reliaquest.com Open in urlscan Pro
15.197.167.90 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
Submission: On April 17 via api (April 17th 2025, 6:53:56 am UTC) from IN — Scanned from AU

Summary HTTP 110 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 38 IPs in 8 countries across 24 domains to perform 110 HTTP transactions. The main IP is 15.197.167.90, located in United States and belongs to AMAZON-02, US. The main domain is reliaquest.com. The Cisco Umbrella rank of the primary domain is 247551.
TLS certificate: Issued by E6 on April 10th 2025. Valid for: 3 months.

This is the only time reliaquest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	15.197.167.90 15.197.167.90	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:208... 2600:9000:2083:b000:12:94b3:c380:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2404:6800:400... 2404:6800:4008:c06::61	15169 (GOOGLE) (GOOGLE)
6	2a04:4e42:600... 2a04:4e42:600::604	54113 (FASTLY) (FASTLY)
1	2404:6800:400... 2404:6800:4006:814::200a	15169 (GOOGLE) (GOOGLE)
2	64.233.187.94 64.233.187.94	15169 (GOOGLE) (GOOGLE)
25	23.46.10.227 23.46.10.227	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	173.194.174.147 173.194.174.147	15169 (GOOGLE) (GOOGLE)
1 4	2620:1ec:33::10 2620:1ec:33::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:1415:540... 2600:1415:5400:4::17d3:f255	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	2620:1ec:bdf::31 2620:1ec:bdf::31	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	52.32.164.86 52.32.164.86	16509 (AMAZON-02) (AMAZON-02)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.46.35.227 23.46.35.227	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1901:0:2... 2600:1901:0:22e6::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 5	2620:1ec:50::12 2620:1ec:50::12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	172.64.146.215 172.64.146.215	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	150.171.22.14 150.171.22.14	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	103.43.91.249 103.43.91.249	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2600:1415:9c0... 2600:1415:9c00:9::1730:f7e9	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2001:4860:480... 2001:4860:4802:32::181	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4008:c07::9c	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4008:c00::9b	15169 (GOOGLE) (GOOGLE)
1	108.177.97.94 108.177.97.94	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1 2	52.231.230.148 52.231.230.148	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	44.226.187.177 44.226.187.177	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:ba1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	51.8.44.252 51.8.44.252	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:1901:0:4... 2600:1901:0:476d::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:1901:0:8... 2600:1901:0:891c::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	99.83.231.3 99.83.231.3	16509 (AMAZON-02) (AMAZON-02)
1	34.98.91.45 34.98.91.45	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.203.236.163 54.203.236.163	16509 (AMAZON-02) (AMAZON-02)
1	142.250.204.8 142.250.204.8	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4006:814::200e	15169 (GOOGLE) (GOOGLE)
110	38

21 15.197.167.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: afa7f374f51cc8991.awsglobalaccelerator.com

reliaquest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2083:b000:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4008:c06::61 (Taipei, Taiwan)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a04:4e42:600::604 (United States)

ASN54113 (FASTLY, US)

resources.reliaquest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4006:814::200a (Sydney, Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.187.94 (United States)

ASN15169 (GOOGLE, US)
PTR: tj-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 23.46.10.227 (United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-46-10-227.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.174.147 (United States)

ASN15169 (GOOGLE, US)
PTR: td-in-f147.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:33::10 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1415:5400:4::17d3:f255 (Silverdale, New Zealand)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:bdf::31 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.32.164.86 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-164-86.us-west-2.compute.amazonaws.com

abm-tracking.demandscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.46.35.227 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-46-35-227.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:22e6:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

app-script.monsido.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:50::12 (United States) 3 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.146.215 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.171.22.14 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.43.91.249 (Singapore, Singapore)

ASN29990 (ASN-APPNEX, US)
PTR: 1028.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1415:9c00:9::1730:f7e9 (United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4008:c07::9c (Taipei, Taiwan)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4008:c00::9b (Taipei, Taiwan)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.177.97.94 (United States)

ASN15169 (GOOGLE, US)
PTR: tm-in-f94.1e100.net

www.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

438-kyk-786.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.231.230.148 (Busan, Korea, Republic Of) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.226.187.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-187-177.us-west-2.compute.amazonaws.com

intentstream.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:ba1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.8.44.252 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

f.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:476d:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

heatmaps.monsido.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:891c:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

tracking.monsido.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.231.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.91.45 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 45.91.98.34.bc.googleusercontent.com

heatmaps.monsido.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.203.236.163 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-236-163.us-west-2.compute.amazonaws.com

tracking.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.204.8 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4006:814::200e (Sydney, Australia)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	6sc.co j.6sc.co — Cisco Umbrella Rank: 6630 c.6sc.co — Cisco Umbrella Rank: 7731 ipv6.6sc.co — Cisco Umbrella Rank: 6664 b.6sc.co — Cisco Umbrella Rank: 4170	25 KB
27	reliaquest.com reliaquest.com — Cisco Umbrella Rank: 247551 resources.reliaquest.com	419 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 316 www.linkedin.com — Cisco Umbrella Rank: 654 px4.ads.linkedin.com — Cisco Umbrella Rank: 6851	4 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 618 c.clarity.ms — Cisco Umbrella Rank: 1203 f.clarity.ms — Cisco Umbrella Rank: 11299	33 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 11373 ws.zoominfo.com — Cisco Umbrella Rank: 4030	17 KB
4	monsido.com app-script.monsido.com — Cisco Umbrella Rank: 11098 heatmaps.monsido.com — Cisco Umbrella Rank: 17506 tracking.monsido.com — Cisco Umbrella Rank: 10662	7 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 335 c.bing.com — Cisco Umbrella Rank: 201	18 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 41	377 KB
3	contanuity.com intentstream.contanuity.com — Cisco Umbrella Rank: 114357 tracking.contanuity.com — Cisco Umbrella Rank: 28288	1 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 4836	4 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	22 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9877	657 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 135 td.doubleclick.net — Cisco Umbrella Rank: 168	1 KB
2	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 492	1 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3366	7 KB
2	demandscience.com abm-tracking.demandscience.com — Cisco Umbrella Rank: 111753	3 KB
2	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 138
2	gstatic.com fonts.gstatic.com	62 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 304	14 KB
1	mktoresp.com 438-kyk-786.mktoresp.com	318 B
1	google.com.au www.google.com.au — Cisco Umbrella Rank: 26755	63 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 851	15 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	2 KB
1	ctfassets.net images.ctfassets.net — Cisco Umbrella Rank: 3388	3 KB
110	24

	Domain	Requested by
21	reliaquest.com	reliaquest.com
20	b.6sc.co
6	resources.reliaquest.com	reliaquest.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	www.googletagmanager.com	reliaquest.com www.googletagmanager.com abm-tracking.demandscience.com
3	c.6sc.co	j.6sc.co
3	js.zi-scripts.com	reliaquest.com js.zi-scripts.com
3	www.clarity.ms	www.googletagmanager.com bat.bing.com www.clarity.ms
3	bat.bing.com	www.googletagmanager.com bat.bing.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	epsilon.6sense.com	j.6sc.co
2	heatmaps.monsido.com	app-script.monsido.com heatmaps.monsido.com
2	f.clarity.ms	www.clarity.ms
2	intentstream.contanuity.com	abm-tracking.demandscience.com
2	c.clarity.ms	1 redirects
2	ipv6.6sc.co	j.6sc.co
2	secure.adnxs.com	j.6sc.co
2	munchkin.marketo.net	reliaquest.com munchkin.marketo.net
2	abm-tracking.demandscience.com	reliaquest.com abm-tracking.demandscience.com
2	j.6sc.co	www.googletagmanager.com reliaquest.com
2	fonts.gstatic.com	fonts.googleapis.com
1	tracking.contanuity.com	abm-tracking.demandscience.com
1	tracking.monsido.com
1	cdn.jsdelivr.net	abm-tracking.demandscience.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	c.bing.com	1 redirects
1	438-kyk-786.mktoresp.com	munchkin.marketo.net
1	www.google.com.au
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	app-script.monsido.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	www.google.com	www.googletagmanager.com
1	fonts.googleapis.com	reliaquest.com
1	images.ctfassets.net	reliaquest.com
110	39

This site contains links to these domains. Also see Links.

Domain
reliaquest.registration.goldcast.io
www.reliaquest.com
learn.microsoft.com
devblogs.microsoft.com
www.linkedin.com
twitter.com
www.youtube.com
www.instagram.com
www.facebook.com

Subject Issuer	Validity	Valid
reliaquest.com E6	`2025-04-10` - `2025-07-09`	3 months	crt.sh
images.ctfassets.net Amazon RSA 2048 M02	`2024-11-18` - `2025-12-16`	a year	crt.sh
*.google-analytics.com WE2	`2025-03-31` - `2025-06-23`	3 months	crt.sh
resources.reliaquest.com GlobalSign Atlas R3 DV TLS CA 2025 Q1	`2025-01-21` - `2026-02-22`	a year	crt.sh
upload.video.google.com WR2	`2025-03-20` - `2025-06-12`	3 months	crt.sh
*.gstatic.com WE2	`2025-03-31` - `2025-06-23`	3 months	crt.sh
6sc.co R11	`2025-03-04` - `2025-06-02`	3 months	crt.sh
*.google.com WE2	`2025-03-31` - `2025-06-23`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 07	`2025-03-14` - `2025-09-10`	6 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-13` - `2025-12-12`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
abm-tracking.demandscience.com R10	`2025-04-12` - `2025-07-11`	3 months	crt.sh
zi-scripts.com WE1	`2025-03-18` - `2025-06-16`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2024-10-22` - `2025-10-24`	a year	crt.sh
app-script.monsido.com WR3	`2025-04-15` - `2025-07-14`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2025-03-16` - `2025-09-16`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2025-02-21` - `2026-03-23`	a year	crt.sh
*.g.doubleclick.net WE2	`2025-03-31` - `2025-06-23`	3 months	crt.sh
*.doubleclick.net WE2	`2025-03-31` - `2025-06-23`	3 months	crt.sh
*.google.com.au WE2	`2025-03-31` - `2025-06-23`	3 months	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh
zoominfo.com E6	`2025-04-07` - `2025-07-06`	3 months	crt.sh
intentstream.contanuity.com E5	`2025-04-16` - `2025-07-15`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
heatmaps.monsido.com WR3	`2025-02-18` - `2025-05-19`	3 months	crt.sh
tracking.monsido.com WR3	`2025-04-16` - `2025-07-15`	3 months	crt.sh
epsilon.6sense.com Amazon RSA 2048 M03	`2024-10-02` - `2025-11-01`	a year	crt.sh
tracking.contanuity.com R11	`2025-03-11` - `2025-06-09`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
Frame ID: E861810FC98991E31BBCB84EA53835C6
Requests: 103 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/54a0/sw_iframe.html?origin=https%3A%2F%2Freliaquest.com
Frame ID: 3AD4373E4956FFD7F40CA133E9694FEA
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-G6184BWDDN&gacid=1670261853.1744872830&gtm=45je54f1v871663715z872282274za200zb72282274&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&z=871402166
Frame ID: AC6902ACA62D2EB5CDFD52449F802457
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Threat Spotlight: Hijacked and Hidden: New Backdoor and Persistence Technique - ReliaQuest

