bf3119fa2286ab1acd51251e
351f90db6ab24e81efee2ae18d4a0e2c7f58659df3e74c7f380379206d7bcaa9
37c9702e946cb9673c5424b1da3d78fd20f27fdf89f0194766355f3ec2d71d77
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
39fc3cf190b011ab899a8f5d5ba9e2442dfebb1bcaf4c87289ca98c05cc29b63
46b24625f14216fcbb72db91af1aec8cd72a69513dfa48d1cc8cd62c91435d1a
4e3bd35e4925399540d7d86a8880282f46c0666c62dbf4bff302cf86495721b7
50ec3038d8a8e5c59f60979b4b218a1a9bf1fd7c46429d0e8df8f96009982f2f
5432e4b7d5acc559d6df52a02c04cb177f3f2bd8769a2c0cc7fe79e3efa93378
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
5df9eee36a61ef8f89d39c04ff402ded30aa9c627b6ef2134f55fa0e8b537153
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e91e73fa61993cea2208718d670f5ed1161039b2c7c9fe38e21cdbd5d5ab181
73ad8cc845fe98247d0ae46b7af630051c5c274299e70bf9b01a0f61a93c65ba
74b58f0c2210bc088265af6bd50ee19d47622066825ace6e307b873b5cfc644f
7512bf3b9ec62642bc0800d0ca3c5b8b37a1384814cc7a29d31f6823740fd403
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7e65dbfe9d4a74d7e58760df80340d5ff3a61a21436ccace7e207a4bd2c2caaf
8c93c91a88cce024ff3ee16ff346aa8b4bbb401504162634dab00df69ca9af57
90ef887d3809abe6982921b63a5f08a02e13664291207fc0404a080a45b6115a
96b4cc2dc76f0aa76635630e828da4d599b7e6a75d395b575849ed15f81b3926
99b054bbf28ebb11f60fba7fa59854d940564492598afdb0c28c7e9110580e51
9bad9ac5e80d98acbb10f67395739bcfcf9141b1e23c4549f68f04e6358c8d27
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a47833054581de59110ced74ba3d12489abe41c6ea760d865ba44d51bbf72c73
a6ea5009d0ef07479970cc3bf6e6012d876d3f35bd8b5102f801c0d4ca826b71
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b31da6455e725fab3e9a95eeef26dd077d327824a00c28b797123096499c200d
b8e8a5e125fc685f61004c304e204222ed9f66b50eb663d812ebfb5ec0142f98
ba804fd763c5bb7b453d45e8fe61afa5f2c8ee4bd0828dc4e50c8f86aaf07826
c089bd2b92f926c1552627e8827f78598bb797deeef2a0daa202fe4ccd0a8a9a
ce8a080dbc437f0cae1b9998edf6a56d57ab6817ef072f4dbde02e145e663043
d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
de988cf3b2597025a198470b1f9982215468dab475c2ca81c7d1119793980d2e
e229b742f755cafd89dc64dd8181cfe82bc0e03025b4231f45277e5a4571a12d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
e800bcd0513a356d83750467536b76b377e1a3620c69a0f32b25355c8959dd50
e9e02ecf445c2369ad3642055016d5435783c0160f12e641e039684ea2cf4331
f082f7fa9332a6055b254e19c987cc6f3a37b5ece6a1920978aaaa785d3df60b
f1346360729e77380edf8f17fa421b76452289ae1b5f4be290b19c4d204e9587
f632b584590f43c24445b4efbceb9074df2d8b3a265d71e151d9e048c4eb5b77
faea0aeb25941f56ca022dd371aa689c52a0049a3593b64c12aa519bdb19f02e
fc15c8cc0362c2bdfff31836712656a9380e29015482afbe5fa5a16bf516b56d
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f

www.cyber.nj.gov Open in urlscan Pro 45.60.124.188 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

62 Requests

97 %HTTPS

63 %IPv6

18 Domains

22 Subdomains

20 IPs

4 Countries

1346 kBTransfer

3306 kBSize

8 Cookies

13 Outgoing links

Page URL History

Redirected requests

62 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.cyber.nj.gov Open in urlscan Pro
45.60.124.188 Public Scan

Screenshot
Live screenshot

Full Image

62
Requests

97 %
HTTPS

63 %
IPv6

18
Domains

22
Subdomains

20
IPs

4
Countries

1346 kB
Transfer

3306 kB
Size

8
Cookies

62 HTTP transactions
1 data transactions