blog.checkpoint.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asia...
Submission: On May 05 via api (May 5th 2023, 2:11:09 am UTC) from TR — Scanned from DE

Summary HTTP 54 Redirects Links 144 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 54 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.checkpoint.com.
TLS certificate: Issued by R3 on March 10th 2023. Valid for: 3 months.

This is the only time blog.checkpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
8	2600:9000:225... 2600:9000:225e:7200:13:1d23:bc80:93a1	16509 (AMAZON-02) (AMAZON-02)
3	23.56.207.93 23.56.207.93	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6812:d63b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
54	9

32 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.checkpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:225e:7200:13:1d23:bc80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.checkpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.56.207.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-207-93.deploy.static.akamaitechnologies.com

sc1.checkpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:d63b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	checkpoint.com blog.checkpoint.com www.checkpoint.com — Cisco Umbrella Rank: 200034 sc1.checkpoint.com — Cisco Umbrella Rank: 31832	695 KB
6	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 3525 onesignal.com — Cisco Umbrella Rank: 1305 img.onesignal.com — Cisco Umbrella Rank: 7750	104 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 708	144 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	107 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 793	11 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	975 B
54	6

	Domain	Requested by
32	blog.checkpoint.com	blog.checkpoint.com
8	www.checkpoint.com	blog.checkpoint.com sc1.checkpoint.com
3	onesignal.com	cdn.onesignal.com
3	sc1.checkpoint.com	blog.checkpoint.com sc1.checkpoint.com
2	cdn.onesignal.com	blog.checkpoint.com cdn.onesignal.com
2	code.jquery.com	blog.checkpoint.com
1	img.onesignal.com	blog.checkpoint.com
1	www.googletagmanager.com	blog.checkpoint.com
1	maxcdn.bootstrapcdn.com	blog.checkpoint.com
1	fonts.googleapis.com	blog.checkpoint.com
54	10

This site contains links to these domains. Also see Links.

Domain
www.checkpoint.com
supportcenter.checkpoint.com
usercenter.checkpoint.com
www.checkpoint.com.cn
help.checkpoint.com
training-certifications.checkpoint.com
cyberpark.checkpoint.com
business.fiverr.com
partnerlocator.checkpoint.com
catalog.checkpoint.com
resources.checkpoint.com
research.checkpoint.com
www.cybertalk.org
community.checkpoint.com
www.facebook.com
twitter.com
www.linkedin.com
www.reddit.com
www.youtube.com

Subject Issuer	Validity	Valid
blog.checkpoint.com R3	`2023-03-10` - `2023-06-08`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.checkpoint.com GlobalSign GCC R3 DV TLS CA 2020	`2022-10-25` - `2023-11-26`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
Frame ID: 8970FD44609BEEF1D49BEB714C4165F7
Requests: 57 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FluHorse – Check Point Research Exposes Newly Discovered Malware Disguised as Legitimate and Popular Android Apps Targeting East Asia - Check Point Blog

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

54
Requests

100 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1148 kB
Transfer

3979 kB
Size

3
Cookies

144 Outgoing links

These are links going to different origins than the main page.

URL: https://www.checkpoint.com/demos/
Title: Free Demo!

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/about-us/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://supportcenter.checkpoint.com/
Title: Support Center

Search URL Search Domain Scan URL

URL: https://usercenter.checkpoint.com/usercenter/index.jsp
Title: Sign In

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/threatcloud-incident-response/

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/
Title: English (English)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/es/
Title: Spanish (Español)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/fr/
Title: French (Français)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/de/
Title: German (Deutsch)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/it/
Title: Italian (Italiano)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/pt/
Title: Portuguese (Português)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/ru/
Title: Russian (Русский)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/jp/
Title: Japanese (日本語)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com.cn/
Title: Chinese (中文)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cz/
Title: Czech (čeština)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/id/
Title: Indonesian (Bahasa Indonesia)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/kr/
Title: Korean (한국어)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/nl/
Title: Dutch (Nederlands)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/pl/
Title: Polish (Polszczyzna)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/tr/
Title: Turkish (Türkçe)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/tw/
Title: Taiwan (繁體中文)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/vi/
Title: Vietnamese (Tiếng Việt)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/
Title: QUANTUM

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/maestro-hyperscale-network-security/
Title: Quantum Maestro

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/next-generation-firewall/lightspeed/
Title: Quantum Lightspeed

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/next-generation-firewall/
Title: Quantum Security Gateway

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/sd-wan/
Title: Quantum SD-WAN

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/next-generation-firewall/small-business-security/
Title: Quantum Spark

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/iot-protect/
Title: Quantum IoT Protect

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/remote-access-vpn/
Title: Quantum VPN

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/unified-cyber-security-platform/smart-1-appliances/
Title: Quantum Smart-1

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/unified-cyber-security-platform/smart-1-cloud/
Title: Quantum Smart-1 Cloud

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/unified-cyber-security-platform/
Title: Quantum Cyber Security Platform

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/
Title: CLOUDGUARD

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cloud-network-security/
Title: CloudGuard Network

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cloud-network-security/iaas-private-cloud-security/
Title: CloudGuard Private Cloud

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cloud-network-security/iaas-public-cloud-security/
Title: CloudGuard Public Cloud

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cnapp/
Title: CloudGuard CNAPP

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cloud-security-posture-management/
Title: CloudGuard Posture Management

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/workload-protection/
Title: CloudGuard Workload

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/appsec/
Title: CloudGuard AppSec

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cloud-intelligence-threat-hunting/
Title: CloudGuard Intelligence

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/developer-security/
Title: CloudGuard Spectral

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/
Title: HARMONY

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/advanced-endpoint-protection/
Title: Harmony Endpoint

