www.secureworks.com Open in urlscan Pro
2620:1ec:bdf::60 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9...
Submission: On August 14 via api (August 14th 2023, 7:11:45 am UTC) from DE — Scanned from DE

Summary HTTP 203 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 50 IPs in 4 countries across 44 domains to perform 203 HTTP transactions. The main IP is 2620:1ec:bdf::60, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.secureworks.com. The Cisco Umbrella rank of the primary domain is 593073.
TLS certificate: Issued by Thawte RSA CA 2018 on January 20th 2023. Valid for: a year.

This is the only time www.secureworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2620:1ec:bdf::60 2620:1ec:bdf::60	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
30	2a02:26f0:170... 2a02:26f0:1700:d::1737:6ea4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
2	104.102.38.132 104.102.38.132	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
11	2606:4700::68... 2606:4700::6812:a972	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	2606:4700::68... 2606:4700::6812:1d26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
7	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
69	65.9.95.107 65.9.95.107	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.118.109 146.75.118.109	54113 (FASTLY) (FASTLY)
1	2600:1901:0:2... 2600:1901:0:22e6::	15169 (GOOGLE) (GOOGLE)
5	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	65.9.99.119 65.9.99.119	16509 (AMAZON-02) (AMAZON-02)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	104.75.89.75 104.75.89.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:225... 2600:9000:2251:f600:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:212... 2600:9000:2127:7e00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
1	108.138.17.47 108.138.17.47	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	2600:1901:0:8... 2600:1901:0:891c::	15169 (GOOGLE) (GOOGLE)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
2	2001:4860:480... 2001:4860:4802:36::36	15169 (GOOGLE) (GOOGLE)
1	23.212.89.35 23.212.89.35	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	18.66.97.17 18.66.97.17	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:212... 2600:9000:2127:5800:1d:8d6d:3b40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	2600:1f18:612... 2600:1f18:612b:4200:a191:c85d:637e:ad03	14618 (AMAZON-AES) (AMAZON-AES)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
12	54.147.21.139 54.147.21.139	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:480... 2a02:26f0:480:23::1726:629c	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	3.122.87.19 3.122.87.19	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:8e:... 2a04:4e42:8e::720	54113 (FASTLY) (FASTLY)
203	50

6 2620:1ec:bdf::60 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a02:26f0:1700:d::1737:6ea4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

content.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.38.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-38-132.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:a972 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

725-smc-563.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1d26 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

69 65.9.95.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-107.prg50.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.118.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:22e6:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

app-script.monsido.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.99.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-99-119.prg50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.89.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com

p.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.212 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2251:f600:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:7e00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-47.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:891c:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

tracking.monsido.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)

us-central1-adaptive-growth.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.89.35 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-89-35.deploy.static.akamaitechnologies.com

t.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-17.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:5800:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:a191:c85d:637e:ad03 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 54.147.21.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-21-139.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
flow.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:23::1726:629c (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.87.19 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-87-19.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:8e::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
69	driftt.com js.driftt.com — Cisco Umbrella Rank: 5961	780 KB
36	secureworks.com www.secureworks.com — Cisco Umbrella Rank: 593073 content.secureworks.com	2 MB
12	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 6722 metrics.api.drift.com — Cisco Umbrella Rank: 6607 event.api.drift.com — Cisco Umbrella Rank: 7258 targeting.api.drift.com — Cisco Umbrella Rank: 6891 flow.api.drift.com — Cisco Umbrella Rank: 12019	13 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 377	166 KB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 5628 c.6sc.co — Cisco Umbrella Rank: 8755 ipv6.6sc.co — Cisco Umbrella Rank: 5816 b.6sc.co — Cisco Umbrella Rank: 3737	17 KB
4	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 6447	26 KB
4	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2449	46 KB
4	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 114 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55	6 KB
4	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2770 www.google.com — Cisco Umbrella Rank: 3	928 B
3	teads.tv p.teads.tv — Cisco Umbrella Rank: 5009 cm.teads.tv — Cisco Umbrella Rank: 5665 t.teads.tv — Cisco Umbrella Rank: 2721	8 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14482 ibc-flow.techtarget.com — Cisco Umbrella Rank: 16174	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 374	13 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9585	583 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 623	2 KB
2	company-target.com s.company-target.com — Cisco Umbrella Rank: 1787 api.company-target.com — Cisco Umbrella Rank: 3460	2 KB
2	cloudfunctions.net us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 3207
2	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 4472 tag-logger.demandbase.com — Cisco Umbrella Rank: 4327	22 KB
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 464	1 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1346 insight.adsrvr.org — Cisco Umbrella Rank: 581	3 KB
2	monsido.com app-script.monsido.com — Cisco Umbrella Rank: 12146 tracking.monsido.com — Cisco Umbrella Rank: 11275	3 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	185 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3627	7 KB
1	imgix.net driftt.imgix.net — Cisco Umbrella Rank: 15292	9 KB
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 361	239 B
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 1250	393 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 814	98 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 12392	190 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 710	394 B
1	t.co t.co — Cisco Umbrella Rank: 536	375 B
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 3187	6 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 890	376 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1486	637 B
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 19090	235 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 15319	284 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 754	15 KB
1	vimeocdn.com extend.vimeocdn.com — Cisco Umbrella Rank: 10207	6 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 819	5 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1335	8 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 641	318 B
1	mktoresp.com 725-smc-563.mktoresp.com	318 B
1	gstatic.com fonts.gstatic.com	17 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	1 KB
0	linkedin.com Failed px4.ads.linkedin.com Failed
0	google.de Failed www.google.de Failed
203	44

	Domain	Requested by
69	js.driftt.com	www.secureworks.com js.driftt.com
30	content.secureworks.com	www.secureworks.com content.secureworks.com
11	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
6	www.secureworks.com	www.secureworks.com www.googletagmanager.com
5	b.6sc.co
4	targeting.api.drift.com	js.driftt.com
4	cdn.bizible.com	www.googletagmanager.com cdn.bizible.com
4	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
3	www.google.com
3	googleads.g.doubleclick.net	www.googletagmanager.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com
2	flow.api.drift.com	js.driftt.com
2	event.api.drift.com	js.driftt.com
2	epsilon.6sense.com	cdn.bizible.com
2	metrics.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	dsum-sec.casalemedia.com	1 redirects s.company-target.com
2	us-central1-adaptive-growth.cloudfunctions.net	cdn.pdst.fm
2	ibc-flow.techtarget.com	trk.techtarget.com
2	secure.adnxs.com	2 redirects
2	www.googletagmanager.com	www.secureworks.com www.googletagmanager.com
2	munchkin.marketo.net	www.secureworks.com munchkin.marketo.net
1	driftt.imgix.net
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	pixel.rubiconproject.com	s.company-target.com
1	partners.tremorhub.com	s.company-target.com
1	tag-logger.demandbase.com	cdn.bizible.com
1	api.company-target.com	cdn.bizible.com
1	id.rlcdn.com
1	s.company-target.com	tag.demandbase.com
1	t.teads.tv
1	cm.teads.tv	p.teads.tv
1	cdn.bizibly.com
1	analytics.twitter.com
1	t.co
1	tracking.monsido.com
1	insight.adsrvr.org	js.adsrvr.org
1	tag.demandbase.com	www.secureworks.com
1	cdn.pdst.fm	www.secureworks.com
1	cdn.linkedin.oribi.io	snap.licdn.com
1	alb.reddit.com
1	attr.ml-api.io
1	s.ml-attr.com	1 redirects
1	p.teads.tv	www.googletagmanager.com
1	static.ads-twitter.com	www.secureworks.com
1	js.adsrvr.org	www.googletagmanager.com
1	app-script.monsido.com	www.googletagmanager.com
1	extend.vimeocdn.com	www.googletagmanager.com
1	snap.licdn.com	www.secureworks.com
1	trk.techtarget.com	www.secureworks.com
1	www.redditstatic.com	www.googletagmanager.com
1	j.6sc.co	www.secureworks.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	725-smc-563.mktoresp.com	munchkin.marketo.net
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.secureworks.com
0	px4.ads.linkedin.com Failed
0	www.google.de Failed
203	61

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
www.facebook.com
en.wikipedia.org
github.com
attack.mitre.org
learn.microsoft.com
pages.secureworks.com
jobs.dell.com
investors.secureworks.com
portal.secureworks.com
content.secureworks.com
www.onetrust.com

Subject Issuer	Validity	Valid
www.secureworks.com Thawte RSA CA 2018	`2023-01-20` - `2024-01-19`	a year	crt.sh
cert00029-azurecdn.akamaized.net R3	`2023-08-09` - `2023-11-07`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-09` - `2024-03-08`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-12` - `2023-10-08`	6 months	crt.sh
drift.com Amazon RSA 2048 M02	`2023-03-01` - `2023-09-21`	7 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-02-18` - `2024-03-21`	a year	crt.sh
app-script.monsido.com GTS CA 1D4	`2023-07-12` - `2023-10-10`	3 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-19` - `2023-10-15`	6 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-07-26` - `2023-10-24`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
cdn.pdst.fm GTS CA 1D4	`2023-07-25` - `2023-10-23`	3 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-08-17` - `2023-09-18`	a year	crt.sh
tracking.monsido.com GTS CA 1D4	`2023-08-01` - `2023-10-30`	3 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
misc.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.company-target.com R3	`2023-06-18` - `2023-09-16`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-09-16` - `2023-10-18`	a year	crt.sh
*.demandbase.com Amazon RSA 2048 M01	`2023-07-11` - `2024-08-08`	a year	crt.sh
*.tremorhub.com Amazon RSA 2048 M01	`2023-02-22` - `2024-03-23`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-03-05` - `2024-04-05`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Frame ID: 840C19687F5E1C53F02A21F2387FCCF1
Requests: 114 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=6g1y9hy&ref=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&upid=gn5z6gn&upv=1.1.0
Frame ID: 8D7BA91B00FF4C0A057D6669967E7845
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
Frame ID: 5A64CD4651F7D99202EADE03F3D1C950
Requests: 40 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
Frame ID: 7924C9740AEE70E8F404EDF43C032B7A
Requests: 35 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: 718EAD96D9D85F049C134FCE1EDAB873
Requests: 4 HTTP requests in this frame

Frame: https://script.crazyegg.com/pages/data-scripts/0097/6279/site/www.secureworks.com.json?t=1
Frame ID: 3DC010339FA269350E8718754338F2DE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sniffing Out SharpHound on its Hunt for Domain Admin | SecureworksBack ButtonSearch IconFilter Icon

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

203
Requests

96 %
HTTPS

49 %
IPv6

44
Domains

61
Subdomains

50
IPs

4
Countries

3420 kB
Transfer

7876 kB
Size

48
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/intent/tweet?url=https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin&text=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin&via=Secureworks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin&source=Secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Red_team#Cybersecurity
Title: purple team

Search URL Search Domain Scan URL

URL: https://github.com/BloodHoundAD/BloodHound
Title: BloodHound

Search URL Search Domain Scan URL

URL: https://github.com/BloodHoundAD/SharpHound
Title: SharpHound

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1558/003/
Title: Kerberoasting

Search URL Search Domain Scan URL

URL: https://github.com/fox-it/BloodHound.py
Title: BloodHound.py

Search URL Search Domain Scan URL

URL: https://github.com/fortra/impacket
Title: Impacket

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/dotnet/framework/wcf/samples/etw-tracing
Title: ETW

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/e742be45-665d-4576-b872-0bc99d1e1fbe
Title: security groups, non-security groups, alias and non-alias

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/access-control-list
Title: access control lists

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/ad/service-principal-names
Title: service principal names

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/c9efe39c-f5f9-43e9-9479-941c20d0e590
Title: trusted domains

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc787851(v=ws.10)
Title: remote procedure call (RPC)

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/email-subscription.html?_ga=2.98586582.992821853.1618841296-805368899.1615224462
Title: SEND ME UPDATES

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/secureworks

Search URL Search Domain Scan URL

URL: https://twitter.com/secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/secureworks

Search URL Search Domain Scan URL

URL: https://github.com/secureworks

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/email-subscription.html
Title: Subscribe Now

Search URL Search Domain Scan URL

URL: https://jobs.dell.com/secureworks-jobs
Title: Careers

Search URL Search Domain Scan URL

URL: https://investors.secureworks.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://portal.secureworks.com/portal/loginIDP
Title: Login

Search URL Search Domain Scan URL

URL: https://content.secureworks.com/-/media/Files/Corporate/modernslaverystatement_23.ashx?modified=20230622212310
Title: Supply Chain Transparency

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/UnsubscribePage.html?mkt_unsubscribe=1
Title: Unsubscribe

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.secureworks.com&pId=5979240291217397413

Request Chain 86

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2386324%26time%3D1691997100745%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%252Fblog%252Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%253FuserID%253Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%2526Campaign_name%253Deveryonesocial%2526Campaign_medium%253Da7a31727-cd75-4dc9-96e9-c849f36698fe%2526Campaign_source%253Dtwitter%2526es_id%253D7fdbc11ca2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&cookiesTest=true&liSync=true HTTP 0
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&cookiesTest=true&liSync=true&e_ipv6=AQLiVzb7sf1OTwAAAYny4t2momQb-7GEqIp2Kd3pqVqd-_WX1dgO3v9qF0y215c0

Request Chain 131

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1707894700&external_user_id=65f3f6f9-9f78-4146-871e-02d8dd5cf4c0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1707894700&external_user_id=65f3f6f9-9f78-4146-871e-02d8dd5cf4c0&C=1

203 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sniffing-out-sharphound-on-its-hunt-for-domain-admin Show response
www.secureworks.com/blog/ 103 KB
25 KB 632ms
583ms Document
text/html 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