Detected technologies

Contentful (CMS) Expand

Overall confidence: 100%
Detected patterns

<[^>]+(?:https?:)?//(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

110
Requests

95 %
HTTPS

45 %
IPv6

24
Domains

39
Subdomains

38
IPs

8
Countries

1032 kB
Transfer

3400 kB
Size

39
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://reliaquest.registration.goldcast.io/series/d561a085-6240-419c-bdc5-aadfb1b6d376?partnerref=site
Title: Register Now

Search URL Search Domain Scan URL

URL: https://www.reliaquest.com/blog/insights-from-reliaquests-2025-annual-threat-report/
Title: 60% of hands-on-keyboard

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/microsoftteams/trusted-organizations-external-meetings-chat?tabs=organization-settings
Title: external communication

Search URL Search Domain Scan URL

URL: https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/
Title: constrained language mode

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/reliaquest/

Search URL Search Domain Scan URL

URL: https://twitter.com/ReliaQuest

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCdPuTyaN5bU3_GmCNFgzl3Q

Search URL Search Domain Scan URL

URL: https://www.instagram.com/reliaquest/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ReliaQuest/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3664348%26time%3D1744872830026%26li_adsId%3D79dbb50b-e934-4e74-9f41-c0e428e1106f%26url%3Dhttps%253A%252F%252Freliaquest.com%252Fblog%252Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&cookiesTest=true&liSync=true&e_ipv6=AQJyWKHBasqmZgAAAZZChnkc3TJWtrcPhZXnxLvXGPRC0Kwo_KAudcCEpXQkLlooPbooMjY

Request Chain 62

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=EADC807BADFD4629974692192FCAE254&RedC=c.clarity.ms&MXFR=0C05D96AF30D6362008ECCBBF70D6DCA HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=EADC807BADFD4629974692192FCAE254&MUID=07829405D70A679D24EB81D4D696668A

Request Chain 103

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=e04b0966b3ab4fe5d651dbab29769c1a_1744872830774 HTTP 303
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=e04b0966b3ab4fe5d651dbab29769c1a_1744872830774&_bee_ppp=1 HTTP 303
https://tracking.contanuity.com/usersync?bwcookie=AAFCuk7QAUsAABuca0N3kg

110 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/ 72 KB
20 KB 232ms
91ms Document
text/html 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

e3cab7474a17da8c548ab0219abd136d0fa5e5b718f46699e10d66fde76a6519

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 64067
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-length: 20074
content-type: text/html; charset=UTF-8
date: Thu, 17 Apr 2025 06:53:48 GMT
etag: "8277ef144b88f98dba3de2932e827f84-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01JS18CV952BGDBJZ1XM6ZJ151

GET
H2 200 jquery-3.6.0.min.js Show response
reliaquest.com/js/ 87 KB
30 KB 140ms
137ms Script
application/javascript 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/js/jquery-3.6.0.min.js

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "0c376e1fdc6b500d4f94728f7c2b4f55-ssl-df"
age: 18435
accept-ranges: bytes
content-length: 30441
x-nf-request-id: 01JS18CVC9X7F4BNS4JY02QM5V
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 bootstrap.bundle.min.js Show response
reliaquest.com/js/ 79 KB
22 KB 92ms
90ms Script
application/javascript 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/js/bootstrap.bundle.min.js

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "4a4be430ae89737656975e474c9e975b-ssl-df"
age: 18435
accept-ranges: bytes
content-length: 22590
x-nf-request-id: 01JS18CVC9QXY4XJWYCZBXMJS6
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 gsap.min.js Show response
reliaquest.com/js/ 69 KB
27 KB 123ms
121ms Script
application/javascript 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/js/gsap.min.js

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "32ee8c2d422bd2d7737fa49a63e4d114-ssl-df"
age: 18435
accept-ranges: bytes
content-length: 27171
x-nf-request-id: 01JS18CVCS1X8D09YTTPEB630C
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 ScrollTrigger.min.js Show response
reliaquest.com/js/ 39 KB
16 KB 163ms
162ms Script
application/javascript 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/js/ScrollTrigger.min.js

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

be08df326777a8b33cbcd047765e7dc6b8ddf620dcf64a85402ffc8fa006caab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "a852e76237ce3ee0e0e791d0efe31fa6-ssl-df"
age: 18435
accept-ranges: bytes
content-length: 16250
x-nf-request-id: 01JS18CVCSK5CCEC0N283RF52G
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 swiper-bundle.min.js Show response
reliaquest.com/js/ 140 KB
38 KB 169ms
168ms Script
application/javascript 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/js/swiper-bundle.min.js

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

f645b12f27c4e9c1210d5725cfa894b86464372e7b1becbe47126a5fe82f9ade

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "d947afd80e83027bae8c655f2f1f65e5-ssl-df"
age: 18435
accept-ranges: bytes
content-length: 38320
x-nf-request-id: 01JS18CVDJC39G1ABK6M1HFD67
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 main.js Show response
reliaquest.com/js/ 60 KB
13 KB 170ms
169ms Script
application/javascript 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/js/main.js

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

8878017cf8f51089d46fdba568e115f3117307aaa2788dd3ea0b38d9869a8f14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "1983a497d977ec2c4e1cb20fcaec87c4-ssl-df"
age: 71958
accept-ranges: bytes
content-length: 13454
x-nf-request-id: 01JS18CVDJGABB3ZRNW3WVEPT6
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 _slug_.1k0fiQmY.css
reliaquest.com/_astro/ 579 KB
59 KB 185ms
184ms Stylesheet
text/css 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/_astro/_slug_.1k0fiQmY.css

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

b6e62019bf140e7b2d8fac10a8ebbb0ec34020e11417c303bd066120cbd59050

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=31536000,immutable
content-encoding: br
etag: "5e9b97418d088d3bf0642d5f4fa2d49d-ssl-df"
age: 18435
accept-ranges: bytes
content-length: 60694
x-nf-request-id: 01JS18CVC95BF329N57CF84K3T
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 _slug_.C2BvB2ja.css
reliaquest.com/_astro/ 105 KB
10 KB 91ms
90ms Stylesheet
text/css 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/_astro/_slug_.C2BvB2ja.css

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

3063556b95437bb08427d8883f08ce62e2dd66131781ea4f1827953557728ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=31536000,immutable
content-encoding: br
etag: "f3d541cadd0f7d2997994e70a7471144-ssl-df"
age: 71958
accept-ranges: bytes
content-length: 10133
x-nf-request-id: 01JS18CVC9EDZ5K6XM91C15N2M
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 _slug_.C__SG9Bk.css
reliaquest.com/_astro/ 103 KB
10 KB 92ms
91ms Stylesheet
text/css 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/_astro/_slug_.C__SG9Bk.css

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

e7aed6537aaa785b06f4e728da5b3e6e709ea899d4d59a80d8b138e34a0ef3b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=31536000,immutable
content-encoding: br
etag: "b0552432895fe6d0e7c2944c6db6a2cb-ssl-df"
age: 71958
accept-ranges: bytes
content-length: 10170
x-nf-request-id: 01JS18CVC9R53GCZ5EH57PMZW2
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 _slug_.h42C_hkt.css
reliaquest.com/_astro/ 129 KB
8 KB 91ms
91ms Stylesheet
text/css 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/_astro/_slug_.h42C_hkt.css

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

748bae9f60d68174efcf0fe81ecbf5a5e4b0141d92bc6d6bdb44902992a1ca98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=31536000,immutable
content-encoding: br
etag: "f3ac8450668170267acc631c3eaa518d-ssl-df"
age: 71958
accept-ranges: bytes
content-length: 8479
x-nf-request-id: 01JS18CVC9V9NT0QF7C3W0K9S1
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 _slug_.B3O9IacM.css
reliaquest.com/_astro/ 97 KB
9 KB 91ms
90ms Stylesheet
text/css 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/_astro/_slug_.B3O9IacM.css

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

7017b0ab77d2622646f79709a6d5b76b2f9b51eea4167deb08e00888c3c2326f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=31536000,immutable
content-encoding: br
etag: "7bb85a7f97174792f04f1d9ea902b7f2-ssl-df"
age: 71958
accept-ranges: bytes
content-length: 8616
x-nf-request-id: 01JS18CVC9DN7125ZFYKPWFVG5
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 logo.svg
images.ctfassets.net/kbx03rs3xyue/2T8jLZjbojgarAKQEifa8U/39034f5e95fc2085137845549ecb9c50/ 6 KB
3 KB 315ms
95ms Image
image/svg+xml 2600:9000:2083:b000:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://images.ctfassets.net/kbx03rs3xyue/2T8jLZjbojgarAKQEifa8U/39034f5e95fc2085137845549ecb9c50/logo.svg
Requested by: Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2083:b000:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 00d1bb05513ad1b612092c5a0e085fcb8f165ffdc7ae15300d8fbd7f9600deb7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=31536000
content-encoding: gzip
etag: W/"58f32c8502bcc5a774feb82520d51bd9"
age: 67700
via: 1.1 c8259716d2960c2081c7bc22beaff10c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-id: klILrUQ1xl-G_UaTqiswAfZkpBfOV0Brg4N6wcnu1ThJB1apZBmjFA==
date: Wed, 16 Apr 2025 12:05:29 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Nov 2024 14:23:09 GMT
server: Contentful Images API
x-amz-cf-pop: SYD1-C1
vary: Accept-Encoding

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 429 KB
139 KB 668ms
238ms Script
application/javascript 2404:6800:4008:c06::61
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4008:c06::61 Taipei, Taiwan, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a018cac0c7f27b0aa5020fcddfdd54afceea3733a304e0cb1c3f8cc1c3fbc2f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1297:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1297:0"}],}
expires: Thu, 17 Apr 2025 06:53:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 17 Apr 2025 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1297:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1297:0
content-length: 142079
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 threat-research-avatar_lazkvh.png
resources.reliaquest.com/image/upload/c_thumb,w_120,h_120,f_webp,q_auto/v1741740866/ 876 B
1 KB 667ms
399ms Image
image/webp 2a04:4e42:600::604
FASTLY

General

Check archive.org

Download Go to Show image

Full URL

https://resources.reliaquest.com/image/upload/c_thumb,w_120,h_120,f_webp,q_auto/v1741740866/threat-research-avatar_lazkvh.png