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/connect-sase/
Title: Harmony Connect (SASE)

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/browse/
Title: Harmony Browse

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/email-security/email-office/
Title: Harmony Email & Collaboration

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/mobile-security/mobile/
Title: Harmony Mobile

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/horizon/
Title: HORIZON

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/horizon/mdr-mpr/
Title: Horizon MDR/MPR

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/horizon/xdr-xpr/
Title: Horizon XDR/XPR

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/horizon/events/
Title: Horizon Events

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/infinity/threatcloud/
Title: ThreatCloud

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/infinity/portal/
Title: Infinity Portal

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/products/
Title: View All Products A-Z >

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/infinity/?utm_source=cp-home&utm_medium=cp-website&utm_campaign=infinity_ela_menu_banner&utm_content=megamenu
Title: DISCOVER

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cloud-security-solutions/
Title: Cloud Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cloud-migration-security/
Title: Cloud Migration Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/cloud-network-security/public-cloud-compliance-governance/
Title: Compliance in the Cloud

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/threat-hunting/
Title: Cloud Threat Hunting

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/devsecops/
Title: Developer Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/amazon-aws-security/
Title: AWS Cloud

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/microsoft-azure-security/
Title: Azure Cloud

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cloudguard/google-cloud-platform-security/
Title: Google Cloud

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/quantum/network-security-solutions/
Title: Network Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/data-center-security/
Title: Hybrid Data Center

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/sd-wan-security/
Title: SD-WAN Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/zero-trust-security/
Title: Zero Trust Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/iot-security/
Title: IoT Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/endpoint-security/
Title: Endpoint Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/mobile-security/
Title: Mobile Security

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/anti-ransomware/
Title: Anti-Ransomware

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/harmony/anti-phishing/
Title: Anti-Phishing

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/security-operations/
Title: Security Operations

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/infinity/zero-day-protection/
Title: Zero-Day Protection

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/industry/
Title: Industry

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/industry/retail/
Title: Retail

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/industry/financial-services/
Title: Financial Services

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/industry/government-federal-security/
Title: Government

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/industry/healthcare/
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/industry/industrial-control-systems/
Title: Industrial Control Systems ICS & SCADA

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/industry/service-provider/
Title: Telco / Service Provider

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/industry/education/
Title: Education

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/enterprise-network-security/
Title: Large Enterprise

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/small-medium-business/
Title: Small & Medium Business

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/consumer-small-business/
Title: Consumer & Small Business

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/solutions/
Title: Solutions Overview >

Search URL Search Domain Scan URL

URL: https://help.checkpoint.com/s/
Title: Create/View Service Request

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/contact-support/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/pro/
Title: Check Point Pro

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/support-plans/
Title: Support Programs

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/support-life-cycle-policy/
Title: Life Cycle Policy

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/software-license-agreement-limited-hardware-warranty/
Title: License Agreement & Warranty

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/rma-return-process/
Title: RMA Policy

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/mind/
Title: Mind

Search URL Search Domain Scan URL

URL: https://training-certifications.checkpoint.com/#/
Title: Training & Certification

Search URL Search Domain Scan URL

URL: https://cyberpark.checkpoint.com/
Title: Cyber Park

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/secureacademy/
Title: Secure Academy

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/mind/smartawareness/
Title: SmartAwareness

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/elearning/
Title: eLearning

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/clc/
Title: Redeem CLC Credits

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/services/infinity-global/
Title: Infinity Global Services

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/professional-services/
Title: Professional Services

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/professional-services/account-management/
Title: Account Management

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/lifecycle-management/
Title: Lifecycle Management Services

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/support-services/security-consulting/
Title: Security Consulting

Search URL Search Domain Scan URL

URL: https://business.fiverr.com/certified/partners/checkpoint?utm_source=fiverr_certified&utm_medium=checkpoint&utm_campaign=checkpoint_website
Title: Find a Freelance Certified Consultant

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/training/hackingpoint/
Title: VIEW COURSES

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/partners/
Title: Channel Partners

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/partners/channel/
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/partners/mssp-program/
Title: MSSP Partner Program

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/partners/global-systems-integrators/
Title: Global Systems Integrators

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/partners/smb/
Title: SMB Partners

Search URL Search Domain Scan URL

URL: https://partnerlocator.checkpoint.com/#/
Title: Find a Partner

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/technology-partners/
Title: Technology Partners

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/technology-partners/featured/
Title: Featured Technology Partners

Search URL Search Domain Scan URL

URL: https://catalog.checkpoint.com/
Title: Product Catalog

Search URL Search Domain Scan URL

URL: https://usercenter.checkpoint.com/usercenter/portal/media-type/html/role/usercenterUser/page/default.psml/js_pane/PricingToolsId,RenewalToolApp
Title: Renewal Tool

Search URL Search Domain Scan URL

URL: https://usercenter.checkpoint.com/usercenter/portal/media-type/html/role/usercenterUser/page/default.psml/js_pane/PartnerInfoId%2CPartnerDashboard#/overview
Title: Partner Dashboard

Search URL Search Domain Scan URL

URL: https://usercenter.checkpoint.com/usercenter/portal/media-type/html/role/usercenterUser/page/default.psml/js_pane/SalesEnabelrsId?pageUrl=/p/campaign-central/
Title: Campaign Central

Search URL Search Domain Scan URL

URL: https://usercenter.checkpoint.com/usercenter/portal/media-type/html/role/usercenterUser/page/default.psml/js_pane/SalesEnabelrsId?pageUrl=/p/campaign-central/pre-packaged-agency-campaigns/
Title: Campaign Marketplace