69cfa92d4387fd1d786756e9ba1f8dd29ade2ea431aabc7e79da8abb9f3a6fcd

Security Headers

Name	Value
Content-Security-Policy	object-src 'none'; script-src 'self' 'nonce-YWYxNWJkMDRiZGQwNDQ1NWE5N2Q5NTAzNzY5NWI5ZTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' 'sha256-ZlXTkZmAmWswFmM/VCVi0DLagBh+F9JWQiK/yRsf7yc=' 'sha256-76Yt/S5cofMdn9d5/cJOU32zSvhw1A8QJDSgL1c0YRI=' 'sha256-z4pF+zMq94+GUUF273G0WvSAL91jUazcB1NOISkNlzk=' 'sha256-4OIRiOWgv2ak/dapUtCUuoqEUnVBrH8A9LJCp3dthUw=' 'sha256-ew0tynw+zAqBiv217Nj202XmktwGvkQU7jXqQMotiHg=' 'sha256-2mFyIAC6FjDBvAg15BPawsugazV1sKm4T9x09V76BK0=' 'sha256-kxoZz5p2Ko+K+FXi8lIZc2opwhJF9WD4/wy9+dLYHzY=' 'sha256-+ThII46Fk+h63393vJ+nvAEZnTSXIwpqVJDSklAo5eM=' 'sha256-hUowsewUBuLRjFz7Z3pohTKe/pX/uO7uKD1k25qHLQY=' 'sha256-pMZUEpT65ftOEzHdiYyq/2vt545RymVHJSh5H2y5BDk=' 'sha256-nGkmLI0CpGjUy6Gg2vRE6xAh+vU4jlNVmPB+55WJmn8=' 'sha256-j6LWS7Q+Wsyd91b6000yHCoIqUaJIJQq56Lw3XQPcHA=' 'sha256-XQ6pUmmjpjpunCfT67q0ACDA7NqxLJx1iJwCFhC73wo=' 'sha256-tCniuKIyeHpfi5vxJOgLkz0eRI+cerKWFRsy5hMt5V0=' 'sha256-EZaJwK6Bh4sdKWjgv6zhJUdT2ISL4NhEQSPYf++uAeU=' 'sha256-1T7dud0UtKJZdhJcgsp1gh8MZDyA3S8DIsOpB3+co4M=' 'sha256-g6A8gRllShDRUg9hmXQZ0ZvMQ35F4jsarESQIDJtpE4=' 'sha256-y6vRm9V8P08qfB27ukHo07LF4IM00RKuKNzQBfsBlgg=' 'sha256-1GbAOPSdN7GyL999DpkIzp8XYAH1OP43heqQi7uU3FQ=' 'sha256-1p8zU6DNbl/tn8sFUoVBsvAF+dwRMDHK3WXM4vqIhDc=' 'sha256-a/dU49b8+CePl3YeekAugUB79FoCfbN22DFVyavn9pM=' 'sha256-39FcaN3WyGnHnf2UX+fHrSBSJq4KI6BETrXNemtzDa8=' 'sha256-4N1dEVT13lNPCpxXX2XuIlfUBwZp3wNLb/hBbSKGESA=' 'sha256-hNSRZgUy89mPGFidDBRWC4Ed4jKTrCtZP2zeBPNbdeI=' 'sha256-CD2LEDjz/KtOaC5rzryax+qZEQVmnKcZAQsqnSqAIXw=' 'sha256-FKJXEsmjg1Bgqi33LGcZCFxDahpEPN6prnNBVDxvfhc=' 'sha256-GNXg66Qlqpdgh9Nsv/+xAVNgfxsTWLi+TUdpxamXMuU=' 'sha256-TKtnYUWk/B6gzo2immnWBOjewDye+cXQBoAlykzhX/s=' 'sha256-BMQXzfchDpNs+zYF2cO7o9iAJtoSq+2OX45TfNM/cdA=' 'sha256-IECBAorlkKUYQadvB50kjQC3oIqb9xKfOB+cVXdarE0=' 'sha256-c+xyt9U1PbPeI7Pot035l4MckCT6qHAzxiBA5t+7KPE=' 'sha256-bZ4r9bNMpnkokR0Gwp+X+Y0qYhZKQwglL8B9TAvMsrA=' 'sha256-GNsgzTmK93RFT4ppB/KnAwm9wVkth71ceJVqrzSGC6M=' 'sha256-NMtcHh/vZkcUq5lHSUz2dzv8n1jv1SFeNewgEGvik4k=' 'sha256-qNQx9jt8qaEBXM11NIr686AfxMFZ5JdLDih1v53gg58=' 'sha256-V3cvEVskzD9prkzxm7tqKYfGLb9bWJvWCtL+JIITaS0=' 'sha256-waeaCDLj6GQjXDbMrbks0tMGletGWM4yUCtZexjXtQ4=' 'sha256-NqbLH0mR4blvVOwz3czIHomPHCsoQ0Wm41wF1kBSvZU=' 'sha256-VjVcBNNglZR51BM/0BQcyaVDi+aLDUlGQY7FoGXABBo=' 'sha256-5dJLPJs8n07/9HQlsmJnd/4gjSEsyEEiOhQc+PbGaig=' https://code.jquery.com https://pages.secureworks.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://script.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://app-script.monsido.com https://monsido-consent.com https://tracking.monsido.com https://.redditstatic.com https://.ensighten.com https://.ml314.com https://.choozle.com https://.bluekai.com https://cdn.bizible.com https://cdn.bizibly.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://insight.adsrvr.org https://js.adsrvr.org https://.clarity.ms https://static.ads-twitter.com https://cdn.pdst.fm https://.cloudfunctions.net https://tag.demandbase.com https://.bidr.io https://.company-target.com https://www.teads.com https://p.teads.tv https://www.facebook.com connect.facebook.net; img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com .secureworks.com id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io .company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com .secureworks.com https://www.gstatic.com blob: data:; frame-ancestors 'self' .folloze.com *.secureworks.com; worker-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store
content-encoding: br
content-security-policy: object-src 'none'; script-src 'self' 'nonce-YWYxNWJkMDRiZGQwNDQ1NWE5N2Q5NTAzNzY5NWI5ZTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' 'sha256-ZlXTkZmAmWswFmM/VCVi0DLagBh+F9JWQiK/yRsf7yc=' 'sha256-76Yt/S5cofMdn9d5/cJOU32zSvhw1A8QJDSgL1c0YRI=' 'sha256-z4pF+zMq94+GUUF273G0WvSAL91jUazcB1NOISkNlzk=' 'sha256-4OIRiOWgv2ak/dapUtCUuoqEUnVBrH8A9LJCp3dthUw=' 'sha256-ew0tynw+zAqBiv217Nj202XmktwGvkQU7jXqQMotiHg=' 'sha256-2mFyIAC6FjDBvAg15BPawsugazV1sKm4T9x09V76BK0=' 'sha256-kxoZz5p2Ko+K+FXi8lIZc2opwhJF9WD4/wy9+dLYHzY=' 'sha256-+ThII46Fk+h63393vJ+nvAEZnTSXIwpqVJDSklAo5eM=' 'sha256-hUowsewUBuLRjFz7Z3pohTKe/pX/uO7uKD1k25qHLQY=' 'sha256-pMZUEpT65ftOEzHdiYyq/2vt545RymVHJSh5H2y5BDk=' 'sha256-nGkmLI0CpGjUy6Gg2vRE6xAh+vU4jlNVmPB+55WJmn8=' 'sha256-j6LWS7Q+Wsyd91b6000yHCoIqUaJIJQq56Lw3XQPcHA=' 'sha256-XQ6pUmmjpjpunCfT67q0ACDA7NqxLJx1iJwCFhC73wo=' 'sha256-tCniuKIyeHpfi5vxJOgLkz0eRI+cerKWFRsy5hMt5V0=' 'sha256-EZaJwK6Bh4sdKWjgv6zhJUdT2ISL4NhEQSPYf++uAeU=' 'sha256-1T7dud0UtKJZdhJcgsp1gh8MZDyA3S8DIsOpB3+co4M=' 'sha256-g6A8gRllShDRUg9hmXQZ0ZvMQ35F4jsarESQIDJtpE4=' 'sha256-y6vRm9V8P08qfB27ukHo07LF4IM00RKuKNzQBfsBlgg=' 'sha256-1GbAOPSdN7GyL999DpkIzp8XYAH1OP43heqQi7uU3FQ=' 'sha256-1p8zU6DNbl/tn8sFUoVBsvAF+dwRMDHK3WXM4vqIhDc=' 'sha256-a/dU49b8+CePl3YeekAugUB79FoCfbN22DFVyavn9pM=' 'sha256-39FcaN3WyGnHnf2UX+fHrSBSJq4KI6BETrXNemtzDa8=' 'sha256-4N1dEVT13lNPCpxXX2XuIlfUBwZp3wNLb/hBbSKGESA=' 'sha256-hNSRZgUy89mPGFidDBRWC4Ed4jKTrCtZP2zeBPNbdeI=' 'sha256-CD2LEDjz/KtOaC5rzryax+qZEQVmnKcZAQsqnSqAIXw=' 'sha256-FKJXEsmjg1Bgqi33LGcZCFxDahpEPN6prnNBVDxvfhc=' 'sha256-GNXg66Qlqpdgh9Nsv/+xAVNgfxsTWLi+TUdpxamXMuU=' 'sha256-TKtnYUWk/B6gzo2immnWBOjewDye+cXQBoAlykzhX/s=' 'sha256-BMQXzfchDpNs+zYF2cO7o9iAJtoSq+2OX45TfNM/cdA=' 'sha256-IECBAorlkKUYQadvB50kjQC3oIqb9xKfOB+cVXdarE0=' 'sha256-c+xyt9U1PbPeI7Pot035l4MckCT6qHAzxiBA5t+7KPE=' 'sha256-bZ4r9bNMpnkokR0Gwp+X+Y0qYhZKQwglL8B9TAvMsrA=' 'sha256-GNsgzTmK93RFT4ppB/KnAwm9wVkth71ceJVqrzSGC6M=' 'sha256-NMtcHh/vZkcUq5lHSUz2dzv8n1jv1SFeNewgEGvik4k=' 'sha256-qNQx9jt8qaEBXM11NIr686AfxMFZ5JdLDih1v53gg58=' 'sha256-V3cvEVskzD9prkzxm7tqKYfGLb9bWJvWCtL+JIITaS0=' 'sha256-waeaCDLj6GQjXDbMrbks0tMGletGWM4yUCtZexjXtQ4=' 'sha256-NqbLH0mR4blvVOwz3czIHomPHCsoQ0Wm41wF1kBSvZU=' 'sha256-VjVcBNNglZR51BM/0BQcyaVDi+aLDUlGQY7FoGXABBo=' 'sha256-5dJLPJs8n07/9HQlsmJnd/4gjSEsyEEiOhQc+PbGaig=' https://code.jquery.com https://pages.secureworks.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://*.vimeo.com https://*.vimeocdn.com https://j.6sc.co https://b.6sc.co https://*.6sc.co https://epsilon.6sense.com https://*.rlcdn.com https://gateway.zscaler.net https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://script.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://*.on24.com https://*.ceros.com https://app-script.monsido.com https://monsido-consent.com https://tracking.monsido.com https://*.redditstatic.com https://*.ensighten.com https://*.ml314.com https://*.choozle.com https://*.bluekai.com https://cdn.bizible.com https://cdn.bizibly.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://insight.adsrvr.org https://js.adsrvr.org https://*.clarity.ms https://static.ads-twitter.com https://cdn.pdst.fm https://*.cloudfunctions.net https://tag.demandbase.com https://*.bidr.io https://*.company-target.com https://www.teads.com https://p.teads.tv https://www.facebook.com connect.facebook.net; img-src 'self' https://*.vimeo.com https://*.vimeocdn.com content.secureworks.com *.secureworks.com id.rlcdn.com *.googletagmanager.com cdn.cookielaw.org *.gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com *.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com *.adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com *.crazyegg.com *.redditstatic.com alb.reddit.com *.ensighten.com ml314.com *.choozle.com *.bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com *.clarity.ms analytics.twitter.com t.co *.bidr.io *.company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com *.secureworks.com https://www.gstatic.com blob: data:; frame-ancestors 'self' *.folloze.com *.secureworks.com; worker-src 'self' blob: data:;
content-type: text/html; charset=utf-8
date: Mon, 14 Aug 2023 07:11:39 GMT
expires: -1
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-azure-ref: 20230814T071139Z-85anr5xcqd54bc0r8u8hpfmq2w00000003ag00000001vex9
x-cache: PRIVATE_NOSTORE
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 html5reset-1.6.1.css
content.secureworks.com/content/app/css/ 1 KB
1021 B 158ms
8ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/html5reset-1.6.1.css?v=06-08-2023-2

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:38 GMT
x-azure-ref-originshield: 0yg6BZAAAAACUxYB7nd1ITLsFlxTPZl8VQU1TMDRFREdFMTkyMQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "24ef2bc9da47d91:0"
x-azure-ref: 0yg6BZAAAAADxYQbQrdsTToW3l9krFcY+QlJVMzBFREdFMTEwNwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1256048
accept-ranges: bytes
content-length: 573

GET
H2 200 western-typographies.css
content.secureworks.com/content/app/css/ 2 KB
712 B 159ms
9ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/western-typographies.css?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:38 GMT
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "5c8b48c9da47d91:0"
x-azure-ref: 07nSBZAAAAAArR6FGSaVFSpZJ/pNor8QmRlJBMjMxMDUwNDE4MDUxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1466270
accept-ranges: bytes
content-length: 365

GET
H2 200 main.css
content.secureworks.com/content/app/css/ 587 KB
83 KB 161ms
11ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1bd0c447785eab06c5aab0e789fe161c2da109afac7387004e0ea811b0bd6b61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 26 May 2023 14:02:40 GMT
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "080c4bbda8fd91:0"
x-azure-ref: 0uvqAZAAAAADPEBkKgIdeQ6ioNI7hHTGRRlJBMjMxMDUwNDE4MDQ5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1256001
accept-ranges: bytes
content-length: 84526

GET
H2 200 jquery-3.6.0.min.js Show response
content.secureworks.com/content/app/js/ 87 KB
31 KB 157ms
7ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:33 GMT
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "d96adfc5da47d91:0"
x-azure-ref: 03myBZAAAAABe741Qn61+Qovom2MMnowWRlJBMjMxMDUwNDE3MDQ1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1464441
accept-ranges: bytes
content-length: 30954

GET
H2 200 css2
fonts.googleapis.com/ 11 KB
1 KB 47ms
19ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Saira+Condensed:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0b817ddec3728ea011d21f345670ed6c213d08a71a15ade591680bfaba85960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 14 Aug 2023 07:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 07:11:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Aug 2023 07:11:39 GMT

GET
H2 200 sharphound-01.ashx
content.secureworks.com/-/media/Images/Insights/Blog/2023/sniffing%20out%20sharphound%20on%20its%20hunt%20for%20domain%20admin/ 46 KB
46 KB 48ms
20ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Blog/2023/sniffing%20out%20sharphound%20on%20its%20hunt%20for%20domain%20admin/sharphound-01.ashx?la=en&modified=20230730222837&hash=1C5BB6F3EB95C0D28E5475A166913EFB

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7832574c3f84124057eb8a12fbed18f367fb2fb62ae323879427ee0c973bb452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 30 Jul 2023 22:28:37 GMT
etag: e3e20b42b9e04eb1a731e54f3a278ba6
x-azure-ref: 20230801T130205Z-2gyk3whnyd4a9cmkyk36cec71w00000000w000000001d80r
content-type: image/png
cache-control: public, max-age=1489818
content-disposition: inline; filename="sharphound-01.png"
accept-ranges: bytes
content-length: 46611
expires: Thu, 31 Aug 2023 13:01:58 GMT

GET
H2 200 sharphound-02.ashx
content.secureworks.com/-/media/Images/Insights/Blog/2023/sniffing%20out%20sharphound%20on%20its%20hunt%20for%20domain%20admin/ 5 KB
5 KB 74ms
46ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Blog/2023/sniffing%20out%20sharphound%20on%20its%20hunt%20for%20domain%20admin/sharphound-02.ashx?la=en&modified=20230730222844&hash=1735BC96CB5CB1A783B2875F59E46183

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f58ae3a848bbbd6be3e99e6e3233deb90be51365933264c761438358b056495c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 30 Jul 2023 22:28:44 GMT
etag: 8153d03091b34d669859fa16bb6d1a6b
x-azure-ref: 20230813T160356Z-e3b07arwg974tcm6m19ha974bs00000002v00000000202x0
content-type: image/png
cache-control: public, max-age=2537608
content-disposition: inline; filename="sharphound-02.png"
accept-ranges: bytes
content-length: 5117
expires: Tue, 12 Sep 2023 16:05:08 GMT

GET
H2 200 002-background-treated_360x190.ashx
content.secureworks.com/-/media/Images/Insights/2022/abstract%20approved/002-purple-black-faded-screen/ 30 KB
30 KB 48ms
20ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/2022/abstract%20approved/002-purple-black-faded-screen/002-background-treated_360x190.ashx?modified=20220621213741

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d06f16436de248c88426110742cf0fa0e9fe7a2707399ecb2f27b3425a6b6162

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 21 Jun 2022 21:37:41 GMT
etag: 02b515b1c4464caaa68045744107a917
x-azure-ref: 20230724T022954Z-a5mqa3h8ut43xbxcz6brarzwts00000003a0000000007edu
content-type: image/png
cache-control: public, max-age=760685
content-disposition: inline; filename="002-background-treated_360x190.png"
accept-ranges: bytes
content-length: 30267
expires: Wed, 23 Aug 2023 02:29:45 GMT

GET
H2 200 blog-right-sidebar-ad.ashx
content.secureworks.com/-/media/Images/Insights/Blog/2022%20right%20sidebar%20ads/ 21 KB
21 KB 73ms
45ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Blog/2022%20right%20sidebar%20ads/blog-right-sidebar-ad.ashx?modified=20221102152447

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

62e55cc7119c6aae1e7aaac1870c9796ccc25fccdd4937f126f6114e66fd3b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 02 Nov 2022 15:24:47 GMT
etag: 9a6cd664e4ae440c96fa0d2bacbcb2db
x-azure-ref: 20230812T102947Z-pbkprwt84t6hx1m6pxh4ep7rs4000000013g00000000z9w4
content-type: image/png
cache-control: public, max-age=2431114
content-disposition: inline; filename="blog-right-sidebar-ad.png"
accept-ranges: bytes
content-length: 21359
expires: Mon, 11 Sep 2023 10:30:14 GMT

GET
H2 200 state-of-the-threat-2022_500x300.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Reports/state%20of%20the%20threat%202022/ 156 KB
157 KB 48ms
20ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Reports/state%20of%20the%20threat%202022/state-of-the-threat-2022_500x300.ashx?modified=20220930143542

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

baa55d1d4627050073e047eb2f9dbe86720736f51f37a116602e5705c3966b33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 30 Sep 2022 14:35:42 GMT
etag: dca4e3938b8e4a69a36ea6fa76e12158
x-azure-ref: 20230726T143040Z-fm77n88v3p1cbexhx6by7yg6fs00000000p000000000sb4g
content-type: image/png
cache-control: public, max-age=976644
content-disposition: inline; filename="state-of-the-threat-2022_500x300.png"
accept-ranges: bytes
content-length: 160244
expires: Fri, 25 Aug 2023 14:29:04 GMT

GET
H2 200 ir-report-jan-mar-23_16-9-md.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Reports/learning%20from%20ir%202023%20jan%20mar/ 470 KB
470 KB 46ms
18ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Reports/learning%20from%20ir%202023%20jan%20mar/ir-report-jan-mar-23_16-9-md.ashx?modified=20230807223328

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8f6f6a1cd561a612eaf564cd9aac3d144af6b90138186d30ad08cfb50a9b9bb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 07 Aug 2023 22:33:28 GMT
etag: b70583d5c6894a08984323dd7f24992f
x-azure-ref: 20230808T152423Z-7fgqmwrzwx5ehdwyw3cvsddrp80000000c4g00000000ntrz
content-type: image/png
cache-control: public, max-age=2103232
content-disposition: inline; filename="ir-report-jan-mar-23_16-9-md.png"
accept-ranges: bytes
content-length: 481099
expires: Thu, 07 Sep 2023 15:25:32 GMT

GET
H2 200 case-study-library_Web_360x190.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Case%20Study/case%20study%20library/ 29 KB
29 KB 73ms
46ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Case%20Study/case%20study%20library/case-study-library_Web_360x190.ashx?modified=20220810131033

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

453891daef821f36152e1ec0eb9df8f18c2d737f9416a3ee9a72788275b7f894

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Aug 2022 13:10:33 GMT
etag: ed601ac735244bc4b23a176b89e04432
x-azure-ref: 20230807T154655Z-wtrzvt11w106917gr800azyzyn00000001ng000000021zxd
content-type: image/png
cache-control: public, max-age=2018129
content-disposition: inline; filename="case-study-library_Web_360x190.png"
accept-ranges: bytes
content-length: 29459
expires: Wed, 06 Sep 2023 15:47:09 GMT

GET
H2 200 ti-exec-report-2023-vol-3_16-9-md.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Reports/threat%20intelligence%20report/2023/ 211 KB
211 KB 47ms
20ms Image
image/png 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Reports/threat%20intelligence%20report/2023/ti-exec-report-2023-vol-3_16-9-md.ashx?modified=20230621142708

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

067a617a4dd30f184f9924c57acad889df67677291da701cda2d24bca4b2654b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 21 Jun 2023 14:27:08 GMT
etag: 5c0b23834c85442098eca8817219234e
x-azure-ref: 20230811T212114Z-t3r0grf35h65b7u9enae0v4yd400000000mg00000001szmk
content-type: image/png
cache-control: public, max-age=2383753
content-disposition: inline; filename="ti-exec-report-2023-vol-3_16-9-md.png"
accept-ranges: bytes
content-length: 215918
expires: Sun, 10 Sep 2023 21:20:53 GMT

GET
H2 200 close.svg
www.secureworks.com/content/rc/images/ 850 B
1 KB 18ms
17ms Image
image/svg+xml 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/content/rc/images/close.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0049c42b57e92164c558905bff7c17441afe55dc569f0062162e77a532964b80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:40 GMT
etag: "6de322cada47d91:0"
x-azure-ref: 20230814T071140Z-85anr5xcqd54bc0r8u8hpfmq2w00000003ag00000001vf6m
x-cache: TCP_HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=2592000
accept-ranges: bytes
content-length: 850