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::604 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

c9ff29fca88c661af66a7d4a76716f00296357f052d3f2252ca1f8e079595a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-request-id: 1df65dcc879104fd021f9b4b09e77792
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
etag: "4220da5f981d015e5ffc12360e5fe058"
x-content-type-options: nosniff
server-timing: cld-fastly;mitm=p;dur=350;cpu=2;start=2025-04-17T06:53:48.575Z;desc=miss,rtt;dur=46,content-info;desc="width=120,height=120,bytes=876,format=\"webp\",owidth=400,oheight=400,obytes=175730,oformat=\"png\",crt=1743527312,ocrt=1741740866,ef=(1,13,17,23)",cloudinary;dur=105;start=2025-04-17T06:53:48.697Z
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: image/webp
content-disposition: inline; filename="threat-research-avatar_lazkvh.webp"
vary: Save-Data
last-modified: Tue, 01 Apr 2025 17:08:33 GMT
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=31536000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 876
server: Cloudinary

GET
H2 200 teams-backdoor-threat-spotlight_aiikak.png
resources.reliaquest.com/image/upload/c_limit,w_1000,h_1000,f_webp,q_auto/v1744322551/ 18 KB
19 KB 641ms
373ms Image
image/webp 2a04:4e42:600::604
FASTLY

General

Check archive.org

Download Go to Show image

Full URL

https://resources.reliaquest.com/image/upload/c_limit,w_1000,h_1000,f_webp,q_auto/v1744322551/teams-backdoor-threat-spotlight_aiikak.png

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::604 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

93362814ec9c48c8b76cfe6d6036d419bf2e8111fa7a332c32086377338ff4d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-request-id: b10d14f6cea93c411509d8701e2c0fef
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
etag: "bf0e9a44cc19aa91357a18f239a907a5"
x-content-type-options: nosniff
server-timing: cld-fastly;mitm=p;dur=324;cpu=2;start=2025-04-17T06:53:48.575Z;desc=miss,rtt;dur=46,content-info;desc="width=512,height=354,bytes=18662,format=\"webp\",owidth=512,oheight=354,obytes=182649,oformat=\"png\",crt=1744322567,ocrt=1744322551,ef=(1,13,17,97)",cloudinary;dur=76;start=2025-04-17T06:53:48.701Z
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: image/webp
content-disposition: inline; filename="teams-backdoor-threat-spotlight_aiikak.webp"
vary: Save-Data
last-modified: Thu, 10 Apr 2025 22:02:48 GMT
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=31536000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18662
server: Cloudinary

GET
H2 200 rum Show response
reliaquest.com/.netlify/scripts/ 11 KB
4 KB 149ms
149ms Script
application/javascript 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/.netlify/scripts/rum

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

257ef1b7dd06f88a465e5badb58c57b62cf678d7618ecc2929aa3b428e848122

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "920128a05f6ecf111e0920b419925cc1-ssl-df"
age: 266085
accept-ranges: bytes
content-length: 4025
x-nf-request-id: 01JS18CVDJKW7Z22F83R0AN6Z3
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 css2
fonts.googleapis.com/ 22 KB
2 KB 486ms
200ms Stylesheet
text/css 2404:6800:4006:814::200a
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700;800&display=swap

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/_astro/_slug_.1k0fiQmY.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:814::200a Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf4513260f6a69e667c7cfeb06b073400ea2d3e6a046f5be2b2a5f501d197f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 17 Apr 2025 06:53:48 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 17 Apr 2025 06:53:48 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
fonts.gstatic.com/s/roboto/v47/ 39 KB
39 KB 354ms
175ms Font
font/woff2 64.233.187.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700;800&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.187.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tj-in-f94.1e100.net

Software

sffe /

Resource Hash

20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Origin: https://reliaquest.com
Referer: https://fonts.googleapis.com/

Response headers

age: 513254
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 11 Apr 2026 08:19:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 11 Apr 2025 08:19:35 GMT
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 40128
x-xss-protection: 0
server: sffe

GET
H2 200 icomoon.ttf
reliaquest.com/fonts/ 4 KB
5 KB 91ms
89ms Font
font/ttf 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/fonts/icomoon.ttf?5zkpkv

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/_astro/_slug_.1k0fiQmY.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

eaae1d4db82158aa4b92c4286ed1977ad9c3eb18db96573c6404f681fc93a78d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Origin: https://reliaquest.com
Referer: https://reliaquest.com/_astro/_slug_.1k0fiQmY.css

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "0379038db956019952a0e9e5046b3eb2-ssl"
age: 71958
accept-ranges: bytes
content-length: 4592
x-nf-request-id: 01JS18CW3AZ8X1YN4XJPR9R7YK
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: font/ttf
server: Netlify

GET
H3 200 KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2
fonts.gstatic.com/s/roboto/v47/ 22 KB
22 KB 363ms
185ms Font
font/woff2 64.233.187.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700;800&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.187.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tj-in-f94.1e100.net

Software

sffe /

Resource Hash

c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Origin: https://reliaquest.com
Referer: https://fonts.googleapis.com/

Response headers

age: 510767
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 11 Apr 2026 09:01:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 11 Apr 2025 09:01:02 GMT
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 22796
x-xss-protection: 0
server: sffe

GET
H2 200 nav-collapse-decor.svg
reliaquest.com/images/ 2 KB
682 B 91ms
90ms Image
image/svg+xml 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://reliaquest.com/images/nav-collapse-decor.svg

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

1e5e0b8dcb9d3cc33ffbe7b71a27ce249c85dc8a36bbf9b7b221da4a155d43ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "d054f4d1ba210d081e6eed20884b8ac9-ssl-df"
age: 67686
accept-ranges: bytes
content-length: 552
x-nf-request-id: 01JS18CW38127QJ5TCD1S69A30
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: Netlify

GET
H2 200 teams-backdoor-attack-lifecycle_y6jihp.png
resources.reliaquest.com/image/upload/c_limit,w_1000,h_1000,f_webp,q_auto/v1744323343/ 10 KB
10 KB 369ms
367ms Image
image/webp 2a04:4e42:600::604
FASTLY

General

Check archive.org

Download Go to Show image

Full URL

https://resources.reliaquest.com/image/upload/c_limit,w_1000,h_1000,f_webp,q_auto/v1744323343/teams-backdoor-attack-lifecycle_y6jihp.png

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::604 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

1affb2fe850658cb761b63e174b7d93493d80e8bad793e81841472b2cf1fc8a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-request-id: 7eb739db36ed7e68ad94c6d05af271b2
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
etag: "ce03c965ab7940da414f06a5ad6c8abb"
x-content-type-options: nosniff
server-timing: cld-fastly;mitm=p;dur=321;cpu=1;start=2025-04-17T06:53:49.012Z;desc=miss,rtt;dur=53,content-info;desc="width=1000,height=89,bytes=10212,format=\"webp\",owidth=2475,oheight=220,obytes=185189,oformat=\"png\",crt=1744323388,ocrt=1744323343,ef=(1,13,17,97)",cloudinary;dur=75;start=2025-04-17T06:53:49.135Z
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/webp
content-disposition: inline; filename="teams-backdoor-attack-lifecycle_y6jihp.webp"
vary: Save-Data
last-modified: Thu, 10 Apr 2025 22:16:29 GMT
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=31536000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10212
server: Cloudinary

GET
H2 200 twitter-logo.svg
reliaquest.com/images/ 441 B
583 B 90ms
90ms Image
image/svg+xml 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://reliaquest.com/images/twitter-logo.svg

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/_astro/_slug_.C__SG9Bk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

4c4eefc55cae077458e9a8a5b3ca5692b2aa79de9d02cd86a146d620f4d5079f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Origin: https://reliaquest.com
Referer: https://reliaquest.com/_astro/_slug_.C__SG9Bk.css

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "bd333945ca700dcd50a2f4a744eae877-ssl"
age: 71958
accept-ranges: bytes
content-length: 441
x-nf-request-id: 01JS18CW3XVJZS1APVJXFHBW3Z
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/svg+xml
server: Netlify

GET
H2 200 facebook.svg
reliaquest.com/images/ 1 KB
594 B 91ms
90ms Image
image/svg+xml 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://reliaquest.com/images/facebook.svg

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

61ea329c09b4cc22cd4391b26ca2b66257eb824e590d4de2a760ccbfccf70bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "85f760243e83a8c0cb14bb5b6dae69e6-ssl-df"
age: 64063
accept-ranges: bytes
content-length: 463
x-nf-request-id: 01JS18CW47PF9PH576K8NG568Q
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: Netlify

GET
H2 200 twitter.svg
reliaquest.com/images/ 1 KB
659 B 92ms
91ms Image
image/svg+xml 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://reliaquest.com/images/twitter.svg

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

84d1a6377c22f7683a00d101a2a1ff90cf1eaf607128ce45a835a188e1dd10ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "9a9b6924938e3f3b5287518c5bcb1cef-ssl-df"
age: 64063
accept-ranges: bytes
content-length: 567
x-nf-request-id: 01JS18CW475DMFE53T3ZYTSFJ6
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: Netlify

GET
H2 200 linkedin.svg
reliaquest.com/images/ 1 KB
635 B 91ms
91ms Image
image/svg+xml 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://reliaquest.com/images/linkedin.svg

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

f524309c83549cab1b81b931d905888234eecf709e4aa0ade136daa5edbb5246

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "8cb29124d17423a14b84445e3eccbac5-ssl-df"
age: 64063
accept-ranges: bytes
content-length: 544
x-nf-request-id: 01JS18CW47ZF2YCY4KTCBBSKY4
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: Netlify

GET
H2 200 link.svg
reliaquest.com/images/ 2 KB
1 KB 92ms
91ms Image
image/svg+xml 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://reliaquest.com/images/link.svg

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

c81c322867056949b4836c5860843392b7da5dcb563ec2e99f8a5c05f7e74106

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "9db3911efa9e19184f9446839cac7b1e-ssl-df"
age: 64063
accept-ranges: bytes
content-length: 1012
x-nf-request-id: 01JS18CW47XPDXCNB4W2AQTNF7
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: Netlify

GET
H2 200 100124-Data-Exfiltration-blog-header-512x354%402x.png
resources.reliaquest.com/image/upload/c_thumb,w_752,h_368,f_webp,q_auto/v1742499759/ 17 KB
18 KB 330ms
329ms Image
image/webp 2a04:4e42:600::604
FASTLY

General

Check archive.org

Download Go to Show image

Full URL

https://resources.reliaquest.com/image/upload/c_thumb,w_752,h_368,f_webp,q_auto/v1742499759/100124-Data-Exfiltration-blog-header-512x354%402x.png

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/js/swiper-bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::604 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