Search URL Search Domain Scan URL

URL: https://resources.checkpoint.com/
Title: Content Resource Center

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/trials/
Title: Product Trials

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/customer-stories/
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/events/
Title: Events

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/webinars/
Title: Webinars

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/videos/
Title: Videos

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/cyber-hub/
Title: Cyber Hub

Search URL Search Domain Scan URL

URL: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doShowprelanding&all
Title: Downloads & Documentation

Search URL Search Domain Scan URL

URL: https://usercenter.checkpoint.com/usercenter/portal/media-type/html/role/usercenterUser/page/default.psml/js_pane/PricingToolsId,supportQuoteToolId
Title: Renewal Pricing Tool

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/
Title: Check Point Research

Search URL Search Domain Scan URL

URL: https://www.cybertalk.org/
Title: Cyber Talk for Executives

Search URL Search Domain Scan URL

URL: https://community.checkpoint.com/
Title: CheckMates Community

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fblog.checkpoint.com%2Fsecurity%2Ffluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fblog.checkpoint.com%2Fsecurity%2Ffluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps%2F&text=FluHorse%20%E2%80%93%20Check%20Point%20Research%20Exposes%20Newly%20Discovered%20Malware%20Disguised%20as%20Legitimate%20and%20Popular%20Android%20Apps%20Targeting%20East%20Asia

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fblog.checkpoint.com%2Fsecurity%2Ffluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps%2F

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fblog.checkpoint.com%2Fsecurity%2Ffluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps%2F

Search URL Search Domain Scan URL

URL: https://www.facebook.com/checkpointsoftware

Search URL Search Domain Scan URL

URL: https://twitter.com/checkpointsw

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/check-point-software-technologies

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/CPGlobal

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/copyright/
Title: Copyright

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

54 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/ 141 KB
25 KB 238ms
192ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

184e6b01b8556a70f898442a08141f51e46013f83edc62c52a586fad30e95181

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c257356ae825cb0-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 05 May 2023 02:11:03 GMT
link: <https://blog.checkpoint.com/?p=244220>; rel=shortlink
server: cloudflare
strict-transport-security: max-age=63072000
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 30
x-cache-group: normal
x-cacheable: SHORT
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine

GET
H2 200 style.min.css
blog.checkpoint.com/wp-includes/css/dist/block-library/ 95 KB
13 KB 36ms
33ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 04 Apr 2023 16:08:57 GMT
server: cloudflare
age: 1036901
etag: W/"642c4b99-17ced"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d80f5cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 classic-themes.min.css
blog.checkpoint.com/wp-includes/css/ 291 B
314 B 31ms
28ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-includes/css/classic-themes.min.css?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 04 Apr 2023 16:08:57 GMT
server: cloudflare
age: 447705
etag: W/"642c4b99-123"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d8105cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 boostrap.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/ 118 KB
20 KB 37ms
35ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/boostrap.css?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3a6ec18e8b49b442489672e17ac68678430968967b818d7772e8f495625aef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 268456
etag: W/"63460234-1d946"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d8115cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 owl-carousel.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/ 3 KB
977 B 41ms
38ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/owl-carousel.css?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1be068e1e417b77745a1587d48b8ecdc27627d2a61983acb1b3df24eb383544

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 1036901
etag: W/"63460234-bd1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d8125cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 perfect-scrollbar.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/ 5 KB
633 B 66ms
63ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/perfect-scrollbar.css?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5840ec787b934fc80f101b6e22686e9e779d28a7024ebff3a75804b40fef6be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 447705
etag: W/"63460234-1251"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d8135cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 magnific-popup.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/ 5 KB
2 KB 66ms
64ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/magnific-popup.css?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

39587eb320ad541e207d4feebd137e663a562402524bf5dba0a563731a01e4e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 1036901
etag: W/"63460234-15d6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d8165cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fotorama.css
blog.checkpoint.com/wp-content/themes/atoms/css/vendors/ 15 KB
3 KB 42ms
40ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/css/vendors/fotorama.css?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e275292d958f60b0509448e22870378fc1e3d0c6528850eb2980efcc20f530f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 1036901
etag: W/"63460234-3b28"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d8175cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.css
blog.checkpoint.com/wp-content/themes/atoms/css/ 1 MB
121 KB 69ms
67ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/css/style.css?ver=6.0.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

228f2f92ba9f8d17b77151bc98cd4cc5f94d0cb7bfdce6b5d89cbde96317f904

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 17 Apr 2023 21:34:10 GMT
server: cloudflare
age: 24121
etag: W/"643dbb52-102d80"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d8185cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 6 KB
975 B 116ms
37ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700&display=swap&ver=1680554497

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

10d638dc8e7be96aa37b586435690572b7b6c0ba7781af6186a7c705c333087d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 05 May 2023 02:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 05 May 2023 01:13:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 05 May 2023 02:11:03 GMT

GET
H2 200 jquery-3.6.4.min.js Show response
blog.checkpoint.com/wp-content/plugins/jquery-updater/js/ 88 KB
31 KB 42ms
40ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/plugins/jquery-updater/js/jquery-3.6.4.min.js?ver=3.6.4

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 12 Mar 2023 02:48:04 GMT
server: cloudflare
age: 1036901
etag: W/"640d3d64-15ec3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d8195cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-migrate-3.4.0.min.js Show response
blog.checkpoint.com/wp-content/plugins/jquery-updater/js/ 13 KB
5 KB 41ms
39ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/plugins/jquery-updater/js/jquery-migrate-3.4.0.min.js?ver=3.4.0

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 12 Mar 2023 02:48:04 GMT
server: cloudflare
age: 268456
etag: W/"640d3d64-3470"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c257358d81a5cb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 page-font-awesome-Base64.css
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/css/ 105 KB
70 KB 79ms
32ms Stylesheet
text/css 2600:9000:225e:7200:13:1d23:bc80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/css/page-font-awesome-Base64.css