GET
H2 200 libs.min.js Show response
content.secureworks.com/content/app/js/ 257 KB
70 KB 8ms
7ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/libs.min.js?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

08681ba3da35c665e877f6f9a6e158ff94b4d96c363610cdb061ebb79a718c35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:02:01 GMT
x-azure-ref-originshield: 0avmAZAAAAABIWeWMlkJhQbxihEL6sj/KRlJBMjMxMDUwNDE4MDQ1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "777c5d6da47d91:0"
x-azure-ref: 0avmAZAAAAACzs+J/LterTq/0AWY1bqejRlJBMjMxMDUwNDIwMDUzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1436819
accept-ranges: bytes
content-length: 70793

GET
H2 200 main.js Show response
content.secureworks.com/content/app/js/ 73 KB
19 KB 8ms
8ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/main.js?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c2f15609bdc44ef0009fda7902639ed493b8a26a00a58b905e0768f67c93b2ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:33 GMT
x-azure-ref-originshield: 0ZcTIZAAAAADfX3/17hi3TJd9oZJ7/KtCRlJBMjMxMDUwNDE4MDIzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "9e905c6da47d91:0"
x-azure-ref: 0ZcTIZAAAAACaqyueL5XPTo5nmktamRtCRlJBMjMxMDUwNDE5MDE5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1474008
accept-ranges: bytes
content-length: 19484

GET
H2 200 products.js Show response
content.secureworks.com/content/rc/js/ 44 KB
14 KB 8ms
8ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/rc/js/products.js?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9eb064a8d93265a1b1bb725f0db9c1d209a4efdae9eca7ddc67a094755c64b4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:02:20 GMT
x-azure-ref-originshield: 0td60ZAAAAABQHvU+3zpmQp6YS/1P3LlsTE9OMjFFREdFMTYxOQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "4eb3ae2da47d91:0"
x-azure-ref: 0td60ZAAAAADuIYd5yECBQqZsfu6Z+wEqTE9OMjEyMDUwNzE2MDQ3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2503036
accept-ranges: bytes
content-length: 13755

GET
H2 200 default.css
content.secureworks.com/content/app/css/highlighter/ 1 KB
1 KB 10ms
8ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/highlighter/default.css?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:21 GMT
x-azure-ref-originshield: 06CWlZAAAAAAUBGOenPR1Qr9Jd8Jezc/ARlJBMjMxMDUwNDE4MDE3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "d467d9beda47d91:0"
x-azure-ref: 06CWlZAAAAABFDTWJfcuLTI7DpKnXPfWJRlJBMjMxMDUwNDE5MDExADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1472612
accept-ranges: bytes
content-length: 580

GET
H2 200 highlight.pack.js Show response
content.secureworks.com/content/app/js/libs/ 50 KB
20 KB 17ms
15ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/libs/highlight.pack.js?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:02:02 GMT
x-azure-ref-originshield: 0FvqAZAAAAAAafXmGuq24RJ/o++FJ0/Y5RlJBMjMxMDUwNDE3MDE5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "56b366d7da47d91:0"
x-azure-ref: 0FvqAZAAAAADuaqQwfAMjRLiWGODwPi3mRlJBMjMxMDUwNDE5MDIxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1285420
accept-ranges: bytes
content-length: 20267

GET
H2 200 bundle.js Show response
content.secureworks.com/content/micro/ 730 KB
213 KB 11ms
9ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/micro/bundle.js?v=06-08-2023-2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fbb0995554fef3d2e17767e42318987a6b0196ec4572d2c61da94534e8698848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:02:04 GMT
x-azure-ref-originshield: 0A13KZAAAAABXSwPvyq6vRLMOZEcC8tvlRlJBMjMxMDUwNDE4MDQ5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "c2e26ed8da47d91:0"
x-azure-ref: 0A13KZAAAAACBVZz8BoVJT4UkJ3Qifi3QRlJBMjMxMDUwNDIwMDMzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1578607
accept-ranges: bytes
content-length: 217228

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
2 KB 39ms
7ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 14 Aug 2023 07:11:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 289 KB
92 KB 65ms
41ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

46b33cf73fc4999bddf907b94692ee1cfaca718d35272ce79a5beb810521d4bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93864
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 14 Aug 2023 07:11:40 GMT

GET
H2 200 arrow.svg
content.secureworks.com/content/app/img/svg/ 2 KB
1 KB 65ms
46ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/content/app/img/svg/arrow.svg

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:57 GMT
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: "c5a74cd4da47d91:0"
x-azure-ref: 0uQutZAAAAADKEnP3L399QLtaFUdH8IgiQU1TMDRFREdFMTkxNQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=2072667
accept-ranges: bytes
content-length: 905

GET
H2 200 visuelt-regular.woff
content.secureworks.com/content/app/fonts/visuelt/ 34 KB
34 KB 10ms
8ms Font
application/font-woff 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-regular.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:55 GMT
etag: "4481fbd2da47d91:0"
x-azure-ref: 20230620T161734Z-ddp38rs5496yb03c5gdwhfftbc00000009pg00000000vdnq
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=2568209
accept-ranges: bytes
content-length: 34560

GET
H2 200 icomoon.ttf
content.secureworks.com/content/app/fonts/icomoon-new/ 3 KB
3 KB 11ms
9ms Font
application/font-ttf 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/icomoon-new/icomoon.ttf?8und5p

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:49 GMT
x-azure-ref-originshield: 0nkxaZAAAAACv748uXE73S4TxTaYICxxVRlJBMjMxMDUwNDE3MDA5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "ea28cacfda47d91:0"
x-azure-ref: 0nkxaZAAAAAAhW2XtlUWTR6QYo2GUrE5KRlJBMjMxMDUwNDIwMDIxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public, max-age=1066585
accept-ranges: bytes
content-length: 2904

GET
H2 200 visuelt-medium.woff
content.secureworks.com/content/app/fonts/visuelt/ 36 KB
36 KB 11ms
10ms Font
application/font-woff 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-medium.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:29 GMT
x-azure-ref-originshield: 0FRVuZAAAAADdKXhT0RODQrBZQkYCiYYFRlJBMjMxMDUwNDE3MDA5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "a41374c3da47d91:0"
x-azure-ref: 0FRVuZAAAAAAkgIaCR5zGSZUPnIG2h+/9RlJBMzFFREdFMDQxMQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=2568209
accept-ranges: bytes
content-length: 36448

GET
H2 200 visuelt-black.woff
content.secureworks.com/content/app/fonts/visuelt/ 34 KB
35 KB 12ms
11ms Font
application/font-woff 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-black.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=06-08-2023-2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:28 GMT
etag: "7a14d8c2da47d91:0"
x-azure-ref: 20230811T062153Z-mmkfdmwy3p4932c0wewwbnvs60000000019g00000001x47b
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=2329774
accept-ranges: bytes
content-length: 35128

GET
H2 200 Visuelt-Light.ttf
www.secureworks.com/content/assets/fonts/ 139 KB
140 KB 16ms
14ms Font
application/font-ttf 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/content/assets/fonts/Visuelt-Light.ttf

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7863ca6b764cf33a59a47bd455e1ef2713b5599e78e8d5b1803c0e8844186b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:01:34 GMT
etag: "9872a7c6da47d91:0"
x-azure-ref: 20230814T071140Z-85anr5xcqd54bc0r8u8hpfmq2w00000003ag00000001vf6r
x-cache: TCP_HIT
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public,max-age=2592000
accept-ranges: bytes
content-length: 142684

GET
H2 200 Visuelt-Bold.ttf
www.secureworks.com/content/assets/fonts/ 170 KB
171 KB 15ms
14ms Font
application/font-ttf 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/content/assets/fonts/Visuelt-Bold.ttf

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

64ba221769f51fcba3ae03ff9ebccac7cc1017e5f10900475b871ecfe7bda514

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:02:03 GMT
etag: "11fc9d7da47d91:0"
x-azure-ref: 20230814T071140Z-85anr5xcqd54bc0r8u8hpfmq2w00000003ag00000001vf6s
x-cache: TCP_HIT
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public,max-age=2592000
accept-ranges: bytes
content-length: 174376

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
6 KB 8ms
7ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 14 Aug 2023 07:11:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Wed, 22 Nov 2023 07:11:40 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 41ms
20ms Script
application/javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b97b49ee323dbccf9a13f15fa3d93188d01681652d52b1ed40ad00c32dfb0513

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: X1C0PY0lSDg1JSpsyFxfYA==
age: 48283
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6837
x-ms-lease-status: unlocked
last-modified: Thu, 10 Aug 2023 17:49:49 GMT
server: cloudflare
etag: 0x8DB99CA31A90166
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 28d0050c-401e-003e-51c3-cbaefc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f6762952e703625-FRA

GET
H2 200 EJRLQgErUN8XuHNEtX81i9TmEkrnfc9Q962f.woff2
fonts.gstatic.com/s/sairacondensed/v11/ 16 KB
17 KB 31ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sairacondensed/v11/EJRLQgErUN8XuHNEtX81i9TmEkrnfc9Q962f.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Saira+Condensed:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba24f9ef72f1973e4b0b7b2a2302836376fe6e2f533eaee680ee711d835827d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 17:22:01 GMT
x-content-type-options: nosniff
age: 395379
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16832
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:12:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 08 Aug 2024 17:22:01 GMT

GET
H2 200 Visuelt.ttf
www.secureworks.com/content/assets/fonts/ 167 KB
168 KB 35ms
34ms Font
application/font-ttf 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/content/assets/fonts/Visuelt.ttf

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

98842c0f43a891b9264682dda87aab221bbe5aabfc08cb44f6785df5cf595326

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 23:02:03 GMT
etag: "f7febcd7da47d91:0"
x-azure-ref: 20230814T071140Z-85anr5xcqd54bc0r8u8hpfmq2w00000003ag00000001vf93
x-cache: TCP_HIT
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public,max-age=2592000
accept-ranges: bytes
content-length: 171496

GET
H2 200 warning.ashx
content.secureworks.com/-/media/Images/shared/icons/buttons/utility/ 244 B
735 B 10ms
9ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/buttons/utility/warning.ashx?modified=20221020215207

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5f2d6e604ad2bafcb500a244f270fa557c8275586dc31c9058a1cfa4f46d125f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Oct 2022 21:52:07 GMT
x-azure-ref-originshield: 0mhBiZAAAAAD+5KVD6oj9SKbo9YCD0MBZRlJBMjMxMDUwNDE3MDA5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: b370dd3d1a404660b8227483d8eb6fff
x-azure-ref: 0pd5kZAAAAADM6L0pTWU0SL8WE2DDVUdPRlJBMzFFREdFMDkwNgAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/svg+xml
cache-control: public, max-age=1818942
content-disposition: inline; filename="warning.svg"
accept-ranges: bytes
content-length: 244
expires: Mon, 04 Sep 2023 08:27:22 GMT

GET
H2 200 globe.ashx
content.secureworks.com/-/media/Images/shared/icons/buttons/utility/ 2 KB
1 KB 10ms
9ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/buttons/utility/globe.ashx?modified=20221020215152

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d774717dcbf112735e877fa11abd3b7a3e9ce75c82935d0a78724132c8ca1fe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 14 Aug 2023 07:11:40 GMT
x-azure-ref-originshield: 07k8UZAAAAAAdLYXuHTuFRY7dLxahGVsbRlJBMjMxMDUwNDE4MDMxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-disposition: inline; filename="globe.svg"
content-length: 749
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Oct 2022 21:51:52 GMT
server: Microsoft-IIS/10.0
etag: 7d221ab6182243ebb9f626238749ba99
x-azure-ref: 07k8UZAAAAAC4FjBRdatBTbYKeUrT0Wn4RlJBMjMxMDUwNDIwMDI1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=1143910
accept-ranges: bytes
expires: Sun, 27 Aug 2023 12:56:50 GMT

GET
H2 200 in.ashx
content.secureworks.com/-/media/Images/shared/icons/social/ 768 B
1 KB 11ms
10ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/social/in.ashx?modified=20221031144532

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3931826d11b4250a6e4d10a8249417bbdf73eb1a03f95f124b790b5c8a576bab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Oct 2022 14:45:32 GMT
etag: e3eaed4027ef45f381a9ca6767b60f64
x-azure-ref: 20230729T134857Z-pqxqm19bxh579fbzxdf63tmc600000000bc000000002xb8v
content-type: image/svg+xml
cache-control: public, max-age=1233467
content-disposition: inline; filename="in.svg"
accept-ranges: bytes
content-length: 768
expires: Mon, 28 Aug 2023 13:49:27 GMT

GET
H2 200 tw.ashx
content.secureworks.com/-/media/Images/shared/icons/social/ 1 KB
1 KB 10ms
9ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/social/tw.ashx?modified=20221031144531

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

318f094b79b56bc57c182543d28cffa228816b3d53a1361ad21d9830cfc4f55b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 14 Aug 2023 07:11:40 GMT
x-azure-ref-originshield: 09JdjYwAAAACjWL4py2iZTJsk7Amd2x+6RlJBMjMxMDUwNDE4MDMxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-disposition: inline; filename="tw.svg"
content-length: 689
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Oct 2022 14:45:31 GMT
server: Microsoft-IIS/10.0
etag: 1cfd65ea761243428664256ff1a11d92
x-azure-ref: 09JdjYwAAAAA5i67rqYxcRpgEo+Z1Km0PRlJBMjMxMDUwNDIwMDM1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=1145769
accept-ranges: bytes
expires: Sun, 27 Aug 2023 13:27:49 GMT

GET
H2 200 fb.ashx
content.secureworks.com/-/media/Images/shared/icons/social/ 403 B
744 B 10ms
9ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/social/fb.ashx?modified=20221031144532

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c14c30ca00b3badf163de6dc6d1ee20208fc164bacc5b2dd5bee60d13a80cda0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Oct 2022 14:45:32 GMT
etag: 2972ab029c2e47d18428a81633dd48a5
x-azure-ref: 20230724T022959Z-19r8p05ep1567dmnby8mn1tw0000000001a0000000016zsa
content-type: image/svg+xml
cache-control: public, max-age=760629
content-disposition: inline; filename="fb.svg"
accept-ranges: bytes
content-length: 403
expires: Wed, 23 Aug 2023 02:28:49 GMT

GET
H2 200 gb.ashx
content.secureworks.com/-/media/Images/shared/icons/social/ 2 KB
2 KB 15ms
14ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/social/gb.ashx?modified=20221031144532

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3c7024701a817fee5de0e62bb8d83edb43e08a9be594dde00fd2d2fcf5a20fd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 14 Aug 2023 07:11:40 GMT
x-azure-ref-originshield: 001prZAAAAAAR8GWVipEvTrTUZEfp7xbeRlJBMjMxMDUwNDE4MDIzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-disposition: inline; filename="gb.svg"
content-length: 1230
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Oct 2022 14:45:32 GMT
etag: e9232effb940416d99f84a976e984c00
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
x-azure-ref: 00lprZAAAAAANSPeEQsckSI8T4vY2CkWaRlJBMzFFREdFMDQyMgAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/svg+xml
cache-control: public, max-age=2355773
accept-ranges: bytes
expires: Sun, 10 Sep 2023 13:34:33 GMT

GET
H2 200 right-arrow.ashx
content.secureworks.com/-/media/Images/shared/icons/buttons/ 270 B
778 B 11ms
10ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/buttons/right-arrow.ashx?modified=20221020215130

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ca6538789c7267c0fd372b35a2de78fe51227c09651cc785afeae0b485913548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Oct 2022 21:51:30 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0LfrLYwAAAAD8RpEKAOsbQIJjoozvo2XARlJBMjMxMDUwNDE3MDMxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: b074483aa26d4f8ebd6e202c749c1289
x-azure-ref: 0LfrLYwAAAACvlfAAhucwRb9VwFwTf/NIRlJBMzFFREdFMDQxNQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/svg+xml
cache-control: public, max-age=1333560
content-disposition: inline; filename="right-arrow.svg"
accept-ranges: bytes
content-length: 270
expires: Tue, 29 Aug 2023 17:37:40 GMT

POST
H/1.1 200
OK visitWebPage
725-smc-563.mktoresp.com/webevents/ 2 B
318 B 633ms
104ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://725-smc-563.mktoresp.com/webevents/visitWebPage?_mchNc=1691997100396&_mchCn=&_mchId=725-SMC-563&_mchTk=_mch-secureworks.com-1691997100396-81724&_mchHo=www.secureworks.com&_mchPo=&_mchRu=%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=userID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc__-__Campaign_name%3Deveryonesocial__-__Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe__-__Campaign_source%3Dtwitter__-__es_id%3D7fdbc11ca2
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 14 Aug 2023 07:11:40 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 519f4eab-3395-4ba6-a28d-c4c5247f8e28

GET
H2 200 1bdee92e-dd5f-49d1-9ccb-9a788319e959.json Show response
cdn.cookielaw.org/consent/1bdee92e-dd5f-49d1-9ccb-9a788319e959/ 4 KB
2 KB 41ms
25ms XHR
application/x-javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1bdee92e-dd5f-49d1-9ccb-9a788319e959/1bdee92e-dd5f-49d1-9ccb-9a788319e959.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef15e427309dd58a1118ce13319ed62aa819913762dbf195355f12046c02449

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 32054
content-md5: uXjekcfDzJWox+ZVwXzmcw==
content-length: 1646
x-ms-lease-status: unlocked
last-modified: Thu, 03 Aug 2023 13:53:46 GMT
server: cloudflare
etag: 0x8DB94290E902CF9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 4638bdd8-c01e-0122-5411-c6f085000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f676295bd171965-FRA
expires: Tue, 15 Aug 2023 07:11:40 GMT

GET
H2 200 nanoTrackerv3-0-2.ashx Show response
www.secureworks.com/-/media/Assets/js/shared/ 16 KB
6 KB 13ms
13ms Script
application/x-javascript 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/-/media/Assets/js/shared/nanoTrackerv3-0-2.ashx