6478d7608daafa08bbdf856a0f380cdd15b519faa1956e5d8a6ebce136385836

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-request-id: 0683963c6e11b6bd10d07db71370ce52
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
etag: "7a9d020d6bc52eb5862f396a08fa92d2"
x-content-type-options: nosniff
server-timing: cld-fastly;mitm=p;dur=282;cpu=0;start=2025-04-17T06:53:49.070Z;desc=miss,rtt;dur=53,content-info;desc="width=752,height=368,bytes=17704,format=\"webp\",owidth=512,oheight=354,obytes=241357,oformat=\"png\",crt=1744743814,ocrt=1742499759,ef=(1,13,17,23)",cloudinary;dur=36;start=2025-04-17T06:53:49.193Z
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/webp
content-disposition: inline; filename="100124-Data-Exfiltration-blog-header-512x354@2x.webp"
vary: Save-Data
last-modified: Tue, 15 Apr 2025 19:03:35 GMT
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=31536000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17704
server: Cloudinary

GET
H2 200 041525-Q1-25-Ransomware_-blog-header-512x354_2x_abtazr.png
resources.reliaquest.com/image/upload/c_thumb,w_752,h_368,f_webp,q_auto/v1744667780/ 17 KB
18 KB 49ms
49ms Image
image/webp 2a04:4e42:600::604
FASTLY

General

Check archive.org

Download Go to Show image

Full URL

https://resources.reliaquest.com/image/upload/c_thumb,w_752,h_368,f_webp,q_auto/v1744667780/041525-Q1-25-Ransomware_-blog-header-512x354_2x_abtazr.png

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/js/swiper-bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::604 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

9a6cd2d9067e171561bb497a8d8703192b0ecbc280292424499e4ea1d6e0cb41

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-request-id: 8975e108714ac1b38a1e1f98e64c2c1c
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
etag: "9e2bb6a85b50755d5a0d9f412075e658"
x-content-type-options: nosniff
server-timing: cld-fastly;mitm=p;dur=1;cpu=0;start=2025-04-17T06:53:49.070Z;desc=hit,rtt;dur=53,content-info;desc="width=752,height=368,bytes=17608,format=\"webp\",owidth=512,oheight=354,obytes=243999,oformat=\"png\",crt=1744669483,ocrt=1744667780,ef=(1,13,17,23)"
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/webp
content-disposition: inline; filename="041525-Q1-25-Ransomware_-blog-header-512x354_2x_abtazr.webp"
vary: Save-Data
last-modified: Mon, 14 Apr 2025 22:24:44 GMT
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=31536000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17608
server: Cloudinary

GET
H2 200 Anxun-blog-header-512x354%402x.png
resources.reliaquest.com/image/upload/c_thumb,w_752,h_368,f_webp,q_auto/v1725457406/ 77 KB
78 KB 405ms
405ms Image
image/webp 2a04:4e42:600::604
FASTLY

General

Check archive.org

Download Go to Show image

Full URL

https://resources.reliaquest.com/image/upload/c_thumb,w_752,h_368,f_webp,q_auto/v1725457406/Anxun-blog-header-512x354%402x.png

Requested by

Host: reliaquest.com
URL: https://reliaquest.com/js/swiper-bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::604 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

2df89f117e361eaf8511b7d8b1ad55cc939c13b920d22301e3b8809b32dd4432

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-request-id: 5ed0b7a390f43ec41e65c4bb41a12685
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
etag: "c1458d1faf0251c5d4b6cffbb4d849c4"
x-content-type-options: nosniff
server-timing: cld-fastly;mitm=p;dur=356;cpu=0;start=2025-04-17T06:53:49.070Z;desc=miss,rtt;dur=53,content-info;desc="width=752,height=368,bytes=79074,format=\"webp\",owidth=1025,oheight=709,obytes=1542486,oformat=\"png\",crt=1744407503,ocrt=1725457406,ef=(1,13,17,23)",cloudinary;dur=109;start=2025-04-17T06:53:49.195Z
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/webp
content-disposition: inline; filename="Anxun-blog-header-512x354@2x.webp"
vary: Save-Data
last-modified: Fri, 11 Apr 2025 21:38:24 GMT
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=31536000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 79074
server: Cloudinary

GET
H2 200 9d89db09-be43-47ea-ad23-917183e7e184.js Show response
j.6sc.co/j/ 4 KB
2 KB 956ms
721ms Script
application/javascript 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://j.6sc.co/j/9d89db09-be43-47ea-ad23-917183e7e184.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-46-10-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 945063ebf0d8666b48130934c6bfc0653210ae7d836fd985d3966efba08aa1a2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-amz-meta-content-type: application/json
cache-control: private, max-age=1800
content-encoding: gzip
etag: "b42798d5bff7ef62660f4db5bb3c6429"
x-amz-version-id: sxJBNdZM0KwPO0ekiHjaqh_8uY4ftINC
expires: Thu, 17 Apr 2025 07:23:50 GMT
accept-ranges: bytes
content-length: 1278
x-amz-cf-id: h21fbezxFU9ctxyXDl9LRzjleb11Vs8oAaMuzmmHzbkpTnTRf5jcUQ==
date: Thu, 17 Apr 2025 06:53:50 GMT
last-modified: Thu, 22 Jun 2023 20:33:18 GMT
x-amz-cf-pop: SYD62-P3
vary: Accept-Encoding
content-type: application/javascript
x-amz-server-side-encryption: AES256

POST
H3 200 collect
www.google.com/ccm/ 0
0 357ms
178ms Ping
text/plain 173.194.174.147
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=2019148310.1744872830&dt=Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest&auid=155970935.1744872830&navt=n&npa=0&gtm=45He54f1v72282274za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&tft=1744872829617&tfd=1607&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 173.194.174.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: td-in-f147.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 490 KB
154 KB 233ms
233ms Script
application/javascript 2404:6800:4008:c06::61
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c&gtm=45He54f1v72282274za200&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4008:c06::61 Taipei, Taiwan, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6f0ebc365c33bd9775f7bea1b63634705de9da20cc84cf6658b42d523210457a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
expires: Thu, 17 Apr 2025 06:53:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
content-length: 157009
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 bat.js Show response
bat.bing.com/ 51 KB
15 KB 326ms
162ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

759043dafa55d63c0788faf5611e14607e598d740d5bc64ecc772d841014d04c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "02e6b8458a2db1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 41ACE58D81524DF5A9D50910BF6A63FF Ref B: PER311000106019 Ref C: 2025-04-17T06:53:49Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14711
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: application/javascript
last-modified: Mon, 31 Mar 2025 16:18:20 GMT
vary: Accept-Encoding

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
15 KB 374ms
124ms Script
application/javascript 2600:1415:5400:4::17d3:f255
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1415:5400:4::17d3:f255 Silverdale, New Zealand, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

01d3c44791671916a95a17e3810a0bbb0817110f01c035d6e0faadcbcc581d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=86400
content-encoding: gzip
x-cdn-proto: HTTP2
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
content-length: 14637
date: Thu, 17 Apr 2025 06:53:49 GMT
last-modified: Wed, 22 Jan 2025 19:41:57 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 mptq0mnjda Show response
www.clarity.ms/tag/ 725 B
1 KB 685ms
531ms Script
application/x-javascript 2620:1ec:bdf::31
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://www.clarity.ms/tag/mptq0mnjda
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e35a35f4cede02601f2c0561124a42020f13d11c7a464ca1a99b9aa95f8f5048

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 725
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: application/x-javascript
x-azure-ref: 20250417T065349Z-16f468986578pm7bhC1PERx3t400000004n000000000403z

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 312ms
94ms Script
application/javascript 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-46-10-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 91c20c70d36b608cf919e894b0ac9e32298d6b3ac3ca59c45a85e7c44161d170

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

content-type: application/javascript
cache-control: private, max-age=10800
content-encoding: gzip
x-amz-version-id: P3wU2zsFsU_YKU_VzrjthagDfojxxkBN
etag: W/"bc32411fd6fa348d8203d2f26dd9866d"
expires: Thu, 17 Apr 2025 09:53:49 GMT
content-length: 18919
x-amz-cf-id: 09lTcR8KCNE3592R9KLrhW6cz6Q4GeRwJXflnp2Z0GSH4heOqRM2Hw==
date: Thu, 17 Apr 2025 06:53:49 GMT
last-modified: Wed, 19 Feb 2025 12:59:27 GMT
vary: accept-encoding
x-amz-cf-pop: SYD62-P3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK tag.js Show response
abm-tracking.demandscience.com/ 2 KB
2 KB 862ms
239ms Script
application/javascript 52.32.164.86
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://abm-tracking.demandscience.com/tag.js
Requested by: Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 1885fa140df271c97bf904d43f5385b84aa7458ff60cc20dae89ca4e9df959d9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

Cache-Control: public, max-age=0
ETag: W/"879-19321dea034"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2169
Date: Thu, 17 Apr 2025 06:53:50 GMT
Content-Type: application/javascript; charset=UTF-8
X-Powered-By: Express
Server: nginx/1.18.0 (Ubuntu)
Last-Modified: Tue, 12 Nov 2024 19:34:18 GMT

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 10 KB
3 KB 120ms
62ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d581cc39dc84ae297440f3327f49cecd4b0cdf50db2879da4bbd105bdd8c11de

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: hbDz4uc1lEzY2mxiKEJRc5JZqpDSNRu4
etag: W/"04771ec158d0f3a267e486b68f795399"
age: 13667
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Zf5mDhRJq--_dyYS5Bwc3CMSl8rJvVvwpjI-gsDajVbxnxwbFb2vtQ==
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: application/javascript
last-modified: Tue, 25 Mar 2025 08:56:57 GMT
vary: Accept-Encoding
priority: u=3,i=?0
server-timing: cfExtPri
via: 1.1 a761e1b54dda26b6d5a3979697ced3e6.cloudfront.net (CloudFront)
cf-ray: 931a01f1abad8acd-PER
x-amz-cf-pop: PER50-P1
server: cloudflare

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 535ms
96ms Script
application/x-javascript 23.46.35.227
AKAMAI-AS

General

Check archive.org

Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: reliaquest.com
URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.35.227 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-46-35-227.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 081ad4206bfeb1950c8382b5bc32aac31c4698598563d87080ee67a8fc5318d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