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:7200:13:1d23:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

19cc00e7c06ab1a6fb3cb5991e7c81b7b25b3babad166141815663895a8d7801

Security Headers

Name	Value
Content-Security-Policy	1
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 15:16:48 GMT
content-security-policy: 1
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P4
age: 298455
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 23 Aug 2022 23:06:20 GMT
server: nginx
etag: W/"63055d6c-1a52d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
x-amz-cf-id: tlchmDbeitUeIUtpsp4HxQoQ59NKppYJmpPhClPbaPqdTGcICvbBDQ==

GET
H2 200 page-font-DIN-Base64.css
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/css/ 61 KB
46 KB 111ms
64ms Stylesheet
text/css 2600:9000:225e:7200:13:1d23:bc80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/css/page-font-DIN-Base64.css

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:7200:13:1d23:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

30e7388b5f275fd1c09ad27e41ed9ad5fa01a97a02d4cd119d66699e62c982db

Security Headers

Name	Value
Content-Security-Policy	1
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 15:16:48 GMT
content-security-policy: 1
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P4
age: 298455
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 23 Aug 2022 23:06:20 GMT
server: nginx
etag: W/"63055d6c-f247"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
x-amz-cf-id: Bj1seI2cnNr_fwASWT0tlMZ90yah9HG6Rk3YEFGWOQ0Ufxhw-_lqjw==

GET
H/1.1 200
OK page-cp-unified-v1.css
sc1.checkpoint.com/sc1/css/ 292 KB
38 KB 123ms
44ms Stylesheet
text/css 23.56.207.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Requested by: Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.207.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-207-93.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7173289d3ce39119fa628f8484128c8041d3270634a9f07afdd4f32a7d46079e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 02:11:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Mar 2023 17:38:15 GMT
Server: AkamaiNetStorage
ETag: "ead5a9b550fcdc68812dbcd86c5f9dda:1678903383.838936"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 38535

GET
H2 200 jquery-3.4.0.js Show response
code.jquery.com/ 273 KB
81 KB 110ms
32ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.0.js
Requested by: Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d864c082f074c2f900ebe5035a21c7d1ed548fb5c212ca477ee9e4a6056e6aa

Request headers

Referer: https://blog.checkpoint.com/
Origin: https://blog.checkpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-44534"
vary: Accept-Encoding
x-hw: 1683252663.dop146.fr8.t,1683252663.cds108.fr8.hn,1683252663.cds123.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 82681

GET
H2 200 jquery-ui.min.js Show response
code.jquery.com/ui/1.11.4/ 235 KB
63 KB 149ms
71ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.11.4/jquery-ui.min.js
Requested by: Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

Request headers

Referer: https://blog.checkpoint.com/
Origin: https://blog.checkpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-3ab2b"
vary: Accept-Encoding
x-hw: 1683252663.dop146.fr8.t,1683252663.cds108.fr8.hn,1683252663.cds159.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 64296

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 36 KB
11 KB 91ms
41ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.checkpoint.com/
Origin: https://blog.checkpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 1053
age: 2682525
cdn-cachedat: 11/15/2022 10:30:01
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"5869c96cc8f19086aee625d670d741f9"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 0080246300f00f3a9f9a64512f946b7c
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7c25735928df921a-FRA
cdn-requestpullsuccess: True

GET
H2 200 under-attack.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/ 3 KB
4 KB 29ms
24ms Image
image/png 2600:9000:225e:7200:13:1d23:bc80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/under-attack.png

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:7200:13:1d23:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7003b61166e5a477a9b5880cafe0a0420fef0af9e35562f81488c3b4c76cb156

Security Headers

Name	Value
Content-Security-Policy	1
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 15:16:51 GMT
content-security-policy: 1
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 298452
x-cache: Hit from cloudfront
content-length: 3084
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 23 Aug 2022 23:06:20 GMT
server: nginx
etag: "63055d6c-c0c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
x-amz-cf-id: J7TEMpflgCnoBqjkPwhe12c6_7DmqLLj2FzWXljCrTn2qcmaENoJUQ==

GET
H3 200 search-btn.png
blog.checkpoint.com/wp-content/themes/atoms/images/ 506 B
790 B 107ms
102ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/images/search-btn.png

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

739c70acffffcd7b8ee40cf1adcb013e3a2d0174b4132f9255625ae9b3ed075b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
age: 2613436
cf-polished: origFmt=png, origSize=1833
content-disposition: inline; filename="search-btn.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 506
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 Aug 2022 23:06:20 GMT
server: cloudflare
etag: "63055d6c-729"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c25735a1d9192b9-FRA

GET
H2 200 search-btn.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/ 2 KB
2 KB 27ms
22ms Image
image/png 2600:9000:225e:7200:13:1d23:bc80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search-btn.png

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:7200:13:1d23:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a7d7aa09becb2494f61a590c32dd433a7b0daf2bddf29c5f622ac84a4c197007

Security Headers

Name	Value
Content-Security-Policy	1
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 15:16:35 GMT
content-security-policy: 1
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 298467
x-cache: Hit from cloudfront
content-length: 1833
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 23 Aug 2022 23:06:20 GMT
server: nginx
etag: "63055d6c-729"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
x-amz-cf-id: 3HGbSqgbo6lRVa7_1H_I_Dzq-kxLZvof9xDGaBt35ffYeJKAfADKTQ==

GET
H3 200 checkpoint-logo.png
blog.checkpoint.com/wp-content/themes/atoms/images/ 3 KB
3 KB 107ms
103ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/images/checkpoint-logo.png