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e7a55959687a0af1b5080fd3ed56094717857d6dd023dd577619c0f0879b1af2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 20:30:41 GMT
content-encoding: br
vary: Accept-Encoding
x-azure-ref: 20230814T071140Z-85anr5xcqd54bc0r8u8hpfmq2w00000003ag00000001vf9s
content-type: application/x-javascript
access-control-allow-origin: *
x-cache: TCP_HIT
cache-control: public, max-age=2583706
content-disposition: inline; filename="nanoTrackerv3-0-2.js"
expires: Mon, 11 Sep 2023 21:12:20 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 290 KB
93 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-15MK64YNN6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bda089eb65087079101a900d28777f71ee1f41cf82fdac47217b6f3d1e518dee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94759
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 14 Aug 2023 07:11:40 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 71 B
318 B 48ms
25ms XHR
application/json 2606:4700::6812:1d26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e4626c1f835ec0ba31fd44af02b796c7b07dd229f0731e4c1767ab3510e9ac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7f6762960e34371a-FRA
access-control-allow-headers: Content-Type

POST
H2 204 collect
region1.analytics.google.com/g/ 0
257 B 36ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-15MK64YNN6&gtm=45je3890&_p=909731207&_gaz=1&cid=31154166.1691997101&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691997100&sct=1&seg=0&dl=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&dt=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=10
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-15MK64YNN6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
257 B 60ms
21ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-15MK64YNN6&cid=31154166.1691997101&gtm=45je3890&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-15MK64YNN6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ga-audiences
www.google.de/ads/ 0
0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202307.1.0/ 405 KB
98 KB 17ms
17ms Script
application/javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202307.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71d07479f4b2b809e5769a352f4f55b84690289026ace7ed5395230002551a11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: orDm7smwsr/pjTi/DOTSGQ==
age: 72809
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99815
x-ms-lease-status: unlocked
last-modified: Wed, 02 Aug 2023 03:24:04 GMT
server: cloudflare
etag: 0x8DB9307EC3B2CDE
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a7ed9111-701e-0095-7b03-c5b9d5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f6762964fe93625-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/1bdee92e-dd5f-49d1-9ccb-9a788319e959/e857f094-76cf-49bc-8384-893aa63c0d31/ 79 KB
15 KB 27ms
27ms Fetch
application/x-javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1bdee92e-dd5f-49d1-9ccb-9a788319e959/e857f094-76cf-49bc-8384-893aa63c0d31/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202307.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fffad8684ac0848e36131e8f57538fecbcff6abfb165d3ae8d1be0f90d87adb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 79114
content-md5: MOA24NS8ASxrCDIhQPPG7w==
content-length: 14902
x-ms-lease-status: unlocked
last-modified: Thu, 03 Aug 2023 13:53:50 GMT
server: cloudflare
etag: 0x8DB9429111CE0C2
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 15a84f2d-201e-0086-5612-c68c34000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f6762969e2b1965-FRA
expires: Tue, 15 Aug 2023 07:11:40 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 48 KB
14 KB 1462ms
13ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jul 2023 16:27:10 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64b9605e-bf6f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14190
expires: Mon, 14 Aug 2023 07:11:42 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 42 KB
13 KB 59ms
35ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 14 Aug 2023 07:11:40 GMT
last-modified: Fri, 28 Jul 2023 18:19:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 16C1ACC5B8B44C859F8F40E9A4CFA5F8 Ref B: FRA31EDGE0813 Ref C: 2023-08-14T07:11:40Z
etag: "806f3b1280c1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12469

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/ 3 KB
2 KB 53ms
22ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/?random=1691997100636&cv=11&fst=1691997100636&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&hn=www.googleadservices.com&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&auid=83034790.1691997101&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7477b8fea6c0fa11e3bc2349aa519061f4d20810b3d642fe43e22e0bb3343610

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1506
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6279.js Show response
script.crazyegg.com/pages/scripts/0097/ 6 KB
2 KB 487ms
431ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0097/6279.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8a849a7ddc14e70bce059a817466d2137b9b7863985c46e70d34613b63d1a7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 14 Aug 2023 07:11:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
ce-version: 11.5.109
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f67629758af3a4f-FRA
content-length: 2183

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 36ms
7ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10934024932/ 3 KB
2 KB 50ms
23ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10934024932/?random=1691997100643&cv=11&fst=1691997100643&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&hn=www.googleadservices.com&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&auid=83034790.1691997101&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd88744518d1dae29017e362d222df46fad9b8af9267e4e4c8f40a2d68084a04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1508
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/ 3 KB
2 KB 49ms
23ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/?random=1691997100644&cv=11&fst=1691997100644&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&hn=www.googleadservices.com&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&auid=83034790.1691997101&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c762ea77279bce491eb7234251e68156c79696695d44c8943f7568c920b9086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1506
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 72ms
45ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 50445
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7f67629738d518f1-FRA
expires: Mon, 14 Aug 2023 07:31:40 GMT

GET
H2 200 2mnfp3myy8iz.js Show response
js.driftt.com/include/1691997300000/ 213 KB
60 KB 177ms
150ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1691997300000/2mnfp3myy8iz.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e98f34e5491e4d9e70b99646e6f2751b110ca703d5f188132375095c6a111d2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: 0Ykmwx8Q4NZ5k6qpM1BuDz493xbYKV8t
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Mon, 14 Aug 2023 07:11:40 GMT
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 32
last-modified: Fri, 11 Aug 2023 16:14:52 GMT
server: istio-envoy
etag: W/"c8d5b4425683cc7f7d7b920656a94a36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GIc3RZjnXNNGwiUsPU5dXBz6rinx5bb4hzMK0zT_eFt0j-CtR9WtFg==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 29ms
7ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=23869
accept-ranges: bytes
content-length: 4862

GET
H2 200 40514862.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 51ms
7ms Script
text/javascript 146.75.118.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/40514862.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.118.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cache-hits: 20384
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
via: 1.1 varnish
age: 25663703
x-cache: HIT
content-length: 5579
x-served-by: cache-fra-eddf8230117-FRA
last-modified: Thu, 20 Oct 2022 22:49:15 GMT
server: Apache
x-timer: S1691997101.739437,VS0,VE0
etag: "421e-5eb7f2274b0c0-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
x-vimeo-dc: ge
x-bapp-server: assets-769d499c7b-6rkpw
cache-control: max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Oct 2032 06:23:15 GMT

GET
H2 200 monsido-script.js Show response
app-script.monsido.com/v2/ 8 KB
3 KB 56ms
7ms Script
text/javascript 2600:1901:0:22e6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-script.monsido.com/v2/monsido-script.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:22e6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 64e8ce58f2d8ee4332cc27fcb759c31013f418b6523586b6441fd2f097107b35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:26 GMT
content-encoding: gzip
age: 14
x-guploader-uploadid: ADPycdsC1-3CvwD5bYBw42eMhy8nh9dxBrRTTuAk0oNb_baRBS6JUF6W7PJm_lwIw0WxSfyoQaYZ4VJmteboLKvVLHfhRw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2757
last-modified: Thu, 01 Jun 2023 11:12:59 GMT
server: UploadServer
etag: "fce0a6a1f924b9c6816bdc5bc679506e"
vary: Accept-Encoding
x-goog-generation: 1685617979609837
x-goog-hash: crc32c=dMVJbw==, md5=/OCmofkkucaBa9xbxnlQbg==
content-type: text/javascript
cache-control: public, max-age=300
x-goog-stored-content-length: 2757
accept-ranges: bytes
expires: Mon, 14 Aug 2023 07:16:26 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 82ms
13ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (via/F333) /
Resource Hash: d132dd3ebfcfaf838e709f20f4c76fe2868ffa0dc22ee126f87af6dd0b4a7adb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
last-modified: Wed, 09 Aug 2023 23:28:33 GMT
server: ECS (via/F333)
age: 2684
etag: "4d757c3619cbd91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25480

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 5 KB
3 KB 43ms
8ms Script
application/x-javascript 65.9.99.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.99.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-99-119.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 14 Aug 2023 06:16:42 GMT
Content-Encoding: gzip
Via: 1.1 d5da174e34f35b7d1482b8432bf7e084.cloudfront.net (CloudFront)
Last-Modified: Tue, 01 Aug 2023 20:10:44 GMT
Server: AmazonS3
X-Amz-Cf-Pop: PRG50-C1
Age: 3299
x-amz-server-side-encryption: AES256
ETag: W/"b7474eac210849250426a8f6a39d00f3"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: J6hZqRWKczvh6DUQ1kvWAUwvHQ6LFxj8uh8xLJPUCvMno_D4N8JABA==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 46ms
6ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-etou8220102-FRA

GET
H/1.1 200
OK teads-fellow.js Show response
p.teads.tv/ 19 KB
7 KB 65ms
8ms Script
application/javascript 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p.teads.tv/teads-fellow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 12eec634526deb77f2273e4d241bea4cb8f3c5dcd0380e53a3dc56ed6f9aa9c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 14 Aug 2023 07:11:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 27 Jul 2023 14:07:08 GMT
Server: AmazonS3
x-amz-request-id: WEVGSPQZ8S11HG38
ETag: "d76ef67d0d36f2c2bff98dea83043d32"
x-amz-server-side-encryption: AES256
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=94
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6206
x-amz-id-2: OS308Q1AhzZE6JuKlyGljfiM09oU1uHKErfOxjWiBMrk7cAH0qUzGdnQznJnf/vkw7z0RzfSTe4=

GET
H2 200 otFloatingFlat.json Show response
cdn.cookielaw.org/scripttemplates/202307.1.0/assets/ 10 KB
3 KB 17ms
14ms Fetch
application/json 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202307.1.0/assets/otFloatingFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202307.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3321757433351762495ef3452adf0fcefa179583f4409dd04815c710c5e45f6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: FMq1aROKTLEntOEKFY9rXQ==
age: 32054
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2707
x-ms-lease-status: unlocked
last-modified: Wed, 02 Aug 2023 03:23:58 GMT
server: cloudflare
etag: 0x8DB9307E920F4DA
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 1e8dac87-201e-002c-5211-c65adb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f6762972ecf1965-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202307.1.0/assets/v2/ 61 KB
12 KB 28ms
20ms Fetch
application/json 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202307.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202307.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: lrjqvumkzLVMxa35AVJR4w==
age: 20945
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12544
x-ms-lease-status: unlocked
last-modified: Wed, 02 Aug 2023 03:24:00 GMT
server: cloudflare
etag: 0x8DB9307EA0A6EFC
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 8a54f709-201e-014e-2711-c65b56000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f6762972ed81965-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202307.1.0/assets/ 21 KB
4 KB 34ms
25ms Fetch
text/css 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202307.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202307.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ed6388d56fc9f2044791e0559ab4a283381791e359dc2981449955e702de56d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: /b68gAlvQhCuyX9fCPcDyg==
age: 5566
x-ms-lease-status: unlocked
last-modified: Wed, 02 Aug 2023 03:24:08 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 04128593-801e-00e6-6711-c6c916000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7f6762972edb1965-FRA

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.secureworks.com&pId=5979240291217397413

0
235 B

263ms
212ms

Image
application/json

2600:9000:2251:f600:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.secureworks.com&pId=5979240291217397413
Protocol: H2
Server: 2600:9000:2251:f600:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: n5gYpyPIPCdK2pJf7jZoJqX2rgji3kCRmktaq11AOR7Vx1cLPKBavQ==
content-length: 0
apigw-requestid: Jo4DIgZrIAMESfw=

Redirect headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:41 GMT
an-x-request-uuid: 0822fbee-0dec-42f3-9fb5-c9e1c406faa0
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=www.secureworks.com&pId=5979240291217397413
x-proxy-origin: 81.95.5.42; 81.95.5.42; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 391ms
364ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1691997100685&id=t2_f8xwyeln&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=e6904778-29de-432d-9a44-53f8ffaf1e13&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/648366107/ 42 B
455 B 44ms
20ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/648366107/?random=1691997100636&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=411080567&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/648366107/ 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/648366107/ 42 B
108 B 40ms
21ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/648366107/?random=1691997100644&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=893245387&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/648366107/ 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/10934024932/ 42 B
108 B 24ms
23ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10934024932/?random=1691997100643&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=1794948017&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/10934024932/ 0
0

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
599 B 19ms
19ms Image
image/svg+xml 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 9840
x-ms-lease-status: unlocked
last-modified: Thu, 10 Aug 2023 17:49:56 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 8c95a345-d01e-0085-5b21-cc145e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7f67629769483625-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
488 B 38ms
38ms Fetch
image/svg+xml 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202307.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
x-ms-lease-status: unlocked
last-modified: Thu, 10 Aug 2023 17:49:55 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2814d9a5-701e-001a-5776-cc585c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7f6762977f401965-FRA

GET
H2 200 SW_logo_black_print.png
cdn.cookielaw.org/logos/7465cc90-ea12-4f33-80a4-557abead3b10/1bdee92e-dd5f-49d1-9ccb-9a788319e959/4cc354d6-2763-454f-a29d-f10f1788b6aa/ 22 KB
22 KB 19ms
19ms Image
image/png 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/7465cc90-ea12-4f33-80a4-557abead3b10/1bdee92e-dd5f-49d1-9ccb-9a788319e959/4cc354d6-2763-454f-a29d-f10f1788b6aa/SW_logo_black_print.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b96ae3ad93fc2ec81fe1f623ba74a9f3f607f2ea79c7b741e55b73366b41cf73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 2qjIoAdJjqAKBeXNXVdNEg==
age: 47857
content-length: 22030
x-ms-lease-status: unlocked
last-modified: Tue, 22 Mar 2022 06:08:54 GMT
server: cloudflare
etag: 0x8DA0BCA71F312CB
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: b37aa1b8-f01e-00c0-19e1-5a52a2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f67629789743625-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 17ms
17ms Image
image/svg+xml 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 3521
x-ms-lease-status: unlocked
last-modified: Thu, 10 Aug 2023 17:49:56 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: d964fdaa-501e-0022-6cb5-cbfc9c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7f67629789753625-FRA

GET
H2 204 56073499.js Show response
bat.bing.com/p/action/ 0
117 B 32ms
32ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56073499.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 14 Aug 2023 07:11:40 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A0FE44475F7D4D7FB30400E239C26712 Ref B: FRA31EDGE0813 Ref C: 2023-08-14T07:11:40Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 76ms
75ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=56073499&Ver=2&mid=784f198f-4d15-4ea8-a7a9-3380f9b1fc2d&sid=d101af703a7111eea1f69b083e74bbaa&vid=d101d9003a7111eebf6d8bdf9f9505d8&vids=1&msclkid=N&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&p=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&r=&lt=1198&evt=pageLoad&sv=1&rn=95344

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 07:11:40 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 999A081B1A9A4A86B5918E6A64FC26FB Ref B: FRA31EDGE0813 Ref C: 2023-08-14T07:11:40Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
465 B 114ms
113ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17588164&r=1691997100742&ref=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 17588164
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
via: 1.1 google
x-guploader-uploadid: ADPycds1wYE46AhaJ48eYKS-wkJRx8T0qN4nNIj80hJVIAdriDX-e1HwsGu3v1TLgBYAkP2U_ffbXmN3kmmHM4OU8B6q3Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Mon, 14 Aug 2023 08:11:40 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 139ms
108ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17588164&r=1691997100742&ref=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.secureworks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 14 Aug 2023 07:11:40 GMT
expires: Mon, 14 Aug 2023 07:11:40 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdtl3HcnMVOS4lfPpc3-nW24O57nOXykkxDu6HMGeDOutk1TyHB5kkw1hVleMmdbecz_J7EQOM93DurdZG6hvfvHYUUueO9n

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/2386324/domain/secureworks.com/ 36 B
376 B 71ms
24ms XHR
application/json 2600:9000:2127:7e00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2386324/domain/secureworks.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:7e00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 06:57:34 GMT
content-encoding: gzip
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 846
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: iZt48cOjok3ZMPNo5mAfdQTxuqe16yPTjjjmU_hDnrnUpsCpzC99QA==

GET

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2386324%26time%3D1691997100745%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b0...