Content-Encoding: gzip
ETag: "0c131de2a0d8f1ba69eab7f6866c84dd:1736217492.752819"
Connection: keep-alive
Accept-Ranges: bytes
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length: 729
Date: Thu, 17 Apr 2025 06:53:50 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 07 Jan 2025 02:38:12 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 monsido-script.js Show response
app-script.monsido.com/v2/ 8 KB
3 KB 303ms
86ms Script
text/javascript 2600:1901:0:22e6::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://app-script.monsido.com/v2/monsido-script.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:22e6:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 64e8ce58f2d8ee4332cc27fcb759c31013f418b6523586b6441fd2f097107b35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=mS4qpw==, md5=UV9hKAQZlWOyRLUXhAbG3g==
etag: "515f612804199563b244b5178406c6de"
age: 26
x-goog-stored-content-encoding: gzip
expires: Thu, 17 Apr 2025 06:58:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2757
date: Thu, 17 Apr 2025 06:53:23 GMT
last-modified: Wed, 26 Mar 2025 09:14:03 GMT
content-type: text/javascript
vary: Accept-Encoding
x-guploader-uploadid: AKDAyItQe9xAejjLgJaQQzMQvjMjKO6lTPJoCspoOmYhIsupC1Us31qCNHqVp4ljwyd6WIE_DhCzutE
cache-control: public, max-age=300
x-goog-storage-class: STANDARD
accept-ranges: bytes
x-goog-generation: 1742980443566879
content-length: 2757
server: UploadServer

GET
H2 200 sw_iframe.html Show response
www.googletagmanager.com/static/service_worker/54a0/ Frame 3AD4 3 KB
2 KB 634ms
213ms Document
text/html 2404:6800:4008:c06::61
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/54a0/sw_iframe.html?origin=https%3A%2F%2Freliaquest.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4008:c06::61 Taipei, Taiwan, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d36b373b44b77f016e4b7df913ba2da2a8025456f016bc794861f210c0e3ada3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1482
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 17 Apr 2025 06:53:50 GMT
expires: Fri, 17 Apr 2026 06:53:50 GMT
last-modified: Thu, 10 Apr 2025 08:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 favicon-RGB-50x50.webp
reliaquest.com/ 516 B
616 B 90ms
90ms Other
image/webp 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://reliaquest.com/favicon-RGB-50x50.webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

6f4fb1d5e60d18895bc5b6a9e0bb163c3db19a85cdc9c6c30cf7c72e1474cb0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "de7f130f32b4b2a3ba1ee73367ea18b2-ssl"
age: 36946
accept-ranges: bytes
content-length: 516
x-nf-request-id: 01JS18CWR0EYABW90M9S6ZJ5QW
cache-status: "Netlify Edge"; hit
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: image/webp
server: Netlify

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
611 B 266ms
266ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 79ec3d2f0c2b43edb4f2a5df5864968e103b0231bd25cd0e1dc39ac0ee3b4c22

Request headers

Authorization: Bearer 28bfd1c1ea1670271003
Referer: https://reliaquest.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"cb-IEzxg47mRchSjF52l3vXUYQITr0"
apigw-requestid: JJ7LxjKTvHcES6Q=
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: wy4k-0Sg-0kzVU4qj8_s6WcEgbaisdvusI05Mi-FebTaj5dLx-WcHg==
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: application/json; charset=utf-8
vary: Origin
priority: u=1,i
server-timing: cfExtPri
via: 1.1 4bf4ca6ab9d1b1c88e9c8f9f2ab336ec.cloudfront.net (CloudFront)
cf-ray: 931a01f3fc9f2d53-PER
access-control-allow-origin: https://reliaquest.com
x-amz-cf-pop: PER50-P1
x-powered-by: Express
server: cloudflare

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 299ms
249ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://reliaquest.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: JJ7Lviu6vHcESOQ=
cf-cache-status: DYNAMIC
cf-ray: 931a01f26b9f2d53-PER
date: Thu, 17 Apr 2025 06:53:50 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
vary: Origin
via: 1.1 3789f11eb8ca21735d306a8e121922a8.cloudfront.net (CloudFront)
x-amz-cf-id: dN3874JcS7X9c1j2Sb0_pAFoCMiHKFXsusexzblRf8LSF0PuBlfgBg==
x-amz-cf-pop: PER50-P1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 134470029.js Show response
bat.bing.com/p/action/ 7 KB
3 KB 159ms
159ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL

https://bat.bing.com/p/action/134470029.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

544e7155bbb9836cb695cef7641727272a272ecbe258da7a7d0fb07f560459f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=60
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4DCCA193FBF44F1A3807E6CF0C52166 Ref B: PER311000106019 Ref C: 2025-04-17T06:53:49Z
x-cache: CONFIG_NOCACHE
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
765 B 475ms
310ms XHR
application/json 2620:1ec:50::12
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3664348&time=1744872830026&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:50::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Accept: *
Referer: https://reliaquest.com/

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 000632f3dd3b09bf12bdaa8f24059ef4
x-msedge-ref: Ref A: 1A86FA85D2DA4CD399E5241D5AD43DE4 Ref B: PER311000105049 Ref C: 2025-04-17T06:53:50Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYy8907Cb8SvaqPJAWe9A==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 17 Apr 2025 06:53:49 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-h...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-h...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3664348%26time%3D1744872830026%26li_adsId%3D79dbb50b-e934-4e74-9f41-c0e428e1106f%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-h...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-...

0
489 B

422ms
264ms

Image
application/javascript

150.171.22.14
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&cookiesTest=true&liSync=true&e_ipv6=AQJyWKHBasqmZgAAAZZChnkc3TJWtrcPhZXnxLvXGPRC0Kwo_KAudcCEpXQkLlooPbooMjY
Protocol: H2
Server: 150.171.22.14 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BB3F3E1346294F1FA80F05C7C4B04B20 Ref B: PER311000103025 Ref C: 2025-04-17T06:53:51Z
x-li-fabric: prod-lor1
x-li-uuid: AAYy891Pa9lKLBryp76zqg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1744872830026&li_adsId=79dbb50b-e934-4e74-9f41-c0e428e1106f&url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&cookiesTest=true&liSync=true&e_ipv6=AQJyWKHBasqmZgAAAZZChnkc3TJWtrcPhZXnxLvXGPRC0Kwo_KAudcCEpXQkLlooPbooMjY
x-msedge-ref: Ref A: 0D5EA28898974F26AFA3B953D8AB4DFA Ref B: PER311000106045 Ref C: 2025-04-17T06:53:51Z
x-li-fabric: prod-lor1
x-li-uuid: AAYy891I6IRfU9vud95jFg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 17 Apr 2025 06:53:50 GMT

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
702 B 919ms
274ms XHR
application/json 103.43.91.249
ASN-APPNEX

General

Check archive.org

Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.91.249 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1028.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 103.108.231.103; 103.108.231.103; 1028.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://reliaquest.com
an-x-request-uuid: f1ca6da0-788e-4023-a9d5-443616e47492
content-length: 11
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Thu, 17 Apr 2025 06:53:50 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
c.6sc.co/ 7 B
192 B 126ms
102ms XHR
text/html 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-46-10-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://reliaquest.com
content-length: 7
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
307 B 289ms
94ms XHR
text/html 2600:1415:9c00:9::1730:f7e9
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1415:9c00:9::1730:f7e9 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: /
Resource Hash: 0361db4e9ad2cdc0b96a938c1213620074d3b68342309e9de080edb4c9c7c044

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2404:f780:8:dee::2e
expires: Thu, 17 Apr 2025 06:53:50 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1744872830183_388936903_152049704_14_590_92_95_219";dur=1
access-control-allow-origin: https://reliaquest.com
content-length: 19
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: text/html
vary: Origin

POST
H2 204 collect
analytics.google.com/g/ 0
0 511ms
175ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-G6184BWDDN&gtm=45je54f1v871663715z872282274za200zb72282274&_p=1744872828265&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&cid=1670261853.1744872830&ecid=129975405&ul=en-au&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_z=1-00~2-00~3-00~4-00~7-00~8-00~9-00~6-00~5-00&ec_mode=a&_eu=EA&_s=1&sid=1744872830&sct=1&seg=0&dl=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&dt=Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest&en=page_view&_fv=1&_nsi=1&_ss=1&ep.debug_mode=true&tfd=2117
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c&gtm=45He54f1v72282274za200&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
report-to: {"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reliaquest.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:153:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
556 B 651ms
216ms Ping
text/plain 2404:6800:4008:c07::9c
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-G6184BWDDN&cid=1670261853.1744872830&gtm=45je54f1v871663715z872282274za200zb72282274&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c&gtm=45He54f1v72282274za200&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4008:c07::9c Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:122:0
report-to: {"group":"ascnsrsggc:122:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:122:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://reliaquest.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:122:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul Show response
td.doubleclick.net/td/ga/ Frame AC69 13 B
496 B 646ms
216ms Document
text/html 2404:6800:4008:c00::9b
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-G6184BWDDN&gacid=1670261853.1744872830&gtm=45je54f1v871663715z872282274za200zb72282274&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&z=871402166

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c&gtm=45He54f1v72282274za200&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4008:c00::9b Taipei, Taiwan, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reliaquest.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 17 Apr 2025 06:53:50 GMT
expires: Thu, 17 Apr 2025 06:53:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ga-audiences
www.google.com.au/ads/ 42 B
63 B 356ms
179ms Image
image/gif 108.177.97.94
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-G6184BWDDN&cid=1670261853.1744872830&gtm=45je54f1v871663715z872282274za200zb72282274&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&z=1866131734

Protocol

Security

QUIC, , AES_128_GCM

Server

108.177.97.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tm-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 17 Apr 2025 06:53:50 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 134470029 Show response
www.clarity.ms/tag/uet/ 865 B
1 KB 548ms
547ms Script
application/x-javascript 2620:1ec:bdf::31
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://www.clarity.ms/tag/uet/134470029?insights=1
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/134470029.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 963045a7c4d95971f0ae1c35aa10fd78779ae276b2e64fd05b10db0a9efbb964

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 865
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: application/x-javascript
x-azure-ref: 20250417T065350Z-16f468986578pm7bhC1PERx3t400000004n0000000004040

GET
H2 204 0
bat.bing.com/action/ 0
361 B 163ms
163ms Image
text/plain 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=134470029&tm=gtm002&Ver=2&mid=81088574-ab3f-44a0-ac6b-4a857bdf4a07&bo=1&sid=b7b94a001b5811f0bbc7df2e324a4bbe&vid=b7b94e801b5811f0859203e1c499cb1f&vids=1&msclkid=N&pi=918639831&lg=en-AU&sw=1600&sh=1200&sc=24&tl=Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest&p=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&r=&lt=1584&evt=pageLoad&sv=1&cdb=AQAQ&rn=917505

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0B0ED02F858D42279EB23C7532BC9610 Ref B: PER311000106019 Ref C: 2025-04-17T06:53:50Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 17 Apr 2025 06:53:50 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/164/ 11 KB
5 KB 93ms
93ms Script
application/x-javascript 23.46.35.227
AKAMAI-AS

General

Check archive.org

Download Go to

Full URL: https://munchkin.marketo.net/164/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.35.227 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-46-35-227.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "756f9116836f579d12be8fe786b69d98:1726632111.60799"
Connection: keep-alive
Expires: Sat, 26 Jul 2025 06:53:50 GMT
Accept-Ranges: bytes
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length: 4843
Date: Thu, 17 Apr 2025 06:53:50 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Sep 2024 04:01:51 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 298ms
293ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A50%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:50 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 295ms
291ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2017%20Apr%202025%2006%3A53%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22cdfe02635f87832f7fb37442e2a57166%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2017%20Apr%202025%2006%3A53%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2017%20Apr%202025%2006%3A53%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2017%20Apr%202025%2006%3A53%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:50 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif