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

470dcb0d8e708f69ed64efb9cfb0800c440cd69d391dc9782073312e5dd0d500

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
age: 1234309
cf-polished: origFmt=png, origSize=6208
content-disposition: inline; filename="checkpoint-logo.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3080
cf-bgj: imgq:100,h2pri
last-modified: Tue, 21 Feb 2023 21:18:18 GMT
server: cloudflare
etag: "63f5351a-1840"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c25735a1d9392b9-FRA

GET
H3 200 FluHorse-corporate-blog-2000x700-1-800x400.jpg
blog.checkpoint.com/wp-content/uploads/2023/05/ 135 KB
135 KB 62ms
57ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.checkpoint.com/wp-content/uploads/2023/05/FluHorse-corporate-blog-2000x700-1-800x400.jpg

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c22c70b833c11e8c52f53d9831053812386a2f0416259a3481cb3151f57a456

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
age: 54379
cf-polished: origSize=146270, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 137882
cf-bgj: imgq:100,h2pri
last-modified: Tue, 02 May 2023 02:11:31 GMT
server: cloudflare
etag: "64507153-23b5e"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c25735a1d9492b9-FRA

GET
H3 200 email-decode.min.js Show response
blog.checkpoint.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
871 B 25ms
24ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 28 Apr 2023 14:11:40 GMT
server: cloudflare
etag: W/"644bd41c-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7c257359cd5192b9-FRA
expires: Sun, 07 May 2023 02:11:03 GMT

GET
H/1.1 200
OK nav_unified.js Show response
sc1.checkpoint.com/sc1/unified/js/ 8 KB
2 KB 25ms
25ms Script
application/x-javascript 23.56.207.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sc1.checkpoint.com/sc1/unified/js/nav_unified.js
Requested by: Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.207.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-207-93.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2036f63c988ea61768ec5387b03c0b9eb6a5901291a9b700806eb6d07d6a15bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 02:11:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Oct 2022 17:03:47 GMT
Server: AkamaiNetStorage
ETag: "714caa79dd5a7bac9d0c006768312dc0:1666287285.408875"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 1707

GET
H2 200 footer.js Show response
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/js/ 3 KB
2 KB 35ms
28ms Script
application/javascript 2600:9000:225e:7200:13:1d23:bc80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/js/footer.js

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:7200:13:1d23:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ba36ba3a5a611a0a0284b826442804783bf8524e7ca724f6c440d8a5dc6b8702

Security Headers

Name	Value
Content-Security-Policy	1
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 15:16:51 GMT
content-security-policy: 1
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P4
age: 298452
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 30 Jan 2023 16:17:32 GMT
server: nginx
etag: W/"63d7ed9c-a7c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Accept-Encoding,Accept-Encoding,Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
x-amz-cf-id: CmB8tNZ7ARXSg6tBZOl8-ub0Vv6yDC35TO9IhjSxxNHFrB6cCT0j1w==

GET
H3 200 imagesloaded.min.js Show response
blog.checkpoint.com/wp-includes/js/ 5 KB
2 KB 101ms
99ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: cloudflare
age: 2678508
etag: W/"5ee520a7-15fd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8392b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 masonry.min.js Show response
blog.checkpoint.com/wp-includes/js/ 24 KB
8 KB 39ms
36ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-includes/js/masonry.min.js?ver=4.2.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: cloudflare
age: 259168
etag: W/"5ee520a7-5e4a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8492b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 jquery.masonry.min.js Show response
blog.checkpoint.com/wp-includes/js/jquery/ 2 KB
919 B 102ms
99ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
server: cloudflare
age: 589407
etag: W/"57b604a2-71b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8592b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 throttle-debounce.min.js Show response
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/ 497 B
546 B 102ms
99ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/throttle-debounce.min.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2d885cb2748a4fc83a4e415466a529453aaaa0f537cb31fe2e6f108472fc5c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 259168
etag: W/"63460234-1f1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8692b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 bootstrap.min.js Show response
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/ 36 KB
10 KB 40ms
36ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/bootstrap.min.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 582576
etag: W/"63460234-90bb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8892b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fotorama.min.js Show response
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/ 38 KB
17 KB 102ms
99ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/fotorama.min.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b0efce477888066982b251fa52c0e442e90a0f7506cc5f9e838eeb6c1cfeb2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 2626992
etag: W/"63460234-99ae"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8a92b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 owl-carousel.min.js Show response
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/ 43 KB
12 KB 60ms
56ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/owl-carousel.min.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 2403905
etag: W/"63460234-ad3c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8b92b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 theiaStickySidebar.min.js Show response
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/ 5 KB
2 KB 103ms
99ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/theiaStickySidebar.min.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

020ff6e3208f27e7c096ce43b605ff22e4b1acb2a34dbae3ecd07da10d25ead4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 591212
etag: W/"63460234-13ff"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8c92b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fitvids.js Show response
blog.checkpoint.com/wp-content/themes/atoms/js/vendors/ 3 KB
1 KB 103ms
98ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/js/vendors/fitvids.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa2f758609856d2932d4d2b2a59d474bd5db023128b8622ab111bd65078ec7e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 2626992
etag: W/"63460234-cf9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8d92b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 scripts.js Show response
blog.checkpoint.com/wp-content/themes/atoms/js/ 170 KB
25 KB 103ms
99ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/js/scripts.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f17c8a0e6cefa97ee8778b9c3bcdbde195b6e18ef434c8a377af2096a7320ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Feb 2023 23:23:16 GMT
server: cloudflare
age: 591212
etag: W/"63f7f564-2a907"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d8e92b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 comment-reply.min.js Show response
blog.checkpoint.com/wp-includes/js/ 3 KB
2 KB 106ms
102ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-includes/js/comment-reply.min.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: cloudflare
age: 2403904
etag: W/"625095f6-ba5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d9092b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 80ms
30ms Script
application/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 3028
etag: W/"06f50014011c1fcd9e21b6b0481979de"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7c25735a6b4d1c3c-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 08 May 2023 02:11:03 GMT