0
0

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 26 KB
6 KB 43ms
8ms Script
application/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 06:31:08 GMT
content-encoding: gzip
age: 2432
x-guploader-uploadid: ADPycdtmdMak9R_YnpKrwv-5_9S1zRn355yR5C4UaOGKXYRQwSf-Bgdib7poA1BOsxqQuokpPxqdVLipjk4DDJY_smO2vA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5774
last-modified: Fri, 28 May 2021 20:34:03 GMT
server: UploadServer
etag: "d001d1c9f5a942fa5524eeacb047e819"
vary: Accept-Encoding
x-goog-generation: 1622234043862937
x-goog-hash: crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 5774
accept-ranges: bytes
content-type: application/javascript;
expires: Mon, 14 Aug 2023 07:31:08 GMT

GET
H2 200 aa3cc511947365a3.min.js Show response
tag.demandbase.com/ 76 KB
21 KB 74ms
17ms Script
application/javascript 108.138.17.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/aa3cc511947365a3.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.17.47 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-17-47.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3868f89695215754d8cc642584989631474b8549675b75882716bdac8b238833

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: eL17w.alUOufMybtoz7BhERYIwHAEQEn
content-encoding: gzip
via: 1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P7
age: 2640
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 26 Jun 2023 22:29:29 GMT
server: AmazonS3
etag: W/"b0ca736440c9490ebbafe0fa55d1fa31"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: TnAF7Xi0yude6a2hix47dtGLNL1zD1fQGVdqG_KrKXB40b1Xi2q0Bw==

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 8D7B 0
182 B 111ms
32ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=6g1y9hy&ref=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&upid=gn5z6gn&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Mon, 14 Aug 2023 07:11:40 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 /
tracking.monsido.com/ 43 B
205 B 54ms
17ms Image
image/gif 2600:1901:0:891c::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tracking.monsido.com/?a=MQ9I_bNdFCKYbfcbs6zs6Q&b=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&c=AAD1691997100786&f=0101691997100786&h=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:891c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: 2023-08-14T07:11:40Z
date: Mon, 14 Aug 2023 07:11:40 GMT
cache-control: private, no-store, max-age=0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 adsct
t.co/i/ 43 B
375 B 134ms
108ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=682cd26b-90c2-43f8-b922-2733b22cb17b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c661b0c7-59e4-4c80-b751-7f7c144af5a3&tw_document_href=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o9jck&type=javascript&version=2.3.29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time: 102
date: Mon, 14 Aug 2023 07:11:39 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 6b20bdf1a57a2cb0
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: c628491cca4936c1147242f8103789d72c40d808121fdd6f22c31584cb34f7df
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
394 B 157ms
123ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=682cd26b-90c2-43f8-b922-2733b22cb17b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c661b0c7-59e4-4c80-b751-7f7c144af5a3&tw_document_href=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o9jck&type=javascript&version=2.3.29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time: 116
date: Mon, 14 Aug 2023 07:11:40 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 2e1c800cde5f0465
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 8e420bbb816217c1a2f095fd9f8c367a7729019290fbac663322dd13975e9148
content-length: 43

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
304 B 14ms
14ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=b591f493893444a0e2067dac460423a8&_biz_s=167daa&_biz_l=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&_biz_t=1691997100798&_biz_i=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&_biz_n=0&rnd=494614&cdn_o=a&_biz_z=1691997100799
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (via/F33F) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
last-modified: Sat, 12 Aug 2023 19:31:04 GMT
server: ECS (via/F33F)
age: 128436
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
190 B 23ms
12ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=b591f493893444a0e2067dac460423a8&_biz_s=167daa&_biz_l=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&_biz_t=1691997100806&_biz_i=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&rnd=815678&cdn_o=a&_biz_z=1691997100806
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (via/F333) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
last-modified: Sat, 12 Aug 2023 21:22:14 GMT
server: ECS (via/F333)
age: 121766
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H/1.1 200
OK advertiser Show response
cm.teads.tv/v2/ 138 B
858 B 56ms
29ms Fetch
application/json 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.teads.tv/v2/advertiser?referer=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&buyer_pixel_id=7246
Requested by: Host: p.teads.tv
URL: https://p.teads.tv/teads-fellow.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d6aec3e8a9da0f555d22ddc16f344a4dd83928c610016d0d8aaa47f794c89c3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Aug 2023 07:11:40 GMT
Observe-Browsing-Topics: ?1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.secureworks.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Origin-Trial: A/ZN3JeVl863wk4gji5LwmyqD8tQETuBB/T7ruSp8OvPp/kIaJGhw4I8mpB3u4vvQoSH2zniTHlhvlBBOA1ZbAkAAAB+eyJvcmlnaW4iOiJodHRwczovL3RlYWRzLnR2OjQ0MyIsImZlYXR1cmUiOiJQcml2YWN5U2FuZGJveEFkc0FQSXMiLCJleHBpcnkiOjE2OTUxNjc5OTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
Connection: keep-alive
Content-Length: 138
Expires: Mon, 14 Aug 2023 07:11:40 GMT

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
325 B 120ms
120ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=b591f493893444a0e2067dac460423a8&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.08.09
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (via/F34A) /
Resource Hash: 3117ca5a7a3d29009aa755c483c17353666a10d08c369621f6c269387d1a0b05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
content-encoding: gzip
server: ECS (via/F34A)
etag: C972BEF1
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 219

POST
H2 204 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ 0
0 140ms
139ms Fetch
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by: Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: application/json
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
server: Google Frontend
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by: Express
access-control-allow-methods: GET, POST
content-type: text/html
access-control-allow-origin: *
x-cloud-trace-context: 59ca38fb62fe35572f5f4eb11ef5d6ed
function-execution-id: 5msy9sax9mj7
access-control-allow-headers: Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame 0
0 159ms
133ms Preflight
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.secureworks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 22
content-type: text/html; charset=utf-8
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: W/"2-ROqGvmcGDXooyAXFZHZ+i4au1yQ"
function-execution-id: kkeyp6ew3usv
server: Google Frontend
x-cloud-trace-context: 7b87fdc339fa4bb2aa22ca9f05f9715a
x-powered-by: Express

GET
H2 200 core Show response
js.driftt.com/ Frame 5A64 2 KB
1 KB 131ms
130ms Document
text/html 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1691997300000/2mnfp3myy8iz.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9db12103c6e7ca43247cd00bce409ab4df4e7580e016ac0fce004f77065a3efb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 14 Aug 2023 07:11:40 GMT
etag: W/"0161a3715b53020058f11be2d94b59e0"
last-modified: Fri, 11 Aug 2023 16:14:42 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-id: IuoIz2djmP14diabDmwZtKiAxGkyh01nkVSCyDn9dyfN1nfJHYC6JQ==
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: 5FR.9pOw1BnItFzlSdUCRQ23pa3ul51O
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 26

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 7924 2 KB
1 KB 344ms
342ms Document
text/html 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1691997300000/2mnfp3myy8iz.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9db12103c6e7ca43247cd00bce409ab4df4e7580e016ac0fce004f77065a3efb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 14 Aug 2023 07:11:41 GMT
etag: W/"0161a3715b53020058f11be2d94b59e0"
last-modified: Fri, 11 Aug 2023 16:14:42 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-id: sLg1HNKSOn4uDTY1GSLhgcwOpNExoltBWINYpTnw9QJvTObsogFr3A==
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: 5FR.9pOw1BnItFzlSdUCRQ23pa3ul51O
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 track
t.teads.tv/ 23 B
134 B 91ms
44ms Image
image/gif 23.212.89.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=pageView&env=js-web&tag_version=6.14.8_d8680eb&provider=tag&buyer_pixel_id=7246&referer=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&user_session_id=10fb1539-f978-439d-8558-b5577c2c9b75
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.89.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-212-89-35.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 26 Jul 1997 05:00:00 GMT
date: Mon, 14 Aug 2023 07:11:40 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 23
content-type: image/gif

GET
H2 200 sync Show response
s.company-target.com/s/ Frame 718E 634 B
977 B 154ms
97ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.company-target.com/s/sync?exc=lr
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/aa3cc511947365a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.71.96.34.bc.googleusercontent.com
Software: /
Resource Hash: a0553fda2bc3a990e81b55373266009a9114b9741a521691f009e53f979b7218

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Mon, 14 Aug 2023 07:11:40 GMT
via: 1.1 google

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 41ms
16ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 ip.json Show response
api.company-target.com/api/v2/ 4 KB
1 KB 77ms
54ms XHR
application/json 18.66.97.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&page_title=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-17.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 7d47db33b29d18419b1629c1e055ab2eceb6642555cb148bf0b14c4c974e119a

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 14 Aug 2023 07:11:40 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
request-id: be875628-d6f6-410b-b441-e8bf6fba4aa5
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.secureworks.com
access-control-expose-headers: x-amz-cf-id
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qFL2rBDAKSzLBgzkmHYl8ighjSRdaIDkBD7NGx9_lPco7jz_YJrqow==
expires: Sun, 13 Aug 2023 07:11:40 GMT

GET
H2 200 u
cdn.bizible.com/m/ 43 B
120 B 18ms
18ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A725-SMC-563%26token%3A_mch-secureworks.com-1691997100396-81724&_biz_u=b591f493893444a0e2067dac460423a8&_biz_s=167daa&_biz_l=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&_biz_t=1691997100807&_biz_i=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&_biz_n=1&rnd=697726&cdn_o=a&_biz_z=1691997100908
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (via/F335) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:40 GMT
last-modified: Mon, 14 Aug 2023 01:58:13 GMT
server: ECS (via/F335)
age: 18807
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
419 B 216ms
159ms XHR
text/html 2600:9000:2127:5800:1d:8d6d:3b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=qFL2rBDAKSzLBgzkmHYl8ighjSRdaIDkBD7NGx9_lPco7jz_YJrqow==&api-version=v2
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:5800:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
date: Sun, 13 Aug 2023 08:01:17 GMT
via: 1.1 badae0844eca8f0bad6677607d947120.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 85320
x-amz-server-side-encryption: AES256
x-cache: Error from cloudfront
content-length: 0
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
server: AmazonS3
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: G0yVINZh8Kc5PIpKM6DTf2t5vNRCt3Av_ZR2TdziAfVOOaRh_C67GA==

GET
H2 200 runtime~main.9264cfc2.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 6 KB
3 KB 8ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3f21dad28fabd7c924f7a0ba00ce852446846c897b649c28af2aaffcb2f45086

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 16:14:41 GMT
x-amz-version-id: lpIMz_RQJhXBa1boVmRczeiq8uFLHj6D
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 226619
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Fri, 11 Aug 2023 16:01:22 GMT
server: istio-envoy
etag: W/"1f9aa52bad9bda18b398a383e9d5f1e2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dA1dJzIRi5yYWd2blzZ7O6d1jPTF30optAZV22BKlwNH2nlopQxCmg==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 35 KB
13 KB 10ms
10ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 01:55:57 GMT
x-amz-version-id: 5TXDZsW5KWm2BmB4QCZ0F0RTv1A0v1vA
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3647743
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 30 Jun 2023 16:16:11 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yLWka5gHKey2nZPWv31LRv6MtcA7ZSBaJTFJYBu6NGnKbxk4vuqqSw==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 7 KB
3 KB 9ms
9ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:46 GMT
x-amz-version-id: _6ChWa7QfxwgvKvHcksc0_7OHMp8jBKX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4722594
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 20 Jun 2023 14:23:11 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rPvYrBjBK-LcA87kVLXDNiFoY8BfE5c5M0xHkttcZIRh18O_h_zavA==

GET
BLOB 200
OK a3b87957-8dad-474a-90dc-15d8e8cd4973
https://www.secureworks.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.secureworks.com/a3b87957-8dad-474a-90dc-15d8e8cd4973
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 23 KB
8 KB 9ms
7ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: 5TonZ2q4BzUrPKpbgBIsyV0ypFLgVCeU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bKbX7mJ9zKcWD7vSxHCwciJFXrY231aYmpgU2DPHU-CaKfdVQnG9sg==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 36 KB
10 KB 13ms
9ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:30:14 GMT
x-amz-version-id: qXDwNGmcU.i_gy6zABPrFxJLJu0M1pqs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3397287
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Bb2Mip2QKKEsfBvntETO6Na7j0CQTkEKD7IVT2qMn-k3HTJy6StTOg==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 32 KB
11 KB 13ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: zK.I5gIdSwLDVz8paigwY_NlFGMXuMgL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4722594
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tiOrK7BZneqflvT_pDL077eTEfXrt7UAmggpYAm9qW77A-GLCCoXCA==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 17 KB
6 KB 12ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 06:35:14 GMT
x-amz-version-id: NhB69SBKJZmuUtXDH0xsEetKhzurSV2H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 6050187
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RSgFMc6Pf-52dcE70_IV1FyDV2Dyzv_O-6FbUy6qUZoay6AdBfS0wg==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 25 KB
8 KB 14ms
10ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:25:03 GMT
x-amz-version-id: aw1f3uGwXuU6S2OomkpX1DCMYaDfscU9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3296797
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 32tx5kf2wonN5N_trIvH4XrfyknluKcsgyaTHSlvfyCkMQQmjTbarg==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 74 KB
23 KB 16ms
12ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 05:35:25 GMT
x-amz-version-id: gDXldnX8iN1RnUUBAaD4i0CIS1LddA9A
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3288976
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qA-5YaThuLxm0E-zKGGJmA2wdrXphOsLY3heCCbsjwYKFsFx1BPrdA==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 66 KB
20 KB 15ms
11ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 25 May 2023 07:08:48 GMT
x-amz-version-id: pbTO4uU1iA_kBPCkMqV8rm3AioPcDtRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 6998573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Wed, 24 May 2023 17:36:06 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DXSjUHB3cdZ2xhh-zW-sKO5x2YIO9x3cs_v_bRwEk1D5OZOUPYWC1w==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 91 KB
28 KB 18ms
14ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 12:05:00 GMT
x-amz-version-id: SrUur3gTkOE1yjoDcy53ibL6t3rDB5tT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3265601
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tl4HOuSVbLrILtIMGfcxTlzzdBWky36BkrP3qqAYZv4VyjXARisb1A==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 23 KB
7 KB 14ms
10ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 30 May 2023 11:02:53 GMT
x-amz-version-id: IgOK_MQbEszp7MebOhF6oyS1BThWXb5o
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 6552528
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 26 May 2023 19:24:42 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: s5SQapoqiR2JyMR66vWZKDAFNiP7HEmEwipOySLKQ9nzXA9ueJA3sw==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 62 KB
20 KB 17ms
13ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:01:51 GMT
x-amz-version-id: 4sXKEKnf1MP6Oxg8R9s.0Ul7nOjxTe89
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4079390
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Mon, 26 Jun 2023 20:12:19 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: b3OmzAvDdDxGeYcUdp325R1w5pl9yEGjNgWZOmMz7GjGmwOZl6bUsw==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 105 KB
34 KB 25ms
21ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gBpCCsntSn2IWEffEf2F8DC2OtX8qv0J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 100
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6_G_9XTEegcbp5KWsFsHJCWrTfpvSAvSCX89RgbV9w-QjW-gdt3mcA==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 12 KB
4 KB 23ms
20ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gaQfc6pG5RLqHW0hh_UKZROeLJfiPf7y
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EBNk8suhCMk9yrijaL2-tqguk6JNoBVClDq5GC890OrsyC_NdHZLlQ==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 13 KB
6 KB 23ms
20ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ncEfPgGiy8bvtpJNwnTX.NMziBwYghK4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ejo7Txdq0vnAARgj88L2P2R4_t71AeSrUKOAvHpv5DUt-uI5kEpokA==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 17 KB
7 KB 23ms
20ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:27:20 GMT
x-amz-version-id: E7uVAl1FLfBDE265RBi.rA_w78O03F5t
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3501861
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7MCsuTnvZcxEK_wg0WNo8BRyNX1JU_37Kz3NM-Ojb3asapa5CmPQuQ==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 5A64 31 KB
4 KB 23ms
21ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: a7.YLqd37JZcdeCbrfXC3CfVjfFxsQd4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: V8kMT08yDcXP0asg3dlT6QfRO6tvjJlonBEWbbq0LwVteC7uZei0RA==

GET
H2 200 8.94b86ac7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 81 KB
25 KB 18ms
15ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.94b86ac7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:10 GMT
x-amz-version-id: sKS3NtYZ5xBkpnwyRKt297s4ZL0aCKra
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2372431
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 17 Jul 2023 15:59:42 GMT
server: istio-envoy
etag: W/"c01af04dcc374efd61d695b2f1e6a2c5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ct6MnTEX-ZwAYttqizGAou_4_V8DhUvArvb43jpE2DfemKPqY7mO_w==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 5A64 24 B
696 B 22ms
19ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:27:17 GMT
x-amz-version-id: wC0VVnvjh0b_x52D_sqkaWEh2hDGH6qB
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 3501864
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 13
content-length: 24
last-modified: Fri, 30 Jun 2023 16:16:06 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YD8YE9B7TyY0zGjvyjPmh4SiedOb8RzXQeFMxmZGQ1W1sR9_lMo8nA==

GET
H2 200 16.8bd9e5a9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 91 KB
23 KB 19ms
16ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.8bd9e5a9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: rzljacJzqN37r9cYvWsZXzr5I9pj.xER
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 1426466
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"ef144ff505a111b4fe4731aaba1cffed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1SqlFTdm1aG_Te9PNyMR-I6HJNq3qDmztUXsw_h1OMnu9Bxd-o50GA==

GET
H2 200 24.fa10a45a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 50 KB
14 KB 20ms
18ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.fa10a45a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

91ef02bd2b773e9ac2699edf1baef64de9ae6458aca2702547a1420a98df9ca0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 16:14:41 GMT
x-amz-version-id: IRN5_gdkIWWL8B85ot.oRDLfvGhU.twz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 226620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Fri, 11 Aug 2023 16:01:20 GMT
server: istio-envoy
etag: W/"512c94affafcaf09226dafa395e2f3b9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tGRKvfVS9d0yrRQ5nHO27nwN9mLEQkTQFBIiu53sIsTi5mEpH91r9w==

GET
H2 200 17.1a833f5c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 40 KB
13 KB 21ms
19ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.1a833f5c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c3e2fd82caf2e806bc5f759e553b682d053812b80176497b6497b37ee5bbb054

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 16:14:41 GMT
x-amz-version-id: y6vGlhDVsMjulxa2LfM3Q0gJ2IMVljRl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 226620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 11 Aug 2023 16:01:19 GMT
server: istio-envoy
etag: W/"4ef9e6ec7d6b69315a497d1854bfe155"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TmF-NkQxCngUq1VxRTKZs200EY3bUDMzaDKS4k6z7RDpS8FfbW5E0w==

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 718E
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1707894700&external_user_id=65f3f6f9-9f78-4146-871e-02d8dd5cf4c0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1707894700&external_user_id=65f3f6f9-9f78-4146-871e-02d8dd5cf4c0&C=1

43 B
766 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1707894700&external_user_id=65f3f6f9-9f78-4146-871e-02d8dd5cf4c0&C=1
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Aug 2023 07:11:41 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 14 Aug 2023 07:11:41 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=18&expiry=1707894700&external_user_id=65f3f6f9-9f78-4146-871e-02d8dd5cf4c0&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2 200 sync
partners.tremorhub.com/ Frame 718E 43 B
393 B 295ms
97ms Image
image/gif 2600:1f18:612b:4200:a191:c85d:637e:ad03
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIDM=65f3f6f9-9f78-4146-871e-02d8dd5cf4c0
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:a191:c85d:637e:ad03 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Mon, 14 Aug 2023 07:11:41 GMT
server: nginx
content-type: image/gif