POST
H/1.1 200
OK visitWebPage
438-kyk-786.mktoresp.com/webevents/ 2 B
318 B 1465ms
315ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Download Go to

Full URL: https://438-kyk-786.mktoresp.com/webevents/visitWebPage?_mchNc=1744872830294&_mchCn=&_mchId=438-KYK-786&_mchTk=_mch-reliaquest.com-ed9494065815a34c914837cf6defc559&_mchHo=reliaquest.com&_mchPo=&_mchRu=%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&_mchPc=https%3A&_mchVr=164&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/164/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

Transfer-Encoding: chunked
X-Request-Id: 219873ce-b68d-40e7-b53b-4fe337051a79
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Thu, 17 Apr 2025 06:53:51 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.8.1/ 70 KB
29 KB 95ms
95ms Script
application/javascript 2620:1ec:bdf::31
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://www.clarity.ms/s/0.8.1/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/mptq0mnjda
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 2e914ba245ff42449ed9ad8103d185ec7f8ddf5896a1b1a1b9c0a5427893c420

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-azure-ref: 20250417T065350Z-16f468986578pm7bhC1PERx3t400000004n0000000004041
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DD6722E0B7F6F4"
x-fd-int-roxy-purgeid: 79034942
x-ms-request-id: 79e1b74c-701e-0001-2247-ac7107000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 19 Mar 2025 20:16:05 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=EADC807BADFD4629974692192FCAE254&RedC=c.clarity.ms&MXFR=0C05D96AF30D6362008ECCBBF70D6DCA
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=EADC807BADFD4629974692192FCAE254&MUID=07829405D70A679D24EB81D4D696668A

42 B
465 B

154ms
153ms

Image
image/gif

52.231.230.148
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=EADC807BADFD4629974692192FCAE254&MUID=07829405D70A679D24EB81D4D696668A
Protocol: H2
Server: 52.231.230.148 Busan, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
etag: "ee3ddb8c3a9db1:0"
accept-ranges: bytes
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 42
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif
last-modified: Wed, 09 Apr 2025 03:57:45 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

Redirect headers

cache-control: private, no-cache, proxy-revalidate, no-store
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=EADC807BADFD4629974692192FCAE254&MUID=07829405D70A679D24EB81D4D696668A
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 87E0A9C597A347EC93BF49CD704B77FB Ref B: PER311000106019 Ref C: 2025-04-17T06:53:50Z
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 0
date: Thu, 17 Apr 2025 06:53:50 GMT
x-powered-by: ASP.NET

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 49 KB
15 KB 277ms
130ms Script
application/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=A2aW0Q==, md5=JRurSHzL3UB0yE1Wjm0Zqg==
cf-cache-status: DYNAMIC
etag: W/"251bab487ccbdd4074c84d568e6d19aa"
age: 3478
content-encoding: gzip
x-goog-stored-content-encoding: identity
expires: Thu, 17 Apr 2025 06:55:52 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 50634
server-timing: cfExtPri
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: application/javascript
last-modified: Wed, 06 Nov 2024 05:44:23 GMT
priority: u=3,i=?0
x-guploader-uploadid: AKDAyItd1556n98mijKCMv52SzEM7_383ESYcIT4zh_tqjdA5jl0SQbEW4OkF0YAO2Zxlkpp
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
cf-ray: 931a01f68ece6e81-PER
x-goog-generation: 1730871862939881
server: cloudflare

GET
H3 200 / Show response
ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/ 3 KB
2 KB 520ms
471ms Fetch
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

de08114f8ba4eb82e27381deca75936cd5da75a1d9a8939e4c51a20dd79e1868

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: f33cd2eda457e35651c11744872830
_vtok: MTAzLjEwOC4yMzEuMTAz
visited-url: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
Referer: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: text/javascript
vary: Accept-Encoding
priority: u=1,i
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url,evi
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 931a01f988bbb624-PER
access-control-allow-origin: https://reliaquest.com
x-powered-by: Express
server: cloudflare

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/ Frame 0
0 571ms
424ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url,evi
access-control-allow-origin: https://reliaquest.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 931a01f68c2295b0-PER
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 17 Apr 2025 06:53:50 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 288ms
288ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=ipv6&q=%7B%22address%22%3A%222404%3Af780%3A8%3Adee%3A%3A2e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&ipv6=2404%3Af780%3A8%3Adee%3A%3A2e&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:50 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif

OPTIONS
H2 200 site-visitors
intentstream.contanuity.com/api/ Frame 0
0 1116ms
238ms Preflight 44.226.187.177
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-reliaquest

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-pixel-auth
Access-Control-Request-Method: GET
Origin: https://reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods: GET
access-control-allow-origin: https://reliaquest.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Thu, 17 Apr 2025 06:53:51 GMT
server: nginx
strict-transport-security: max-age=15724800; includeSubdomains

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
14 KB 160ms
55ms Script
application/javascript 2606:4700::6812:ba1f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
age: 26448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xStloqzpsGFn0gHCONv324i8LhtK%2F4eY98D0nOGukvqoYMs3dqQZte9gDbd%2Bk2Ix99lo3XZiCdE%2FvUi5yPXjNk1Pe0ZGbeemA6QWTW14bSvYDZWLB6GSwgjyb8GyKpGO8HYckEtBjMA%2FXq01l%2BQ%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220049-FRA, cache-lga21937-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 931a01f7995d8647-PER
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13749
server: cloudflare
x-jsd-version: 3.4.2

GET
H2 200 site-visitors Show response
intentstream.contanuity.com/api/ 72 B
328 B 242ms
242ms Fetch
application/json 44.226.187.177
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-reliaquest

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

8a7e0564dc2bfeceb4adead8bb3ec37213b5dcb0fdfcafc6de9aa2298b5d348c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
x-pixel-auth: true
Referer: https://reliaquest.com/

Response headers

strict-transport-security: max-age=15724800; includeSubdomains
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: https://reliaquest.com
content-length: 72
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: application/json; charset=utf-8
vary: origin
server: nginx

POST
H/1.1 204
No Content collect Show response
f.clarity.ms/ 0
278 B 1281ms
688ms XHR
text/plain 51.8.44.252
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://f.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.8.1/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.44.252 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://reliaquest.com/

Response headers

Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
Access-Control-Allow-Origin: https://reliaquest.com
Date: Thu, 17 Apr 2025 06:53:51 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
701 B 649ms
260ms XHR
application/json 103.43.91.249
ASN-APPNEX

General

Check archive.org

Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.91.249 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1028.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 103.108.231.103; 103.108.231.103; 1028.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://reliaquest.com
an-x-request-uuid: 5064fa01-d62c-4ff4-9547-b9f7fc7bc764
content-length: 11
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Thu, 17 Apr 2025 06:53:51 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
c.6sc.co/ 7 B
192 B 116ms
115ms XHR
text/html 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-46-10-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://reliaquest.com
content-length: 7
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 308ms
307ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:50 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 309ms
308ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:50 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 311ms
310ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:50 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 292ms
292ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:50 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 288ms
288ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:50 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 294ms
294ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:51 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 289ms
287ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:51 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 289ms
288ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:51 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 289ms
289ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:51 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 288ms
287ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:51 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 290ms
289ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:51 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 312ms
312ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:51 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H2 200 heatmaps.js Show response
heatmaps.monsido.com/v1/ 8 KB
3 KB 274ms
86ms Script
text/javascript 2600:1901:0:476d::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://heatmaps.monsido.com/v1/heatmaps.js
Requested by: Host: app-script.monsido.com
URL: https://app-script.monsido.com/v2/monsido-script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:476d:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: UploadServer /
Resource Hash: df3bc31eb27cba101d7e3918ebd94dc5ba21065e91983d1d55a67e9a621aaaec

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
content-encoding: gzip
x-goog-hash: crc32c=h5STrg==, md5=79wtygJXBwjKOD8g5cWnAQ==
etag: "efdc2dca02570708ca383f20e5c5a701"
age: 203
x-goog-stored-content-encoding: gzip
expires: Thu, 17 Apr 2025 06:55:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2899
date: Thu, 17 Apr 2025 06:50:28 GMT
last-modified: Tue, 17 Dec 2024 09:20:05 GMT
content-type: text/javascript
vary: Accept-Encoding
x-guploader-uploadid: AKDAyIuuJsGNZCdR4wWN-B3MJQfwS7J_iafnPlRZi8FpLrpEve82KS6RidsDLu0fNaZHVAmB
cache-control: public, max-age=300
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1734427205259909
content-length: 2899
server: UploadServer

GET
H2 200 /
tracking.monsido.com/ 43 B
196 B 318ms
101ms Image
image/gif 2600:1901:0:891c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to Show image

Full URL: https://tracking.monsido.com/?a=rWMwifnQrMCTDU_wjfSDcw&b=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&c=0D31744872830570&d=1600x1200&f=9661744872830571&h=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:891c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

via: 1.1 google
expires: 2025-04-17T06:53:51Z
cache-control: private, no-store, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H2 200 / Show response
c.6sc.co/ 7 B
192 B 205ms
93ms XHR
text/html 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-46-10-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://reliaquest.com
content-length: 7
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
306 B 94ms
93ms XHR
text/html 2600:1415:9c00:9::1730:f7e9
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1415:9c00:9::1730:f7e9 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: /
Resource Hash: 0361db4e9ad2cdc0b96a938c1213620074d3b68342309e9de080edb4c9c7c044

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2404:f780:8:dee::2e
expires: Thu, 17 Apr 2025 06:53:50 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1744872830619_388936903_152051617_11_585_92_0_219";dur=1
access-control-allow-origin: https://reliaquest.com
content-length: 19
date: Thu, 17 Apr 2025 06:53:50 GMT
content-type: text/html
vary: Origin

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 445ms
445ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://reliaquest.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 931a01f7bd8c95b0-PER
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 17 Apr 2025 06:53:51 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 3 KB
1 KB 438ms
438ms Fetch
application/json 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d8c8d8b2f12630cba1cbb2539cfad5fb0ca7152218553635bf4d7cd3f559d5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Authorization: bearer 8ad2d798eb60be1b73f09dfc94ae0d
Referer: https://reliaquest.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"c44-a2CS91tDiKEn+Z3gSlMCpktGAzg"
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
priority: u=1,i
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 931a01fa8a14b624-PER
access-control-allow-origin: https://reliaquest.com
x-powered-by: Express
server: cloudflare

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 754 B
657 B 647ms
271ms XHR
application/json 99.83.231.3
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: 756cc90549e9598e1216ab6e87c208758c32e10c6a08779db8fc0862f4cfb72b