GET
H3 200 wp-emoji-release.min.js Show response
blog.checkpoint.com/wp-includes/js/ 18 KB
5 KB 58ms
53ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 04 Apr 2023 16:08:57 GMT
server: cloudflare
age: 2046802
etag: W/"642c4b99-4904"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c25735a1d9592b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 382 KB
107 KB 141ms
82ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f0b5dfa9c25f364584748d3550fa8918f60a9a97f860bc6e1ef9a85f42a8356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109000
x-xss-protection: 0
last-modified: Fri, 05 May 2023 00:14:02 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 May 2023 02:11:03 GMT

GET
H2 200 bullet-prod.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/ 1 KB
2 KB 25ms
25ms Image
image/png 2600:9000:225e:7200:13:1d23:bc80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/bullet-prod.png

Requested by

Host: sc1.checkpoint.com
URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:7200:13:1d23:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b9d991f032b0f626a8b215af39aaae7ad4e1e262c9fad049b6f12a4fe7afb9bc

Security Headers

Name	Value
Content-Security-Policy	1
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sc1.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 15:16:52 GMT
content-security-policy: 1
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 298451
x-cache: Hit from cloudfront
content-length: 1027
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 23 Aug 2022 23:06:20 GMT
server: nginx
etag: "63055d6c-403"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
x-amz-cf-id: Lqya2DNBxxhAh_rz4xB938jXYO3SgW5hxZlAajY91FCZE8XbZU-hSg==

GET
H2 200 search.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/ 2 KB
2 KB 26ms
26ms Image
image/png 2600:9000:225e:7200:13:1d23:bc80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search.png

Requested by

Host: sc1.checkpoint.com
URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:7200:13:1d23:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

fb8acb6ca1149529e5e25600bfaaa2aa77a353369dd5c8f63869f63a42279db4

Security Headers

Name	Value
Content-Security-Policy	1
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sc1.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 15:16:14 GMT
content-security-policy: 1
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 298489
x-cache: Hit from cloudfront
content-length: 1658
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 23 Aug 2022 23:06:20 GMT
server: nginx
etag: "63055d6c-67a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
x-amz-cf-id: niCOFQ64bhhYDwdd1n9h4jCXYONhIiORfLWAUlQknIYWrX9zNDsrBA==

GET
H2 200 intl.png
www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/ 2 KB
3 KB 27ms
27ms Image
image/png 2600:9000:225e:7200:13:1d23:bc80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/intl.png

Requested by

Host: sc1.checkpoint.com
URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:7200:13:1d23:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

76911468519fda64950773694e032587649fe089cf454e1f4afa005cd191772c

Security Headers

Name	Value
Content-Security-Policy	1
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sc1.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 01 May 2023 15:16:14 GMT
content-security-policy: 1
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 298489
x-cache: Hit from cloudfront
content-length: 2126
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 23 Aug 2022 23:06:20 GMT
server: nginx
etag: "63055d6c-84e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
x-amz-cf-id: gN9_5qTKvctCqrD7ZxJadGKKpJtOLFI_BelXE5jilxkEn9vDPY1swg==

GET
DATA 200
OK truncated
/ 188 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a22a9f782432f61776fa13ac0a9bc16dac6c3d6ee86c51c4126c5e9715cd5ec8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 404
Not Found 34CA47_6_0.woff2
sc1.checkpoint.com/wp-content/themes/checkpoint-theme-v2/fonts/ 0
0 642ms
576ms Font
text/plain 23.56.207.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sc1.checkpoint.com/wp-content/themes/checkpoint-theme-v2/fonts/34CA47_6_0.woff2
Requested by: Host: sc1.checkpoint.com
URL: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.207.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-207-93.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://sc1.checkpoint.com/sc1/css/page-cp-unified-v1.css?v=1.0
Origin: https://blog.checkpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 02:11:04 GMT
Server: AkamaiNetStorage
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 10

GET
DATA 200
OK truncated
/ 64 KB
64 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer: https://www.checkpoint.com/
Origin: https://blog.checkpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H3 200 mdicon.ttf
blog.checkpoint.com/wp-content/themes/atoms/fonts/ 22 KB
22 KB 126ms
126ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.checkpoint.com/wp-content/themes/atoms/fonts/mdicon.ttf

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/wp-content/themes/atoms/css/style.css?ver=6.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e22b75f66d61689e06ad343c7bfa97314b6285f00d4d141940bc88770b7fcde1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://blog.checkpoint.com/wp-content/themes/atoms/css/style.css?ver=6.0.2
Origin: https://blog.checkpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
last-modified: Tue, 11 Oct 2022 23:54:28 GMT
server: cloudflare
age: 2678507
etag: "63460234-5634"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c25735a2d9c92b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22068

GET
DATA 200
OK truncated
/ 23 KB
23 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e79cbb65ec0ac13329b541b9b1c51ffa16fd594139c6fdbe20dfc1d78173eac

Request headers

Referer: https://www.checkpoint.com/
Origin: https://blog.checkpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3 200 author-image.png
blog.checkpoint.com/wp-content/uploads/2023/02/ 540 B
824 B 54ms
54ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.checkpoint.com/wp-content/uploads/2023/02/author-image.png