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 718E 0
239 B 77ms
7ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?nid=5578&put=65f3f6f9-9f78-4146-871e-02d8dd5cf4c0&v=1181926
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 28e1e7d28d06b07ec669bc9e43057b8e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 9 KB
3 KB 9ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 01:23:13 GMT
x-amz-version-id: d8XrCXyW6RDxNJSZp3WgY6XBM0lZo7kg
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3390508
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oPi5h_n-Fx4Qf8J9DDjz67K7J4rhyGSw9zeYN_waob7J-V6cWClclA==

GET
H2 200 27.01c2bea5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 35 KB
10 KB 11ms
9ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:02:59 GMT
x-amz-version-id: nle0j8birQ7TqZcCTCj2_Aiuc4PU4FBJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4770522
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"04a233a42dcf8c50a83bfecea8ba552d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NaGNDBp7KrlzQRuyqc2fUOVN-i06bCGHkaxMwCvLacAyw2ImZIhAvA==

GET
H2 200 28.b5e8f5e1.chunk.css
js.driftt.com/core/assets/css/ Frame 5A64 8 KB
2 KB 10ms
8ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/28.b5e8f5e1.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 13:30:40 GMT
x-amz-version-id: o5Mqj_3FT3WjX9660DbCXWXmwKjwNZDi
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 1618861
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Wed, 26 Jul 2023 13:12:09 GMT
server: istio-envoy
etag: W/"e7107bc29ccb3c6d928f0f8f10a0f22d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7hEt3RpzNDdx5qiO3K-oxVDy6sWleuD-LcKLjtJzdF37Be_xNA5IWQ==

GET
H2 200 28.bdd92ff2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 14 KB
6 KB 11ms
10ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.bdd92ff2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: FN2mK9FP.1iG0EPXu5GaP7vFrDcTGt2G
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4722594
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"260fbabe310bd2cae5c44538f3d833ad"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FRcBb_PUIveWQpsRkkUSkbOpKLZCWx04Ggfp3_4zDw6DepPplgDiLQ==

GET
H2 200 25.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 5A64 365 B
1 KB 10ms
9ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: ZuuQmAv287PLv09x8YJDQ63ijAfFLcLS
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 4722594
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
content-length: 365
last-modified: Tue, 20 Jun 2023 14:23:06 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: h9ofmk3blVoBtJ5uBHlIe5_SJIptV_pF_cC4aTvNktwFj-e-BqoYKQ==

GET
H2 200 25.a9a52994.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 91 KB
25 KB 12ms
11ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.a9a52994.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d21b490fa72e9cd90e09db07c73ef43c0d65bf38de6a41dfd1c53338f71549a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:11 GMT
x-amz-version-id: gwpLuUCx14LwmyLJHh.v9ArijcPAHA0d
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2372430
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 67
last-modified: Mon, 17 Jul 2023 15:59:41 GMT
server: istio-envoy
etag: W/"34109a0bf2906f78b21b4a9f5fa4ab8c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bIgqXdoWUUkN7ZlHgfZX_Yl2CzTvEFaVE8VK6XhLRtiQJKP-p3KBwg==

GET
H2 200 www.secureworks.com.json Show response
script.crazyegg.com/pages/data-scripts/0097/6279/site/ Frame 3DC0 15 KB
3 KB 161ms
144ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6279/site/www.secureworks.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6279.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1cbcd944bbc646f589e63bf05e69b968f2ab865c912125739ec8cb3dddce654

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 14 Aug 2023 07:11:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
ce-version: 11.5.109
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f67629a299e9b9b-FRA
content-length: 3190

GET
H2 200 runtime~main.9264cfc2.js Show response
js.driftt.com/core/assets/js/ Frame 7924 6 KB
3 KB 8ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3f21dad28fabd7c924f7a0ba00ce852446846c897b649c28af2aaffcb2f45086

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 16:14:41 GMT
x-amz-version-id: lpIMz_RQJhXBa1boVmRczeiq8uFLHj6D
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 226620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Fri, 11 Aug 2023 16:01:22 GMT
server: istio-envoy
etag: W/"1f9aa52bad9bda18b398a383e9d5f1e2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hhNkkE8AsR53bLTAGXUzJEK-7VFMAhEVRM8wiA3PyQBSstizkTO67A==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 35 KB
13 KB 9ms
9ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 01:55:57 GMT
x-amz-version-id: 5TXDZsW5KWm2BmB4QCZ0F0RTv1A0v1vA
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3647744
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 30 Jun 2023 16:16:11 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: R5Wh-gE2zZ2jc-ue0JH16PX_hx-Isnws10SMaQ3z9NMgCok_6qYYUw==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 7 KB
3 KB 10ms
10ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:46 GMT
x-amz-version-id: _6ChWa7QfxwgvKvHcksc0_7OHMp8jBKX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4722595
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 20 Jun 2023 14:23:11 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3vKgiH7TcJ0PQpy1PfyOfQdisxLEkof4F5S-l2JKK3AceqCKA1Kuqw==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 23 KB
8 KB 15ms
12ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: 5TonZ2q4BzUrPKpbgBIsyV0ypFLgVCeU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: q2WEN_M7L6kgGbPbRTcUMHbnpJPjlt3UBrIzCvuoRZs1gyagpRAJfg==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 36 KB
10 KB 16ms
13ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:30:14 GMT
x-amz-version-id: qXDwNGmcU.i_gy6zABPrFxJLJu0M1pqs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3397287
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CFE2ytG55ozjqKQF5ZuJ0zCD05uBd_iHTgkgQoABPnvzBTq93AUauQ==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 32 KB
11 KB 16ms
14ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: zK.I5gIdSwLDVz8paigwY_NlFGMXuMgL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4722594
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dKIgPx3A2gk2PkmoFaqg-p6HVZlOVooJriRnY-oxjuKNKnm_akIu8A==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 17 KB
6 KB 17ms
14ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 06:35:14 GMT
x-amz-version-id: NhB69SBKJZmuUtXDH0xsEetKhzurSV2H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 6050187
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Y3yOVbHweWNvtIaCs7aaYhHfTV1TsHzQlLSfBBMVDxR0nEUeOMq2iA==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 25 KB
8 KB 18ms
15ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:25:03 GMT
x-amz-version-id: aw1f3uGwXuU6S2OomkpX1DCMYaDfscU9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3296797
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: W6iKRjSeYmbtD-B4Hni1oEq3pMREHDqnHDc6Z4gOg6j1u9zXIQEj0g==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 74 KB
23 KB 18ms
16ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 05:35:25 GMT
x-amz-version-id: gDXldnX8iN1RnUUBAaD4i0CIS1LddA9A
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3288976
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VhvsVviobiVMOXYVfjA5hy8mZVNl4DUkrdMAVGlck9IoyLheQ53rnQ==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 66 KB
20 KB 20ms
17ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 25 May 2023 07:08:48 GMT
x-amz-version-id: pbTO4uU1iA_kBPCkMqV8rm3AioPcDtRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 6998573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Wed, 24 May 2023 17:36:06 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Yf1ktcq7LWanR1Wmpqz8NmgnzUoLPpZDOnSFCu60GVANvNbvDUWgZQ==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 91 KB
28 KB 20ms
18ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 12:05:00 GMT
x-amz-version-id: SrUur3gTkOE1yjoDcy53ibL6t3rDB5tT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3265601
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8At_LarknwTN6IrWzT8SF9n7eT5JvKBrgdh5F5kUeX1PpHZEPgzS5w==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 23 KB
7 KB 22ms
20ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 30 May 2023 11:02:53 GMT
x-amz-version-id: IgOK_MQbEszp7MebOhF6oyS1BThWXb5o
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 6552528
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 26 May 2023 19:24:42 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xgdjPUvMci8vq1nvGSeua7dwudFb7jNW-Lds0tRlvM137C8zBOoE6w==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 62 KB
20 KB 23ms
21ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:01:51 GMT
x-amz-version-id: 4sXKEKnf1MP6Oxg8R9s.0Ul7nOjxTe89
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4079390
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Mon, 26 Jun 2023 20:12:19 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: p3RaaNxBSN3_5hNoN48cIzMV54oC4g5LiUezAJzQbsr5AnFAUJgaZg==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 105 KB
34 KB 24ms
22ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gBpCCsntSn2IWEffEf2F8DC2OtX8qv0J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 100
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ofpAJnCyKkcBRP4r4RKTew_nptB_eARsiS7P1XZCDgxTFyTnG2QNcg==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 12 KB
4 KB 26ms
24ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gaQfc6pG5RLqHW0hh_UKZROeLJfiPf7y
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: m0sbfXTBJp9Zlo_Oga_WR3CvBbFPMHeC-I_rzermSBdmqK--e6tjdA==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 13 KB
6 KB 26ms
24ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ncEfPgGiy8bvtpJNwnTX.NMziBwYghK4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YvCoVWcziJ0OraB16F9_dVu7RTarJLlSaqywq6iB6JRVGvLf_sWBAg==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 17 KB
7 KB 26ms
24ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:27:20 GMT
x-amz-version-id: E7uVAl1FLfBDE265RBi.rA_w78O03F5t
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3501861
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EikyvQks9meOON8l4JDFdOm1eBYC-bWmlDIZnWaEDee-JFxL_b1q1w==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 7924 31 KB
4 KB 21ms
19ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: a7.YLqd37JZcdeCbrfXC3CfVjfFxsQd4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4767821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TH1zxY1aGvkZQjOxRRjEM8kp-9USKWhdRXITucL2i5BrBGoQqn6B4g==

GET
H2 200 8.94b86ac7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 81 KB
25 KB 27ms
25ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.94b86ac7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:10 GMT
x-amz-version-id: sKS3NtYZ5xBkpnwyRKt297s4ZL0aCKra
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2372431
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 17 Jul 2023 15:59:42 GMT
server: istio-envoy
etag: W/"c01af04dcc374efd61d695b2f1e6a2c5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: M9t7wZrtntSNjGdBzeiiC_iN7Yc2R1P1kM23tgoPkYS5a1NJ0T0YWw==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 7924 24 B
696 B 21ms
20ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:27:17 GMT
x-amz-version-id: wC0VVnvjh0b_x52D_sqkaWEh2hDGH6qB
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 3501864
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 13
content-length: 24
last-modified: Fri, 30 Jun 2023 16:16:06 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jwRAveKHLjWPvJodHVC70a1sz6wGBLT9KhgtLSsgjFbEhMPhFclQ8Q==

GET
H2 200 16.8bd9e5a9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 91 KB
23 KB 32ms
31ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.8bd9e5a9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: rzljacJzqN37r9cYvWsZXzr5I9pj.xER
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 1426466
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"ef144ff505a111b4fe4731aaba1cffed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yJ8odX9c6SwbgryfoykR2q9E49JUVFW8VIRK-30Uu6IN3c0Wgpk3QQ==

GET
H2 200 24.fa10a45a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 50 KB
14 KB 33ms
31ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.fa10a45a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

91ef02bd2b773e9ac2699edf1baef64de9ae6458aca2702547a1420a98df9ca0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 16:14:41 GMT
x-amz-version-id: IRN5_gdkIWWL8B85ot.oRDLfvGhU.twz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 226620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Fri, 11 Aug 2023 16:01:20 GMT
server: istio-envoy
etag: W/"512c94affafcaf09226dafa395e2f3b9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YgX4pk5jktweUai7oRaS4fVhU4S-gY432lZoW4n3OO3eYN9FtzbaVA==

GET
H2 200 17.1a833f5c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 40 KB
13 KB 34ms
32ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.1a833f5c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c3e2fd82caf2e806bc5f759e553b682d053812b80176497b6497b37ee5bbb054

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 16:14:41 GMT
x-amz-version-id: y6vGlhDVsMjulxa2LfM3Q0gJ2IMVljRl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 226620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 11 Aug 2023 16:01:19 GMT
server: istio-envoy
etag: W/"4ef9e6ec7d6b69315a497d1854bfe155"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8-_z7iTGYbp3_zJ-2zIAvaiKBHcjIlAVzEaAKHZgsBrnEidhyidKSg==

GET
H2 200 37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 7924 3 KB
1 KB 8ms
8ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 00:43:49 GMT
x-amz-version-id: 6S9dem0QqRNKdsXJa9pt.hiZoFHo8G8.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3392872
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 58
last-modified: Fri, 30 Jun 2023 16:16:07 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QPtlRhsZlTTh8gXmxfBVyH7eGkWNtNkGGoStWa9qsUPGbyM8lxKrlg==

GET
H2 200 37.298cbb69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 3 KB
2 KB 9ms
9ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.298cbb69.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 04:59:35 GMT
x-amz-version-id: Fv09MwZ9_aib0TbI3DWT7N_8oqF8DxL_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4759926
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"86b289eeb2bf9d30034f30d9794e8041"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: M0-bycqEj4FZrNQd2EhZQAtTpw4bGjKHC4jIDB-E2tLCF-AGm8ngyw==

GET
H2 200 96a2628453de608467ea2eaa85fcab1f.js Show response
script.crazyegg.com/pages/versioned/commontransformations-scripts/ 118 KB
40 KB 15ms
15ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/96a2628453de608467ea2eaa85fcab1f.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6279.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72f1f7fd8a6eb95271fb90b3bcb028aef750accf6e6ff6d3e80d225df88fbff2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Aug 2023 17:44:58 GMT
server: cloudflare
age: 98939
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f67629b1caa3a4f-FRA
content-length: 41242

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 9 KB
3 KB 8ms
7ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 01:23:13 GMT
x-amz-version-id: d8XrCXyW6RDxNJSZp3WgY6XBM0lZo7kg
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3390508
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Na0mS5xM-6DdfYACs7Pou-hzyuSpI7tu7h6KUJZH72lkaTXUpiBLGQ==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 7924 7 KB
2 KB 8ms
8ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 26 May 2023 01:55:58 GMT
x-amz-version-id: mj1uBZn49IegQv8DQD1iQuBHBtNoawj8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 6930943
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 136
last-modified: Wed, 24 May 2023 17:36:04 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aWEr1pf7zvTp-_zHLnxts056tu5WG0KNydlw_vBcN8kfi1i1wTQNCw==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 54 KB
15 KB 9ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:27:09 GMT
x-amz-version-id: 2R1fSgEXfJs.Uu1IzVizcYh5ewaN333A
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4769072
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0UvM_t1HP9yLhTGfKrWM0VzfLIb4ice73x7Wd9LP0gGmHp9-TacZUg==

GET
H2 200 1.12ba17b6.chunk.css
js.driftt.com/core/assets/css/ Frame 7924 44 KB
7 KB 10ms
9ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.12ba17b6.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 19:01:02 GMT
x-amz-version-id: 19YOPtagzF0I0emgnq_seBKB.3mPQekh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2117439
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 62
last-modified: Thu, 20 Jul 2023 18:22:08 GMT
server: istio-envoy
etag: W/"3b8ba82e1bac13ee29e9764a55620d99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZyAzYGhBugrJxgKQFNtx2OIjbj-tE-HTrpOzPHYLNaFvkIHt7MYHjg==

GET
H2 200 1.be8346b1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 54 KB
17 KB 10ms
9ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.be8346b1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

14c31b1fc92b43518a568d37d84d9f67783605ba8a894a17e2eef5d7de283f9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: PLfb_l_4aFe.aYN3FEG.I5zIcM2Rb4sy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3931492
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 29 Jun 2023 18:36:38 GMT
server: istio-envoy
etag: W/"c2bd45f4e9f02db923342d39137bf141"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GLYgC9RWw6tvBGV8QeWN6ZhiXdOUDIiXAWY4m42fsPk8BEagGCc7yw==

GET
H2 200 4.9d776499.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 23 KB
10 KB 11ms
10ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.9d776499.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

622373f59cdda9ea36f307c5f7bef0cfd8e140018c995b6394468a26ef499dec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 25 Jul 2023 18:55:58 GMT
x-amz-version-id: uGJ36CDXFf5jc7zFgfXUohqg1i8mPHWM
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 1685743
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 25 Jul 2023 18:08:15 GMT
server: istio-envoy
etag: W/"cc02ad980b6b04f3bba61e68883356d4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FO74bVP2SpeW1Z1SciqLhzFF9H0iFschEdJ5pQ-ytWPF4QYadHPQAQ==

GET
H2 200 34.0504aac4.chunk.css
js.driftt.com/core/assets/css/ Frame 7924 16 KB
3 KB 10ms
10ms Stylesheet
text/css 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.0504aac4.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2b74bc303570faa3cd261b240078960cd0c28f811ae71cb72352809a42d20f6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: Y0eUMP8TZIUm_xphXPO8Cb7kobR8Sp8P
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3931492
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 29 Jun 2023 18:36:37 GMT
server: istio-envoy
etag: W/"95b017fb41a8751bd7175f8a73f035f8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: l30le-pubeOuXi7EhXsXnhZQthv7MpCI4rXi1XRAk2wHQBzFGfKqpg==

GET
H2 200 34.26535e57.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 12 KB
5 KB 12ms
12ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.26535e57.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c7076a6235cd12720cc675334102d16bd5e46a33910f1b3ada0425b74ed020d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: pP4ZKQ0wl7_jYctuYheBxCj9PF_v.ESa
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3931492
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"d1f726d8d49e4c3e218775f6ce78039f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OD8SVea9hXe8hvSghOzUsgGjfOciJdx19tF23WniDBgMNMs6eRDasQ==

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 5A64 147 B
588 B 298ms
106ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

425d72758416a14854a63b541325a68c6398bad1a1c871a0e00e0a0a6444846c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 98e8405b83435af5
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 147

GET
H2 200 www.secureworks.com.json Show response
script.crazyegg.com/pages/data-scripts/0097/6279/sampling/ Frame 3DC0 162 B
214 B 128ms
128ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6279/sampling/www.secureworks.com.json?t=469999
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/96a2628453de608467ea2eaa85fcab1f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51af596e99d042c46dc51889a3d23551fae440ebc18bae0d1a6dc7307c9283a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 14 Aug 2023 07:11:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
ce-version: 11.5.109
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f67629b6adf9b9b-FRA
content-length: 151