Request headers

Authorization: Token 5f27aa2807b5216b6b87511c46db116091ad7f0c
X-6s-CustomID: WebTag 9d89db09-be43-47ea-ad23-917183e7e184
Referer: https://reliaquest.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://reliaquest.com
content-length: 399
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: application/json
vary: Origin, Accept-Encoding

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 642ms
215ms Preflight 99.83.231.3
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://reliaquest.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Thu, 17 Apr 2025 06:53:51 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H/1.1 200
OK https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F Show response
abm-tracking.demandscience.com/page-tracking/demandscience-reliaquest/ 2 B
665 B 239ms
239ms Script
application/json 52.32.164.86
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://abm-tracking.demandscience.com/page-tracking/demandscience-reliaquest/https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F?visitorId=e04b0966b3ab4fe5d651dbab29769c1a_1744872830774&&clientId=DS&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate
Pragma: no-cache
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Expires: -1
Access-Control-Allow-Origin: *
Content-Length: 2
Date: Thu, 17 Apr 2025 06:53:51 GMT
Content-Type: application/json; charset=utf-8
X-Powered-By: Express
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 287ms
287ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A50%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&ipv6=2404%3Af780%3A8%3Adee%3A%3A2e&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:51 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: image/gif

GET
H3 200 rWMwifnQrMCTDU_wjfSDcw.json Show response
heatmaps.monsido.com/v1/settings/ 130 B
159 B 342ms
254ms XHR
application/json 34.98.91.45
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://heatmaps.monsido.com/v1/settings/rWMwifnQrMCTDU_wjfSDcw.json
Requested by: Host: heatmaps.monsido.com
URL: https://heatmaps.monsido.com/v1/heatmaps.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.91.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 45.91.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: df2f43db76556733c351f904a1706450542851519ab8bfe5ba7215d2f8775f73

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=4cp9pQ==, md5=VuYM1KXqD/YK2P2iPbWRIA==
etag: "56e60cd4a5ea0ff60ad8fda23db59120"
age: 0
x-goog-stored-content-encoding: identity
expires: Thu, 17 Apr 2025 06:58:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 130
date: Thu, 17 Apr 2025 06:53:51 GMT
last-modified: Wed, 16 Apr 2025 14:22:34 GMT
content-type: application/json
x-guploader-uploadid: AKDAyIsZqbYwzmZneg1CsqiAAyeI2MRXfFqxM9Pe4UNBtphy81PTfODgyp_YefLiRKhqXpcH
cache-control: public, max-age=300
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1744813354062834
content-length: 130
server: UploadServer

GET
H/1.1 200
OK tracking Show response
tracking.contanuity.com/ 2 B
762 B 1043ms
237ms Script
application/json 54.203.236.163
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tracking.contanuity.com/tracking?visitorId=e04b0966b3ab4fe5d651dbab29769c1a_1744872830774&&clientId=DS&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate
Pragma: no-cache
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Expires: -1
Access-Control-Allow-Origin: *
Content-Length: 2
Date: Thu, 17 Apr 2025 06:53:52 GMT
Content-Type: application/json; charset=utf-8
X-Powered-By: Express
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization

GET
BLOB 200
OK e437e512-1b5b-496d-b0dc-25247c826253 Show response
https://reliaquest.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Download Go to

Full URL: blob:https://reliaquest.com/e437e512-1b5b-496d-b0dc-25247c826253
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de08114f8ba4eb82e27381deca75936cd5da75a1d9a8939e4c51a20dd79e1868

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 3457

POST
H/1.1 204
No Content collect Show response
f.clarity.ms/ 0
278 B 297ms
295ms XHR
text/plain 51.8.44.252
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://f.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.8.1/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.44.252 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://reliaquest.com/

Response headers

Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
Access-Control-Allow-Origin: https://reliaquest.com
Date: Thu, 17 Apr 2025 06:53:51 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 271ms
270ms XHR
text/plain 2620:1ec:50::12
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:50::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reliaquest.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 23E7B88C2A4A445F9FD91E3C8F29CB88 Ref B: PER311000106045 Ref C: 2025-04-17T06:53:51Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYy891TmpwzS2LzkAj5nw==
x-li-proto: http/2
access-control-allow-origin: https://reliaquest.com
x-cache: CONFIG_NOCACHE
date: Thu, 17 Apr 2025 06:53:51 GMT
vary: Origin

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 236 KB
82 KB 212ms
212ms Script
application/javascript 142.250.204.8
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KFM7P3KL

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.204.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

57987d349c45e4901d3e0b472b172da204221954980b48da3755717d841e5c1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1297:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1297:0"}],}
expires: Thu, 17 Apr 2025 06:53:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 17 Apr 2025 06:53:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 17 Apr 2025 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1297:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1297:0
content-length: 84009
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
199 B 296ms
296ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A51%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&ipv6=2404%3Af780%3A8%3Adee%3A%3A2e&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:52 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:52 GMT
content-type: image/gif

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 386ms
97ms Script
text/javascript 2404:6800:4006:814::200e
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:814::200e Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

content-encoding: gzip
age: 1520
report-to: {"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 08:28:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 17 Apr 2025 06:28:32 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:225:0
content-length: 20994
server: Golfe2

GET

usersync
tracking.contanuity.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=e04b0966b3ab4fe5d651dbab29769c1a_1744872830774
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=e04b0966b3ab4fe5d651dbab29769c1a_1744872830774&_bee_ppp=1
https://tracking.contanuity.com/usersync?bwcookie=AAFCuk7QAUsAABuca0N3kg

0
0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
451 B 193ms
193ms XHR
text/plain 2404:6800:4006:814::200e
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1434986472&t=event&ni=1&_s=1&dl=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&ul=en-au&de=UTF-8&dt=Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=YADAAAABAAAAACAAI~&jid=1999184177&gjid=347564140&cid=1670261853.1744872830&tid=UA-10904891-3&_gid=1514282872.1744872832&_r=1&_slc=1&gtm=45He54f1n71NPQTDRv72282274za200&cd1=&cd2=&cd3=Australia&cd5=&cd7=&gcd=13l3l3l3l1l1&dma=0&tag_exp=102509683~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&z=746483833

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:814::200e Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://reliaquest.com/

Response headers

report-to: {"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 17 Apr 2025 06:53:52 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://reliaquest.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:175:0
content-length: 3
server: Golfe2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
201 B 293ms
293ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A52%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&ipv6=2404%3Af780%3A8%3Adee%3A%3A2e&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:53 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:53 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
201 B 286ms
285ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A53%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&ipv6=2404%3Af780%3A8%3Adee%3A%3A2e&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:54 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:54 GMT
content-type: image/gif

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
201 B 286ms
286ms Image
image/gif 23.46.10.227
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A54%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&ipv6=2404%3Af780%3A8%3Adee%3A%3A2e&v=1.1.31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.227 , United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-227.deploy.static.akamaitechnologies.com

Software

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Referer: https://reliaquest.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 17 Apr 2025 06:53:55 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 17 Apr 2025 06:53:55 GMT
content-type: image/gif

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tracking.contanuity.com
URL: https://tracking.contanuity.com/usersync?bwcookie=AAFCuk7QAUsAABuca0N3kg

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=39ffb688-acfa-4c80-8f42-9449e5af149e&session=5c121886-edef-4bb2-848d-9eb36dd7941c&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2017%20Apr%202025%2006%3A53%3A55%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Phishing%20through%20Microsoft%20Teams%3F%20Get%20insights%20on%20a%20new%20backdoor%20and%20persistence%20technique%20discovered%20by%20ReliaQuest%20and%20learn%20how%20to%20defend%20against%20these%20tactics.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Spotlight%3A%20Hijacked%20and%20Hidden%3A%20New%20Backdoor%20and%20Persistence%20Technique%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique%2F&pageViewId=1d9e2ec3-fc3d-4306-8a20-3c497d255457&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&ipv6=2404%3Af780%3A8%3Adee%3A%3A2e&v=1.1.31