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a91b0492d68124328a2ee73e80729ed37fd539e011f8cd82a531833be53f6be7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
age: 494431
cf-polished: origFmt=png, origSize=752
content-disposition: inline; filename="author-image.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 540
cf-bgj: imgq:100,h2pri
last-modified: Wed, 22 Feb 2023 22:29:41 GMT
server: cloudflare
etag: "63f69755-2f0"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c25735aee6492b9-FRA

GET
H3 200 toll_apps.png
blog.checkpoint.com/wp-content/uploads/2023/05/ 20 KB
20 KB 489ms
488ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.checkpoint.com/wp-content/uploads/2023/05/toll_apps.png

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cb9d7d865df67dd401a75a582e6e34ef1196aa55186683110c2d6dde3bbd62f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
cf-cache-status: MISS
last-modified: Thu, 04 May 2023 11:14:16 GMT
server: cloudflare
etag: "64539388-4f36"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c25735aee6592b9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20278

GET
H3 200 Picture2.png
blog.checkpoint.com/wp-content/uploads/2023/05/ 21 KB
21 KB 48ms
47ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.checkpoint.com/wp-content/uploads/2023/05/Picture2.png

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca3b31eeae0b9d530f62759998b21e84d686de72971a7979eb339d548a5404f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
age: 50789
cf-polished: origFmt=png, origSize=22579
content-disposition: inline; filename="Picture2.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21330
cf-bgj: imgq:100,h2pri
last-modified: Mon, 01 May 2023 08:30:46 GMT
server: cloudflare
etag: "644f78b6-5833"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c25735aee6792b9-FRA

GET
H3 200 Picture3.png
blog.checkpoint.com/wp-content/uploads/2023/05/ 15 KB
15 KB 47ms
47ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.checkpoint.com/wp-content/uploads/2023/05/Picture3.png

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

32dce914f2c0bdfb3ac3d48728328cc6082598abb46af5259e0ee146821b79e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
age: 50789
cf-polished: origFmt=png, origSize=16575
content-disposition: inline; filename="Picture3.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14968
cf-bgj: imgq:100,h2pri
last-modified: Mon, 01 May 2023 08:32:16 GMT
server: cloudflare
etag: "644f7910-40bf"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c25735aee6892b9-FRA

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 37ms
36ms Script
application/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 3027
etag: W/"2cf94922e2d551e8dc7c38c022a9a3ca"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7c25735bac4d1c3c-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 08 May 2023 02:11:03 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/8fda8b9d-6ba7-4357-8125-c6df304f7ef8/ 3 KB
2 KB 74ms
73ms Script
text/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/8fda8b9d-6ba7-4357-8125-c6df304f7ef8/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d30f09375b142bf8d8d3ae97ab45826b961a20fcef7f7680488c859662630e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: EXPIRED
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: ebd9af1b-0ba9-4c52-8e3f-fa870372d52c
x-runtime: 0.025810
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"d30f09375b142bf8d8d3ae97ab45826b"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 7c25735c1c901c3c-FRA
access-control-allow-headers: SDK-Version
expires: Fri, 05 May 2023 03:11:03 GMT

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 36ms
36ms Stylesheet
text/css 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 3027
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 7c25735cc9619a3f-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 04 Jun 2023 02:11:03 GMT

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/8fda8b9d-6ba7-4357-8125-c6df304f7ef8/ 184 B
778 B 75ms
52ms Fetch
application/json 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/8fda8b9d-6ba7-4357-8125-c6df304f7ef8/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

876d97f7c44b69a70ef0d0ef12e0f1206d3e61366ada2d59e0d3c810c616c872

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 02:11:03 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 03ca7085-d260-4008-9048-b4734e134cde
x-runtime: 0.008600
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"876d97f7c44b69a70ef0d0ef12e0f120"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept, Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cf-ray: 7c25735d398435e4-FRA
access-control-allow-headers: SDK-Version

GET
H2 200 44f2f794-9e04-404d-a8ae-4d233d4bb07b
img.onesignal.com/permanent/ 20 KB
21 KB 47ms
47ms Image
application/octet-stream 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.onesignal.com/permanent/44f2f794-9e04-404d-a8ae-4d233d4bb07b

Requested by

Host: blog.checkpoint.com
URL: https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e777c757a34f77964886a0a1f6ff9c4506073a4c81b58f0e69d8362f147540b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.checkpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-goog-encryption-kms-key-name: projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1
date: Fri, 05 May 2023 02:11:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains
cf-cache-status: REVALIDATED
x-guploader-uploadid: ADPycdvvGi_xnOovGSQCtKmGwbWSKbu_0264MIONiAxwD8P4JIOV1BkOGuVOX76o-JaTrGrcnojQn3NkBQbSYUlNojslug
x-goog-meta-x-goog-source-etag: "c29b83503b310974ac257516575270c7"
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20409
pragma: no-cache
last-modified: Tue, 14 Feb 2023 03:18:18 GMT
server: cloudflare
etag: "-CM+F/tGGlP0CEAE="
vary: Origin, Accept-Encoding
x-goog-generation: 1676344698045135
content-type: application/octet-stream
x-goog-hash: crc32c=P17/FQ==, md5=wpuDUDsxCXSsJXUWV1Jwxw==
cache-control: public, max-age=2678400
x-goog-meta-cache-control: public, maxage=604800
x-goog-stored-content-length: 20409
accept-ranges: bytes
cf-ray: 7c25735d8dda1c3c-FRA
expires: Mon, 05 Jun 2023 02:11:03 GMT