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 5A64 25 B
89 B 106ms
106ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 28e58a06ed5d7b60
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame 5A64 26 KB
8 KB 813ms
813ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

b096301441306d808cc2aec3f0585b3abf12e31d88e76c32063e737dbb6fd4d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Aug 2023 07:11:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 44f97f46abd16de2
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 721
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 / Show response
c.6sc.co/ 7 B
196 B 180ms
168ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:42 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.secureworks.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 14 B
302 B 45ms
8ms XHR
text/html 2a02:26f0:480:23::1726:629c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:629c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: cdaeae1edb90f35b8a1f07b7279ef1f239e51686c213217e0830b99e69f5241f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Aug 2023 07:11:42 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.secureworks.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:2b::7
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1691997102126_388391900_383516674_26_1063_6_0_219";dur=1
content-length: 14
expires: Mon, 14 Aug 2023 07:11:42 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 409ms
402ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=null&visitor=0e2fb127-3b1a-43b5-84cf-9bd7b3100ac3&session=99a5a7b3-c7a4-49e4-8fd9-aa0acbc5a3dc&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2014%20Aug%202023%2007%3A11%3A42%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2014%20Aug%202023%2007%3A11%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22db8067e51eb58581f03147464f6063b2%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2014%20Aug%202023%2007%3A11%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2014%20Aug%202023%2007%3A11%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2014%20Aug%202023%2007%3A11%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22b4a903896ae895a1a6279c68225fd93c979be1d7%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2014%20Aug%202023%2007%3A11%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Secureworks%20Taegis%20XDR%20Tactic%20Graphs%20searches%20for%20telemetry%20that%20can%20identify%20the%20presence%20of%20malicious%20tools%20used%20to%20gain%20domain%20administrator%20access.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&pageViewId=75521436-47ad-476a-8ffb-f19bf9f8b8e3&v=1.1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:42 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 472ms
472ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=null&visitor=0e2fb127-3b1a-43b5-84cf-9bd7b3100ac3&session=99a5a7b3-c7a4-49e4-8fd9-aa0acbc5a3dc&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A2b%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Secureworks%20Taegis%20XDR%20Tactic%20Graphs%20searches%20for%20telemetry%20that%20can%20identify%20the%20presence%20of%20malicious%20tools%20used%20to%20gain%20domain%20administrator%20access.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&pageViewId=75521436-47ad-476a-8ffb-f19bf9f8b8e3&v=1.1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:42 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 740 B
583 B 29ms
13ms XHR
application/json 3.122.87.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.87.19 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-87-19.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2b3ae7b188371ff56c4518ada8e237ff81d15e3446d4e24c088c7eaad1cca76c

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
accept-language: de-DE,de;q=0.9
Authorization: Token b4a903896ae895a1a6279c68225fd93c979be1d7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
X-6s-CustomID: WebTag1.0 db8067e51eb58581f03147464f6063b2

Response headers

date: Mon, 14 Aug 2023 07:11:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.secureworks.com
access-control-allow-credentials: true
content-length: 395

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 45ms
8ms Preflight 3.122.87.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.87.19 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-87-19.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.secureworks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.secureworks.com
access-control-max-age: 1800
date: Mon, 14 Aug 2023 07:11:42 GMT
server: nginx

POST
H2 200 track Show response
event.api.drift.com/ Frame 5A64 818 B
901 B 94ms
94ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

b1e473ea9b0cdbde332266ac82fed4106b8431642a9150788f3ed7cbb8362903

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTEzMDYwNTI2NCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NTA5ODYiLCJleHAiOjE3MjM2MTk1MDIsImlhdCI6MTY5MTk5NzEwMn0.YsHPodbgFvYIMYx9DxG6UkNM6SUGDfkyNB0Tqd1AmzhrmFBUnzqVmivhyXJRRkthy1E6Dk0lzbBuFEha8dRiBA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Aug 2023 07:11:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: e0259a9db326a736
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 818

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 93ms
92ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 14 Aug 2023 07:11:42 GMT
requestid: drift6347c8c4fb692d178ba87d959e8
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 114ms
93ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 14 Aug 2023 07:11:42 GMT
requestid: drift9b2a2554a7c841ec2531985ca3a
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame 5A64 3 KB
1 KB 94ms
93ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

7c85f1b1977620d75ece4a683ad17787f8d3322672bddfa421b268b7a2584c5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTEzMDYwNTI2NCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NTA5ODYiLCJleHAiOjE3MjM2MTk1MDIsImlhdCI6MTY5MTk5NzEwMn0.YsHPodbgFvYIMYx9DxG6UkNM6SUGDfkyNB0Tqd1AmzhrmFBUnzqVmivhyXJRRkthy1E6Dk0lzbBuFEha8dRiBA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Aug 2023 07:11:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 20029f5e379f6f69
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 1061

OPTIONS
H2 200 render_initial_v3
flow.api.drift.com/flows/ Frame 0
0 100ms
93ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 14 Aug 2023 07:11:43 GMT
requestid: drift5474e7949aa85f99d4103255cbd
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 render_initial_v3 Show response
flow.api.drift.com/flows/ Frame 5A64 4 KB
2 KB 127ms
127ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

4e3647292470b2404ac82285197e13844bb2b7df961fb1a66708acda12556354

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTEzMDYwNTI2NCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NTA5ODYiLCJleHAiOjE3MjM2MTk1MDIsImlhdCI6MTY5MTk5NzEwMn0.YsHPodbgFvYIMYx9DxG6UkNM6SUGDfkyNB0Tqd1AmzhrmFBUnzqVmivhyXJRRkthy1E6Dk0lzbBuFEha8dRiBA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Aug 2023 07:11:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 3e657b22921fd21c
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 35
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2077

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 374ms
374ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:43 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 94ms
93ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 14 Aug 2023 07:11:43 GMT
requestid: driftfe9c55746ee98524a5bb4334b33
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame 5A64 0
36 B 101ms
101ms XHR
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTEzMDYwNTI2NCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NTA5ODYiLCJleHAiOjE3MjM2MTk1MDIsImlhdCI6MTY5MTk5NzEwMn0.YsHPodbgFvYIMYx9DxG6UkNM6SUGDfkyNB0Tqd1AmzhrmFBUnzqVmivhyXJRRkthy1E6Dk0lzbBuFEha8dRiBA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Aug 2023 07:11:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 2f0273c561481e3
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 9
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 5A64 19 KB
7 KB 8ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2mnfp3myy8iz&eId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=4933f1d9-aca2-4d72-b663-a3a498a30b04&sessionStarted=1691997100.851&campaignRefreshToken=b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f&hideController=false&pageLoadStartTime=1691997100011&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:16:11 GMT
x-amz-version-id: gdLzK0_qjU8jtmmLbxCIMiiKO3ne3if8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4125332
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Mon, 26 Jun 2023 20:12:20 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L6D9AXYYerDmZRiaMIzny3reXnpHqEIwYhWtbDvPaQpKLKF6-nFiow==

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7924 19 KB
7 KB 8ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9264cfc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1691997100011
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:16:11 GMT
x-amz-version-id: gdLzK0_qjU8jtmmLbxCIMiiKO3ne3if8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 4125332
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Mon, 26 Jun 2023 20:12:20 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QkV8euXKp6D2ozNRKkW0_OTeRNUNyAoOdJHkfDuuSyLzrOjgLBp2kg==

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F2102289%252Fe9594bfac54552171fb503a148f712053pfp523mah3x%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w...
driftt.imgix.net/ Frame 5A64 9 KB
9 KB 42ms
8ms Image
image/png 2a04:4e42:8e::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F2102289%252Fe9594bfac54552171fb503a148f712053pfp523mah3x%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D5535422a198806adf1deaf975bb9c0c2?fit=max&fm=png&h=200&w=200&s=c1bee7d7fac6b987178bddc33b16bf67

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:8e::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

eae1aa4c900e7ac4f9b175efbaec561ccf12394425e48ff5c15846d9bb3f85c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:43 GMT
x-content-type-options: nosniff
age: 1119891
x-cache: HIT, HIT
x-imgix-id: 4999a4cbff54cb4ae3c4086a98a5418f4d9f8538
cross-origin-resource-policy: cross-origin
content-length: 8799
x-served-by: cache-sjc1000092-SJC, cache-fra-etou8220100-FRA
x-imgix-render-farm: 01.140328
last-modified: Tue, 01 Aug 2023 08:06:51 GMT
server: imgix
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 3.ee35dea2.chunk.js Show response
js.driftt.com/conductor/assets/ 158 B
853 B 8ms
8ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/3.ee35dea2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1691997300000/2mnfp3myy8iz.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 23:38:44 GMT
x-amz-version-id: pMohofQYEF1dohPHFcPmV3oeRzVr6CuK
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 1841579
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 158
last-modified: Fri, 21 Jul 2023 20:53:14 GMT
server: istio-envoy
etag: "e6714addd36102488fb27a980401fd36"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OyaJxXCFzhtMRCqzG4rQhRBckG_altPWKyV_HXh2v2RnK0qefJlxtw==

GET
H2 206 notification.5f7c6014.mp3
js.driftt.com/conductor/assets/media/ 8 KB
8 KB 8ms
8ms Media
audio/mpeg 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/media/notification.5f7c6014.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Range: bytes=0-

Response headers

date: Sun, 21 May 2023 00:48:48 GMT
x-amz-version-id: EyFyYphkTOcSSXRXcLrYiychGEqav89v
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 7366975
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
Content-Range: bytes 0-7754/7755
x-envoy-upstream-service-time: 57
Content-Length: 7755
last-modified: Fri, 19 May 2023 21:02:54 GMT
server: istio-envoy
etag: "5f7c6014cf73831f91963a668b71fbb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iTxZgmJzf7V7o6sC8-OA7pzPtvIFkzbIPNhQmJaBy-COLWpAgW-PEg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 194ms
194ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:44 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame 5A64 25 B
112 B 107ms
106ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Aug 2023 07:11:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 5932877790b8fb44
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 14
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 235ms
235ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 07:11:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-15MK64YNN6&cid=31154166.1691997101&gtm=45je3890&aip=1&z=1613288623

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/648366107/?random=1691997100636&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=411080567&rmt_tld=1&ipr=y

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/648366107/?random=1691997100644&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=893245387&rmt_tld=1&ipr=y

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/10934024932/?random=1691997100643&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=1794948017&rmt_tld=1&ipr=y

Domain: px4.ads.linkedin.com
URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&cookiesTest=true&liSync=true&e_ipv6=AQLiVzb7sf1OTwAAAYny4t2momQb-7GEqIp2Kd3pqVqd-_WX1dgO3v9qF0y215c0

Verdicts & Comments Add Verdict or Comment

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.secureworks.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinityCORS Value: fe782f07a4a30b728296a249197117bf
www.secureworks.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinity Value: fe782f07a4a30b728296a249197117bf
www.secureworks.com/	1969-12-31 23:59:59	Name: ASLBSA Value: 000368ecd653eb9dad3827cd89314e4939646c5bdd18bbb72afe9d72342ec3361aaf
www.secureworks.com/	1969-12-31 23:59:59	Name: ASLBSACORS Value: 000368ecd653eb9dad3827cd89314e4939646c5bdd18bbb72afe9d72342ec3361aaf
.secureworks.com/	1970-01-20 23:35:57	Name: _mkto_trk Value: id:725-SMC-563&token:_mch-secureworks.com-1691997100396-81724
.secureworks.com/	1970-01-20 23:35:57	Name: _ga Value: GA1.1.31154166.1691997101
.secureworks.com/	1970-01-20 16:09:33	Name: _gcl_au Value: 1.1.83034790.1691997101
.secureworks.com/	1970-01-20 16:09:33	Name: _rdt_uuid Value: 1691997100683.e6904778-29de-432d-9a44-53f8ffaf1e13
.doubleclick.net/	1970-01-20 13:59:58	Name: test_cookie Value: CheckForPermission
.techtarget.com/	1970-01-20 13:59:58	Name: __cf_bm Value: CHpoZHF6B9Rt5iZVK0cNQxaYHmh6IDfGxnmHXDITmHo-1691997100-0-ARKsqm+qmbvlZ2y1GbMX4cyY6zitf+Fm04rCquAN5qYE0jitVGnNVW4A2a6l82QCy+XCSjLVmBjK+UhS5jXIioQ=
.secureworks.com/	1970-01-20 22:45:33	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Aug+14+2023+09%3A11%3A40+GMT%2B0200+(Central+European+Summer+Time)&version=202307.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&groups=C0002%3A1%2CC0004%3A1%2CC0003%3A1%2CC0001%3A1
.secureworks.com/	1970-01-20 14:01:23	Name: _uetsid Value: d101af703a7111eea1f69b083e74bbaa
.secureworks.com/	1970-01-20 23:21:33	Name: _uetvid Value: d101d9003a7111eebf6d8bdf9f9505d8
.secureworks.com/	1970-01-20 22:45:33	Name: _biz_uid Value: b591f493893444a0e2067dac460423a8
.secureworks.com/	1970-01-20 13:59:58	Name: _biz_sid Value: 167daa
.secureworks.com/	1970-01-20 22:45:33	Name: _biz_nA Value: 2
.bing.com/	1970-01-20 23:21:33	Name: MUID Value: 1A7E216732026F893A7F320A33AE6E12
www.secureworks.com/	1970-01-20 14:01:23	Name: ln_or Value: eyIyMzg2MzI0IjoiZCJ9
.bizible.com/	1970-01-20 22:45:33	Name: _BUID Value: b591f493893444a0e2067dac460423a8
www.secureworks.com/	1970-01-20 22:45:33	Name: __pdst Value: 055f2724580541379bbeed81169470b1
www.secureworks.com/	1970-01-20 13:59:58	Name: drift_campaign_refresh Value: b4b55fd2-5bab-4a75-b9fa-06cf2ffcf78f
.secureworks.com/	1970-01-20 13:59:58	Name: tfpsi Value: 10fb1539-f978-439d-8558-b5577c2c9b75
.bizibly.com/	1970-01-20 22:45:33	Name: _BUID Value: bd3006ed18a9db6b46cd3ad32e26e8d5
.secureworks.com/	1970-01-20 22:45:33	Name: _biz_pendingA Value: %5B%5D
.secureworks.com/	1970-01-20 22:45:33	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.t.co/	1970-01-20 23:35:57	Name: muc_ads Value: c9402156-56a3-4051-bd35-dd0e91d4e251
.linkedin.com/	1970-01-20 16:09:33	Name: li_sugr Value: 4db4ada9-e8ac-4924-8166-e9b30786f3fc
.linkedin.com/	1970-01-20 22:45:33	Name: bcookie Value: "v=2&48e11578-601a-404a-86a8-0c2e1697633a"
.linkedin.com/	1970-01-20 14:01:23	Name: lidc Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3180:u=1:x=1:i=1691997100:t=1692083500:v=2:sig=AQGL9JoHkLEqWR3Pn6Ifh2kaz3tJh29V"
.twitter.com/	1970-01-20 23:35:57	Name: personalization_id Value: "v1_rBtSXwGY+3WcXUPMoBznBw=="
.company-target.com/	1970-01-20 23:35:57	Name: tuuid Value: 65f3f6f9-9f78-4146-871e-02d8dd5cf4c0
.company-target.com/	1970-01-20 23:35:57	Name: tuuid_lu Value: 1691997100\|ix:0\|mctv:0\|rp:0
.linkedin.com/	1970-01-20 14:43:09	Name: UserMatchHistory Value: AQJwc4FXJxXcjAAAAYny4tv6dvEM-ZTH7cGSjvQJlL7feyqOOYUo5ToR_OHbqZ1A5utSNE0kfw1nMQ
.linkedin.com/	1970-01-20 14:43:09	Name: AnalyticsSyncHistory Value: AQLPXXbEtHyh8gAAAYny4tv6C8b4QA8qaTbfm3F0tNlzDPQd29sLtffzsr9h4l0vOqpiUin2OP8QZxNPZLh1bQ
.adnxs.com/	1970-01-20 16:09:33	Name: uuid2 Value: 5979240291217397413
.casalemedia.com/	1970-01-20 22:45:33	Name: CMID Value: ZNnTrf6rBxSaoARN57AXhgAA
.casalemedia.com/	1970-01-20 16:09:33	Name: CMPS Value: 2128
.casalemedia.com/	1970-01-20 16:09:33	Name: CMPRO Value: 2128
.www.linkedin.com/	1970-01-20 22:45:33	Name: bscookie Value: "v=1&20230814071141be362eac-6781-4087-8c48-248aec619ccaAQHxIxXjO6gVJ9uERvTT7C7Ca8_Wgnom"
.linkedin.com/	1970-01-20 18:19:09	Name: li_gc Value: MTswOzE2OTE5OTcxMDE7MjswMjHIcT96H3XmWTtdR/mDPFuADC/c8dW08fEohbKUrBO4NA==
.tremorhub.com/	1970-01-20 22:45:54	Name: tvid Value: cfb21fb3973145d79745b7ce6ff8444e
.tremorhub.com/	1970-01-20 23:35:57	Name: tv_UIDM Value: 65f3f6f9-9f78-4146-871e-02d8dd5cf4c0
www.secureworks.com/	1970-01-20 23:35:57	Name: drift_aid Value: 19943b45-56c9-43ee-a736-5d6316fe2bb7
www.secureworks.com/	1970-01-20 23:35:57	Name: driftt_aid Value: 19943b45-56c9-43ee-a736-5d6316fe2bb7
www.secureworks.com/	1970-01-20 23:35:57	Name: _gd_visitor Value: 0e2fb127-3b1a-43b5-84cf-9bd7b3100ac3
www.secureworks.com/	1970-01-20 14:00:11	Name: _gd_session Value: 99a5a7b3-c7a4-49e4-8fd9-aa0acbc5a3dc
.6sc.co/	1970-01-20 23:35:57	Name: 6suuid Value: ce641102ebac3a00aed3d96417020000ebfa5b00
.secureworks.com/	1970-01-20 23:35:57	Name: _ga_15MK64YNN6 Value: GS1.1.1691997100.1.1.1691997103.57.0.0