Verdicts & Comments Add Verdict or Comment

108 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reliaquest.com/	1970-01-21 06:50:48	Name: _gcl_au Value: 1.1.155970935.1744872830
.reliaquest.com/	1970-01-21 04:42:39	Name: _uetsid Value: b7b94a001b5811f0bbc7df2e324a4bbe
.reliaquest.com/	1970-01-21 14:02:48	Name: _uetvid Value: b7b94e801b5811f0859203e1c499cb1f
reliaquest.com/	1970-01-21 14:17:12	Name: _gd_visitor Value: 39ffb688-acfa-4c80-8f42-9449e5af149e
reliaquest.com/	1970-01-21 04:41:27	Name: _gd_session Value: 5c121886-edef-4bb2-848d-9eb36dd7941c
.reliaquest.com/	1970-01-21 14:17:12	Name: _mkto_trk Value: id:438-KYK-786&token:_mch-reliaquest.com-ed9494065815a34c914837cf6defc559
.reliaquest.com/	1970-01-21 13:26:48	Name: _zitok Value: f33cd2eda457e35651c11744872830
.bing.com/	1970-01-21 14:02:48	Name: MUID Value: 07829405D70A679D24EB81D4D696668A
.bat.bing.com/	1970-01-21 04:51:17	Name: MR Value: 0
.reliaquest.com/	1970-01-21 13:26:48	Name: _clck Value: 121c54h%7C2%7Cfv5%7C0%7C1933
.linkedin.com/	1970-01-21 06:50:48	Name: li_sugr Value: 994d94c2-92df-41ec-8c82-40a4b16594b5
.linkedin.com/	1970-01-21 13:26:48	Name: bcookie Value: "v=2&5315da7b-a301-45d0-8612-b9a12fe7588d"
.linkedin.com/	1970-01-21 04:42:39	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3490:u=1:x=1:i=1744872830:t=1744959230:v=2:sig=AQEomvdHD9jhTQPO7Lf9lf222d987tWN"
reliaquest.com/	1970-01-21 05:24:24	Name: monsido Value: 0D31744872830570
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: rLBiZZ5_3D7SyQSL40u3WAUK_Ux.W1egq4ktXFMOebA-1744872830569-0.0.1.1-604800000
www.clarity.ms/	1970-01-21 13:26:48	Name: CLID Value: 53cb68e1c2df4451bd6787c73dc67025.20250417.20260417
.linkedin.com/	1970-01-21 05:24:24	Name: UserMatchHistory Value: AQI_PkbJqdNYdAAAAZZChnaZj8h1e1dHMdwdmCTVS-JTxbja7nobNngu1dplrlMsIcjzvV-vvY_AUg
.linkedin.com/	1970-01-21 05:24:24	Name: AnalyticsSyncHistory Value: AQI281vwlpyj7gAAAZZChnaZTX5w51icqx6H4GEqRlzjrnBPVthYA2nCWiMrYpPh63E2OmLQffR6SwGsZsS7pQ
.doubleclick.net/	1970-01-21 04:41:13	Name: test_cookie Value: CheckForPermission
.adnxs.com/	1970-01-21 06:50:48	Name: receive-cookie-deprecation Value: 1
.c.bing.com/	1970-01-21 04:51:17	Name: MR Value: 0
.c.bing.com/	1970-01-21 14:02:48	Name: SRM_B Value: 07829405D70A679D24EB81D4D696668A
reliaquest.com/	1970-01-21 04:51:17	Name: _an_uid Value: 0
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 14:02:48	Name: MUID Value: 07829405D70A679D24EB81D4D696668A
.c.clarity.ms/	1970-01-21 04:51:17	Name: MR Value: 0
.c.clarity.ms/	1970-01-21 04:41:13	Name: ANONCHK Value: 0
.www.linkedin.com/	1970-01-21 13:26:48	Name: bscookie Value: "v=1&202504170653501b9c1f9f-f0ae-4705-8f0a-da2da864f040AQFssJ9BIA9WJ16ufSGRHmb9mRauraFA"
.linkedin.com/	1970-01-21 04:41:14	Name: __cf_bm Value: .W2PyRd_YZfvQsbSKXs96TZ3MOaU75eHUhj5GCW53fg-1744872831-1.0.1.1-4iwyMlXIqnWyG6ahMSSeMAH4QIwq39tfDzXIXy2UkTlvJSaPrhZ9xWXnN5d64sOEsvdaQdPnxeVihhbF63n7dQ7WYu9CedL_etf542aKI8w
abm-tracking.demandscience.com/	1970-01-21 14:17:12	Name: userId Value: e04b0966b3ab4fe5d651dbab29769c1a_1744872830774
.reliaquest.com/	1970-01-21 04:42:39	Name: _clsk Value: m485ta%7C1744872831818%7C1%7C1%7Cf.clarity.ms%2Fcollect
.reliaquest.com/	1970-01-21 14:17:12	Name: _ga_G6184BWDDN Value: GS1.1.1744872830.1.0.1744872832.58.0.129975405
tracking.contanuity.com/	1970-01-21 14:17:12	Name: userId Value: e04b0966b3ab4fe5d651dbab29769c1a_1744872830774
tracking.contanuity.com/	1970-01-21 14:17:12	Name: clientId Value: DS
.reliaquest.com/	1970-01-21 14:17:12	Name: _ga Value: GA1.2.1670261853.1744872830
.reliaquest.com/	1970-01-21 04:42:39	Name: _gid Value: GA1.2.1514282872.1744872832
.reliaquest.com/	1970-01-21 04:41:12	Name: _gat_UA-10904891-3 Value: 1
.bidr.io/	1970-01-21 14:09:46	Name: bito Value: AAFCuk7QAUsAABuca0N3kg
.bidr.io/	1970-01-21 14:09:46	Name: bitoIsSecure Value: ok

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/(Line 18) Message: Allow attribute will take precedence over 'allowfullscreen'.
rendering	warning	URL: https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0E01C00EC2F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

438-kyk-786.mktoresp.com
abm-tracking.demandscience.com
analytics.google.com
app-script.monsido.com
b.6sc.co
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
epsilon.6sense.com
f.clarity.ms
fonts.googleapis.com
fonts.gstatic.com
heatmaps.monsido.com
images.ctfassets.net
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
js.zi-scripts.com
munchkin.marketo.net
px.ads.linkedin.com
px4.ads.linkedin.com
reliaquest.com
resources.reliaquest.com
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
td.doubleclick.net
tracking.contanuity.com
tracking.monsido.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.com.au
www.googletagmanager.com
www.linkedin.com
b.6sc.co
tracking.contanuity.com
103.43.91.249
104.16.117.43
104.16.118.43
108.177.97.94
142.250.204.8
15.197.167.90
150.171.22.14
172.64.146.215
172.64.150.44
173.194.174.147
192.28.144.124
2001:4860:4802:32::181
23.46.10.227
23.46.35.227
2404:6800:4006:814::200a
2404:6800:4006:814::200e
2404:6800:4008:c00::9b
2404:6800:4008:c06::61
2404:6800:4008:c07::9c
2600:1415:5400:4::17d3:f255
2600:1415:9c00:9::1730:f7e9
2600:1901:0:22e6::
2600:1901:0:476d::
2600:1901:0:891c::
2600:9000:2083:b000:12:94b3:c380:93a1
2606:4700::6812:ba1f
2620:1ec:33::10
2620:1ec:50::12
2620:1ec:bdf::31
2a04:4e42:600::604
34.98.91.45
44.226.187.177
51.8.44.252
52.231.230.148
52.32.164.86
54.203.236.163
64.233.187.94
99.83.231.3
00d1bb05513ad1b612092c5a0e085fcb8f165ffdc7ae15300d8fbd7f9600deb7
01d3c44791671916a95a17e3810a0bbb0817110f01c035d6e0faadcbcc581d2d
0361db4e9ad2cdc0b96a938c1213620074d3b68342309e9de080edb4c9c7c044
081ad4206bfeb1950c8382b5bc32aac31c4698598563d87080ee67a8fc5318d0
1885fa140df271c97bf904d43f5385b84aa7458ff60cc20dae89ca4e9df959d9
1affb2fe850658cb761b63e174b7d93493d80e8bad793e81841472b2cf1fc8a8
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e5e0b8dcb9d3cc33ffbe7b71a27ce249c85dc8a36bbf9b7b221da4a155d43ef
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
257ef1b7dd06f88a465e5badb58c57b62cf678d7618ecc2929aa3b428e848122
2df89f117e361eaf8511b7d8b1ad55cc939c13b920d22301e3b8809b32dd4432
2e914ba245ff42449ed9ad8103d185ec7f8ddf5896a1b1a1b9c0a5427893c420
3063556b95437bb08427d8883f08ce62e2dd66131781ea4f1827953557728ae0
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4c4eefc55cae077458e9a8a5b3ca5692b2aa79de9d02cd86a146d620f4d5079f
544e7155bbb9836cb695cef7641727272a272ecbe258da7a7d0fb07f560459f9
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57987d349c45e4901d3e0b472b172da204221954980b48da3755717d841e5c1d
61ea329c09b4cc22cd4391b26ca2b66257eb824e590d4de2a760ccbfccf70bf7
6478d7608daafa08bbdf856a0f380cdd15b519faa1956e5d8a6ebce136385836
64e8ce58f2d8ee4332cc27fcb759c31013f418b6523586b6441fd2f097107b35
6f0ebc365c33bd9775f7bea1b63634705de9da20cc84cf6658b42d523210457a
6f4fb1d5e60d18895bc5b6a9e0bb163c3db19a85cdc9c6c30cf7c72e1474cb0c
7017b0ab77d2622646f79709a6d5b76b2f9b51eea4167deb08e00888c3c2326f
748bae9f60d68174efcf0fe81ecbf5a5e4b0141d92bc6d6bdb44902992a1ca98
756cc90549e9598e1216ab6e87c208758c32e10c6a08779db8fc0862f4cfb72b
759043dafa55d63c0788faf5611e14607e598d740d5bc64ecc772d841014d04c
79ec3d2f0c2b43edb4f2a5df5864968e103b0231bd25cd0e1dc39ac0ee3b4c22
84d1a6377c22f7683a00d101a2a1ff90cf1eaf607128ce45a835a188e1dd10ae
8878017cf8f51089d46fdba568e115f3117307aaa2788dd3ea0b38d9869a8f14
8a7e0564dc2bfeceb4adead8bb3ec37213b5dcb0fdfcafc6de9aa2298b5d348c
91c20c70d36b608cf919e894b0ac9e32298d6b3ac3ca59c45a85e7c44161d170
93362814ec9c48c8b76cfe6d6036d419bf2e8111fa7a332c32086377338ff4d4
945063ebf0d8666b48130934c6bfc0653210ae7d836fd985d3966efba08aa1a2
963045a7c4d95971f0ae1c35aa10fd78779ae276b2e64fd05b10db0a9efbb964
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9a6cd2d9067e171561bb497a8d8703192b0ecbc280292424499e4ea1d6e0cb41
a018cac0c7f27b0aa5020fcddfdd54afceea3733a304e0cb1c3f8cc1c3fbc2f3
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b6e62019bf140e7b2d8fac10a8ebbb0ec34020e11417c303bd066120cbd59050
be08df326777a8b33cbcd047765e7dc6b8ddf620dcf64a85402ffc8fa006caab
bf4513260f6a69e667c7cfeb06b073400ea2d3e6a046f5be2b2a5f501d197f97
c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00
c81c322867056949b4836c5860843392b7da5dcb563ec2e99f8a5c05f7e74106
c9ff29fca88c661af66a7d4a76716f00296357f052d3f2252ca1f8e079595a9f
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d36b373b44b77f016e4b7df913ba2da2a8025456f016bc794861f210c0e3ada3
d581cc39dc84ae297440f3327f49cecd4b0cdf50db2879da4bbd105bdd8c11de
d8c8d8b2f12630cba1cbb2539cfad5fb0ca7152218553635bf4d7cd3f559d5e3
dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de08114f8ba4eb82e27381deca75936cd5da75a1d9a8939e4c51a20dd79e1868
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6
df2f43db76556733c351f904a1706450542851519ab8bfe5ba7215d2f8775f73
df3bc31eb27cba101d7e3918ebd94dc5ba21065e91983d1d55a67e9a621aaaec
e35a35f4cede02601f2c0561124a42020f13d11c7a464ca1a99b9aa95f8f5048
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cab7474a17da8c548ab0219abd136d0fa5e5b718f46699e10d66fde76a6519
e7aed6537aaa785b06f4e728da5b3e6e709ea899d4d59a80d8b138e34a0ef3b3
eaae1d4db82158aa4b92c4286ed1977ad9c3eb18db96573c6404f681fc93a78d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f524309c83549cab1b81b931d905888234eecf709e4aa0ade136daa5edbb5246
f645b12f27c4e9c1210d5725cfa894b86464372e7b1becbe47126a5fe82f9ade
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

reliaquest.com Open in urlscan Pro 15.197.167.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

110 Requests

95 %HTTPS

45 %IPv6

24 Domains

39 Subdomains

38 IPs

8 Countries

1032 kBTransfer

3400 kBSize

39 Cookies

9 Outgoing links

Redirected requests

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reliaquest.com Open in urlscan Pro
15.197.167.90 Public Scan

Screenshot
Live screenshot

Full Image

110
Requests

95 %
HTTPS

45 %
IPv6

24
Domains

39
Subdomains

38
IPs

8
Countries

1032 kB
Transfer

3400 kB
Size

39
Cookies

110 HTTP transactions
0 data transactions