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps	1970-01-20 11:34:12	Name: fluhorsecheckpointresearchexposesanewlydiscoveredmalwaredisguisedaseastasianlegitimatepopularandroidapps Value: 1
.onesignal.com/	1970-01-20 11:34:14	Name: __cf_bm Value: 5G7RLVsmoTAw9rFyrZR10CG8bSeHvee2ojENbbpubMM-1683252663-0-AQh234FKiaa0jWwv48B4/aZFkRemTblrbJhD5YbG8qmO8GbJU65oDrQ3Ns+UBXlUWPeHV/jL3+tYBBHzp7GegSQ=
.checkpoint.com/	1970-01-20 13:43:48	Name: _gcl_au Value: 1.1.1263820105.1683252664

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sc1.checkpoint.com/wp-content/themes/checkpoint-theme-v2/fonts/34CA47_6_0.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.checkpoint.com
cdn.onesignal.com
code.jquery.com
fonts.googleapis.com
img.onesignal.com
maxcdn.bootstrapcdn.com
onesignal.com
sc1.checkpoint.com
www.checkpoint.com
www.googletagmanager.com
141.193.213.21
2001:4de0:ac18::1:a:2b
23.56.207.93
2600:9000:225e:7200:13:1d23:bc80:93a1
2606:4700::6812:acf
2606:4700::6812:d63b
2a00:1450:4001:80b::200a
2a00:1450:4001:831::2008
020ff6e3208f27e7c096ce43b605ff22e4b1acb2a34dbae3ecd07da10d25ead4
0d864c082f074c2f900ebe5035a21c7d1ed548fb5c212ca477ee9e4a6056e6aa
10d638dc8e7be96aa37b586435690572b7b6c0ba7781af6186a7c705c333087d
184e6b01b8556a70f898442a08141f51e46013f83edc62c52a586fad30e95181
194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19cc00e7c06ab1a6fb3cb5991e7c81b7b25b3babad166141815663895a8d7801
1ca3b31eeae0b9d530f62759998b21e84d686de72971a7979eb339d548a5404f
2036f63c988ea61768ec5387b03c0b9eb6a5901291a9b700806eb6d07d6a15bf
228f2f92ba9f8d17b77151bc98cd4cc5f94d0cb7bfdce6b5d89cbde96317f904
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2c22c70b833c11e8c52f53d9831053812386a2f0416259a3481cb3151f57a456
30e7388b5f275fd1c09ad27e41ed9ad5fa01a97a02d4cd119d66699e62c982db
32dce914f2c0bdfb3ac3d48728328cc6082598abb46af5259e0ee146821b79e0
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
39587eb320ad541e207d4feebd137e663a562402524bf5dba0a563731a01e4e0
3e275292d958f60b0509448e22870378fc1e3d0c6528850eb2980efcc20f530f
470dcb0d8e708f69ed64efb9cfb0800c440cd69d391dc9782073312e5dd0d500
4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029
4e79cbb65ec0ac13329b541b9b1c51ffa16fd594139c6fdbe20dfc1d78173eac
4f17c8a0e6cefa97ee8778b9c3bcdbde195b6e18ef434c8a377af2096a7320ff
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5840ec787b934fc80f101b6e22686e9e779d28a7024ebff3a75804b40fef6be5
5f0b5dfa9c25f364584748d3550fa8918f60a9a97f860bc6e1ef9a85f42a8356
7003b61166e5a477a9b5880cafe0a0420fef0af9e35562f81488c3b4c76cb156
7173289d3ce39119fa628f8484128c8041d3270634a9f07afdd4f32a7d46079e
739c70acffffcd7b8ee40cf1adcb013e3a2d0174b4132f9255625ae9b3ed075b
76911468519fda64950773694e032587649fe089cf454e1f4afa005cd191772c
7b0efce477888066982b251fa52c0e442e90a0f7506cc5f9e838eeb6c1cfeb2c
876d97f7c44b69a70ef0d0ef12e0f1206d3e61366ada2d59e0d3c810c616c872
8cb9d7d865df67dd401a75a582e6e34ef1196aa55186683110c2d6dde3bbd62f
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a22a9f782432f61776fa13ac0a9bc16dac6c3d6ee86c51c4126c5e9715cd5ec8
a7d7aa09becb2494f61a590c32dd433a7b0daf2bddf29c5f622ac84a4c197007
a91b0492d68124328a2ee73e80729ed37fd539e011f8cd82a531833be53f6be7
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
b9d991f032b0f626a8b215af39aaae7ad4e1e262c9fad049b6f12a4fe7afb9bc
ba36ba3a5a611a0a0284b826442804783bf8524e7ca724f6c440d8a5dc6b8702
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
c3a6ec18e8b49b442489672e17ac68678430968967b818d7772e8f495625aef3
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e
d30f09375b142bf8d8d3ae97ab45826b961a20fcef7f7680488c859662630e3d
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e22b75f66d61689e06ad343c7bfa97314b6285f00d4d141940bc88770b7fcde1
e2d885cb2748a4fc83a4e415466a529453aaaa0f537cb31fe2e6f108472fc5c7
e777c757a34f77964886a0a1f6ff9c4506073a4c81b58f0e69d8362f147540b4
f1be068e1e417b77745a1587d48b8ecdc27627d2a61983acb1b3df24eb383544
fa2f758609856d2932d4d2b2a59d474bd5db023128b8622ab111bd65078ec7e2
fb8acb6ca1149529e5e25600bfaaa2aa77a353369dd5c8f63869f63a42279db4
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

blog.checkpoint.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

54 Requests

100 %HTTPS

75 %IPv6

6 Domains

10 Subdomains

9 IPs

3 Countries

1148 kBTransfer

3979 kBSize

3 Cookies

144 Outgoing links

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.checkpoint.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

100 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1148 kB
Transfer

3979 kB
Size

3
Cookies

54 HTTP transactions
3 data transactions