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2 Message: Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-15MK64YNN6&cid=31154166.1691997101&gtm=45je3890&aip=1&z=1613288623' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com .secureworks.com id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io .company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com .secureworks.com https://www.gstatic.com blob: data:".
security	error	URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2 Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/648366107/?random=1691997100636&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=411080567&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com .secureworks.com id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io .company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com .secureworks.com https://www.gstatic.com blob: data:".
security	error	URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2 Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/648366107/?random=1691997100644&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=893245387&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com .secureworks.com id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io .company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com .secureworks.com https://www.gstatic.com blob: data:".
security	error	URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2 Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/10934024932/?random=1691997100643&cv=11&fst=1691996400000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&frm=0&tiba=Sniffing%20Out%20SharpHound%20on%20its%20Hunt%20for%20Domain%20Admin%20%7C%20Secureworks&fmt=3&is_vtc=1&random=1794948017&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com .secureworks.com id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io .company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com .secureworks.com https://www.gstatic.com blob: data:".
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()
security	error	URL: https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin?userID=cddc2b03-d8e1-413d-ac8f-1b942c9bffcc&Campaign_name=everyonesocial&Campaign_medium=a7a31727-cd75-4dc9-96e9-c849f36698fe&Campaign_source=twitter&es_id=7fdbc11ca2 Message: Refused to load the image 'https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1691997100745&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Fsniffing-out-sharphound-on-its-hunt-for-domain-admin%3FuserID%3Dcddc2b03-d8e1-413d-ac8f-1b942c9bffcc%26Campaign_name%3Deveryonesocial%26Campaign_medium%3Da7a31727-cd75-4dc9-96e9-c849f36698fe%26Campaign_source%3Dtwitter%26es_id%3D7fdbc11ca2&cookiesTest=true&liSync=true&e_ipv6=AQLiVzb7sf1OTwAAAYny4t2momQb-7GEqIp2Kd3pqVqd-_WX1dgO3v9qF0y215c0' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com .secureworks.com id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io .company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com .secureworks.com https://www.gstatic.com blob: data:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	object-src 'none'; script-src 'self' 'nonce-YWYxNWJkMDRiZGQwNDQ1NWE5N2Q5NTAzNzY5NWI5ZTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' 'sha256-ZlXTkZmAmWswFmM/VCVi0DLagBh+F9JWQiK/yRsf7yc=' 'sha256-76Yt/S5cofMdn9d5/cJOU32zSvhw1A8QJDSgL1c0YRI=' 'sha256-z4pF+zMq94+GUUF273G0WvSAL91jUazcB1NOISkNlzk=' 'sha256-4OIRiOWgv2ak/dapUtCUuoqEUnVBrH8A9LJCp3dthUw=' 'sha256-ew0tynw+zAqBiv217Nj202XmktwGvkQU7jXqQMotiHg=' 'sha256-2mFyIAC6FjDBvAg15BPawsugazV1sKm4T9x09V76BK0=' 'sha256-kxoZz5p2Ko+K+FXi8lIZc2opwhJF9WD4/wy9+dLYHzY=' 'sha256-+ThII46Fk+h63393vJ+nvAEZnTSXIwpqVJDSklAo5eM=' 'sha256-hUowsewUBuLRjFz7Z3pohTKe/pX/uO7uKD1k25qHLQY=' 'sha256-pMZUEpT65ftOEzHdiYyq/2vt545RymVHJSh5H2y5BDk=' 'sha256-nGkmLI0CpGjUy6Gg2vRE6xAh+vU4jlNVmPB+55WJmn8=' 'sha256-j6LWS7Q+Wsyd91b6000yHCoIqUaJIJQq56Lw3XQPcHA=' 'sha256-XQ6pUmmjpjpunCfT67q0ACDA7NqxLJx1iJwCFhC73wo=' 'sha256-tCniuKIyeHpfi5vxJOgLkz0eRI+cerKWFRsy5hMt5V0=' 'sha256-EZaJwK6Bh4sdKWjgv6zhJUdT2ISL4NhEQSPYf++uAeU=' 'sha256-1T7dud0UtKJZdhJcgsp1gh8MZDyA3S8DIsOpB3+co4M=' 'sha256-g6A8gRllShDRUg9hmXQZ0ZvMQ35F4jsarESQIDJtpE4=' 'sha256-y6vRm9V8P08qfB27ukHo07LF4IM00RKuKNzQBfsBlgg=' 'sha256-1GbAOPSdN7GyL999DpkIzp8XYAH1OP43heqQi7uU3FQ=' 'sha256-1p8zU6DNbl/tn8sFUoVBsvAF+dwRMDHK3WXM4vqIhDc=' 'sha256-a/dU49b8+CePl3YeekAugUB79FoCfbN22DFVyavn9pM=' 'sha256-39FcaN3WyGnHnf2UX+fHrSBSJq4KI6BETrXNemtzDa8=' 'sha256-4N1dEVT13lNPCpxXX2XuIlfUBwZp3wNLb/hBbSKGESA=' 'sha256-hNSRZgUy89mPGFidDBRWC4Ed4jKTrCtZP2zeBPNbdeI=' 'sha256-CD2LEDjz/KtOaC5rzryax+qZEQVmnKcZAQsqnSqAIXw=' 'sha256-FKJXEsmjg1Bgqi33LGcZCFxDahpEPN6prnNBVDxvfhc=' 'sha256-GNXg66Qlqpdgh9Nsv/+xAVNgfxsTWLi+TUdpxamXMuU=' 'sha256-TKtnYUWk/B6gzo2immnWBOjewDye+cXQBoAlykzhX/s=' 'sha256-BMQXzfchDpNs+zYF2cO7o9iAJtoSq+2OX45TfNM/cdA=' 'sha256-IECBAorlkKUYQadvB50kjQC3oIqb9xKfOB+cVXdarE0=' 'sha256-c+xyt9U1PbPeI7Pot035l4MckCT6qHAzxiBA5t+7KPE=' 'sha256-bZ4r9bNMpnkokR0Gwp+X+Y0qYhZKQwglL8B9TAvMsrA=' 'sha256-GNsgzTmK93RFT4ppB/KnAwm9wVkth71ceJVqrzSGC6M=' 'sha256-NMtcHh/vZkcUq5lHSUz2dzv8n1jv1SFeNewgEGvik4k=' 'sha256-qNQx9jt8qaEBXM11NIr686AfxMFZ5JdLDih1v53gg58=' 'sha256-V3cvEVskzD9prkzxm7tqKYfGLb9bWJvWCtL+JIITaS0=' 'sha256-waeaCDLj6GQjXDbMrbks0tMGletGWM4yUCtZexjXtQ4=' 'sha256-NqbLH0mR4blvVOwz3czIHomPHCsoQ0Wm41wF1kBSvZU=' 'sha256-VjVcBNNglZR51BM/0BQcyaVDi+aLDUlGQY7FoGXABBo=' 'sha256-5dJLPJs8n07/9HQlsmJnd/4gjSEsyEEiOhQc+PbGaig=' https://code.jquery.com https://pages.secureworks.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://script.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://app-script.monsido.com https://monsido-consent.com https://tracking.monsido.com https://.redditstatic.com https://.ensighten.com https://.ml314.com https://.choozle.com https://.bluekai.com https://cdn.bizible.com https://cdn.bizibly.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://insight.adsrvr.org https://js.adsrvr.org https://.clarity.ms https://static.ads-twitter.com https://cdn.pdst.fm https://.cloudfunctions.net https://tag.demandbase.com https://.bidr.io https://.company-target.com https://www.teads.com https://p.teads.tv https://www.facebook.com connect.facebook.net; img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com .secureworks.com id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io .company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com .secureworks.com https://www.gstatic.com blob: data:; frame-ancestors 'self' .folloze.com *.secureworks.com; worker-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

725-smc-563.mktoresp.com
alb.reddit.com
analytics.twitter.com
api.company-target.com
app-script.monsido.com
attr.ml-api.io
b.6sc.co
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
cdn.pdst.fm
cm.teads.tv
content.secureworks.com
driftt.imgix.net
dsum-sec.casalemedia.com
epsilon.6sense.com
event.api.drift.com
extend.vimeocdn.com
flow.api.drift.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
id.rlcdn.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.driftt.com
metrics.api.drift.com
munchkin.marketo.net
p.teads.tv
partners.tremorhub.com
pixel.rubiconproject.com
px4.ads.linkedin.com
region1.analytics.google.com
s.company-target.com
s.ml-attr.com
script.crazyegg.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
t.teads.tv
tag-logger.demandbase.com
tag.demandbase.com
targeting.api.drift.com
tracking.monsido.com
trk.techtarget.com
us-central1-adaptive-growth.cloudfunctions.net
www.google.com
www.google.de
www.googletagmanager.com
www.redditstatic.com
www.secureworks.com
px4.ads.linkedin.com
www.google.de
104.102.38.132
104.244.42.197
104.244.42.3
104.75.89.75
108.138.17.47
146.75.118.109
146.75.120.157
151.101.129.140
152.195.15.58
18.66.97.17
185.80.39.216
185.89.210.212
192.28.144.124
2.17.100.210
2001:4860:4802:32::36
2001:4860:4802:36::36
23.212.89.35
2600:1901:0:22e6::
2600:1901:0:891c::
2600:1f18:612b:4200:a191:c85d:637e:ad03
2600:9000:2127:5800:1d:8d6d:3b40:93a1
2600:9000:2127:7e00:2:53b2:240:93a1
2600:9000:2251:f600:12:3734:2a40:93a1
2606:4700::6812:1d26
2606:4700::6812:a972
2606:4700::6812:d9f
2606:4700::6813:9408
2620:1ec:bdf::60
2620:1ec:c11::200
2a00:1450:4001:806::2008
2a00:1450:4001:809::2004
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:810::200a
2a00:1450:400c:c00::9a
2a02:26f0:1700:d::1737:6ea4
2a02:26f0:3500:16::215:149b
2a02:26f0:480:23::1726:629c
2a04:4e42:8e::720
2a04:4e42::396
3.122.87.19
34.111.208.231
34.96.71.22
35.244.142.80
35.244.174.68
35.71.131.137
54.147.21.139
65.9.95.107
65.9.99.119
68.67.153.60
69.173.144.139
0049c42b57e92164c558905bff7c17441afe55dc569f0062162e77a532964b80
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
067a617a4dd30f184f9924c57acad889df67677291da701cda2d24bca4b2654b
08681ba3da35c665e877f6f9a6e158ff94b4d96c363610cdb061ebb79a718c35
0b817ddec3728ea011d21f345670ed6c213d08a71a15ade591680bfaba85960e
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
12eec634526deb77f2273e4d241bea4cb8f3c5dcd0380e53a3dc56ed6f9aa9c4
14c31b1fc92b43518a568d37d84d9f67783605ba8a894a17e2eef5d7de283f9c
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1bd0c447785eab06c5aab0e789fe161c2da109afac7387004e0ea811b0bd6b61
1ef15e427309dd58a1118ce13319ed62aa819913762dbf195355f12046c02449
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2b3ae7b188371ff56c4518ada8e237ff81d15e3446d4e24c088c7eaad1cca76c
2b74bc303570faa3cd261b240078960cd0c28f811ae71cb72352809a42d20f6e
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
3117ca5a7a3d29009aa755c483c17353666a10d08c369621f6c269387d1a0b05
318f094b79b56bc57c182543d28cffa228816b3d53a1361ad21d9830cfc4f55b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3321757433351762495ef3452adf0fcefa179583f4409dd04815c710c5e45f6f
3868f89695215754d8cc642584989631474b8549675b75882716bdac8b238833
3931826d11b4250a6e4d10a8249417bbdf73eb1a03f95f124b790b5c8a576bab
3c7024701a817fee5de0e62bb8d83edb43e08a9be594dde00fd2d2fcf5a20fd0
3f21dad28fabd7c924f7a0ba00ce852446846c897b649c28af2aaffcb2f45086
425d72758416a14854a63b541325a68c6398bad1a1c871a0e00e0a0a6444846c
453891daef821f36152e1ec0eb9df8f18c2d737f9416a3ee9a72788275b7f894
46b33cf73fc4999bddf907b94692ee1cfaca718d35272ce79a5beb810521d4bc
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
4e3647292470b2404ac82285197e13844bb2b7df961fb1a66708acda12556354
51af596e99d042c46dc51889a3d23551fae440ebc18bae0d1a6dc7307c9283a2
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1
5f2d6e604ad2bafcb500a244f270fa557c8275586dc31c9058a1cfa4f46d125f
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
622373f59cdda9ea36f307c5f7bef0cfd8e140018c995b6394468a26ef499dec
62e55cc7119c6aae1e7aaac1870c9796ccc25fccdd4937f126f6114e66fd3b5a
64ba221769f51fcba3ae03ff9ebccac7cc1017e5f10900475b871ecfe7bda514
64e8ce58f2d8ee4332cc27fcb759c31013f418b6523586b6441fd2f097107b35
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69cfa92d4387fd1d786756e9ba1f8dd29ade2ea431aabc7e79da8abb9f3a6fcd
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a
71d07479f4b2b809e5769a352f4f55b84690289026ace7ed5395230002551a11
72f1f7fd8a6eb95271fb90b3bcb028aef750accf6e6ff6d3e80d225df88fbff2
7477b8fea6c0fa11e3bc2349aa519061f4d20810b3d642fe43e22e0bb3343610
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
7832574c3f84124057eb8a12fbed18f367fb2fb62ae323879427ee0c973bb452
7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787
7863ca6b764cf33a59a47bd455e1ef2713b5599e78e8d5b1803c0e8844186b70
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7c85f1b1977620d75ece4a683ad17787f8d3322672bddfa421b268b7a2584c5a
7d47db33b29d18419b1629c1e055ab2eceb6642555cb148bf0b14c4c974e119a
7e4626c1f835ec0ba31fd44af02b796c7b07dd229f0731e4c1767ab3510e9ac6
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
8c762ea77279bce491eb7234251e68156c79696695d44c8943f7568c920b9086
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
8f6f6a1cd561a612eaf564cd9aac3d144af6b90138186d30ad08cfb50a9b9bb5
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
91ef02bd2b773e9ac2699edf1baef64de9ae6458aca2702547a1420a98df9ca0
98842c0f43a891b9264682dda87aab221bbe5aabfc08cb44f6785df5cf595326
9db12103c6e7ca43247cd00bce409ab4df4e7580e016ac0fce004f77065a3efb
9eb064a8d93265a1b1bb725f0db9c1d209a4efdae9eca7ddc67a094755c64b4f
9ed6388d56fc9f2044791e0559ab4a283381791e359dc2981449955e702de56d
a0553fda2bc3a990e81b55373266009a9114b9741a521691f009e53f979b7218
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b096301441306d808cc2aec3f0585b3abf12e31d88e76c32063e737dbb6fd4d2
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1e473ea9b0cdbde332266ac82fed4106b8431642a9150788f3ed7cbb8362903
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b96ae3ad93fc2ec81fe1f623ba74a9f3f607f2ea79c7b741e55b73366b41cf73
b97b49ee323dbccf9a13f15fa3d93188d01681652d52b1ed40ad00c32dfb0513
ba24f9ef72f1973e4b0b7b2a2302836376fe6e2f533eaee680ee711d835827d9
baa55d1d4627050073e047eb2f9dbe86720736f51f37a116602e5705c3966b33
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bda089eb65087079101a900d28777f71ee1f41cf82fdac47217b6f3d1e518dee
bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027
c14c30ca00b3badf163de6dc6d1ee20208fc164bacc5b2dd5bee60d13a80cda0
c2f15609bdc44ef0009fda7902639ed493b8a26a00a58b905e0768f67c93b2ad
c3e2fd82caf2e806bc5f759e553b682d053812b80176497b6497b37ee5bbb054
c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
c7076a6235cd12720cc675334102d16bd5e46a33910f1b3ada0425b74ed020d3
c8a849a7ddc14e70bce059a817466d2137b9b7863985c46e70d34613b63d1a7d
c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56
ca6538789c7267c0fd372b35a2de78fe51227c09651cc785afeae0b485913548
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
cdaeae1edb90f35b8a1f07b7279ef1f239e51686c213217e0830b99e69f5241f
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d06f16436de248c88426110742cf0fa0e9fe7a2707399ecb2f27b3425a6b6162
d132dd3ebfcfaf838e709f20f4c76fe2868ffa0dc22ee126f87af6dd0b4a7adb
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d21b490fa72e9cd90e09db07c73ef43c0d65bf38de6a41dfd1c53338f71549a3
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d6aec3e8a9da0f555d22ddc16f344a4dd83928c610016d0d8aaa47f794c89c3a
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
d774717dcbf112735e877fa11abd3b7a3e9ce75c82935d0a78724132c8ca1fe3
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e7a55959687a0af1b5080fd3ed56094717857d6dd023dd577619c0f0879b1af2
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e98f34e5491e4d9e70b99646e6f2751b110ca703d5f188132375095c6a111d2b
eae1aa4c900e7ac4f9b175efbaec561ccf12394425e48ff5c15846d9bb3f85c0
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1cbcd944bbc646f589e63bf05e69b968f2ab865c912125739ec8cb3dddce654
f58ae3a848bbbd6be3e99e6e3233deb90be51365933264c761438358b056495c
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
fbb0995554fef3d2e17767e42318987a6b0196ec4572d2c61da94534e8698848
fd88744518d1dae29017e362d222df46fad9b8af9267e4e4c8f40a2d68084a04
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fffad8684ac0848e36131e8f57538fecbcff6abfb165d3ae8d1be0f90d87adb8

www.secureworks.com Open in urlscan Pro 2620:1ec:bdf::60 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

203 Requests

96 %HTTPS

49 %IPv6

44 Domains

61 Subdomains

50 IPs

4 Countries

3420 kBTransfer

7876 kBSize

48 Cookies

27 Outgoing links

Redirected requests

203 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.secureworks.com Open in urlscan Pro
2620:1ec:bdf::60 Public Scan

Screenshot
Live screenshot

Full Image

203
Requests

96 %
HTTPS

49 %
IPv6

44
Domains

61
Subdomains

50
IPs

4
Countries

3420 kB
Transfer

7876 kB
Size

48
Cookies

203 HTTP transactions
0 data transactions