www.recordedfuture.com Open in urlscan Pro
104.18.12.124 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.recordedfuture.com/cobalt-strike-servers/
Submission: On October 29 via manual (October 29th 2021, 7:32:17 am UTC) from ES — Scanned from DE

Summary HTTP 214 Redirects Links 61 Behaviour Indicators

Summary

This website contacted 38 IPs in 5 countries across 33 domains to perform 214 HTTP transactions. The main IP is 104.18.12.124, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.recordedfuture.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 23rd 2021. Valid for: a year.

This is the only time www.recordedfuture.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
70	104.18.12.124 104.18.12.124	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.74.202 142.250.74.202	15169 (GOOGLE) (GOOGLE)
5	104.19.155.83 104.19.155.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.221.204 104.17.221.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	104.16.125.175 104.16.125.175	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	185.59.220.193 185.59.220.193	60068 (CDN77 ^_^) (CDN77 ^_^)
1 3	104.16.86.20 104.16.86.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.19.94 104.16.19.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.199.108.153 185.199.108.153	54113 (FASTLY) (FASTLY)
3	142.250.186.72 142.250.186.72	15169 (GOOGLE) (GOOGLE)
1	104.17.211.204 104.17.211.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	104.111.233.140 104.111.233.140	16625 (AKAMAI-AS) (AKAMAI-AS)
2	157.240.20.19 157.240.20.19	32934 (FACEBOOK) (FACEBOOK)
2	143.204.98.80 143.204.98.80	16509 (AMAZON-02) (AMAZON-02)
62	143.204.98.47 143.204.98.47	16509 (AMAZON-02) (AMAZON-02)
5	35.71.162.228 35.71.162.228	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	142.250.186.40 142.250.186.40	15169 (GOOGLE) (GOOGLE)
1	2.16.186.8 2.16.186.8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	142.250.186.78 142.250.186.78	15169 (GOOGLE) (GOOGLE)
2	157.240.20.35 157.240.20.35	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1 2	108.174.11.37 108.174.11.37	14413 (LINKEDIN) (LINKEDIN)
1 1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	66.102.1.157 66.102.1.157	15169 (GOOGLE) (GOOGLE)
1	104.17.71.176 104.17.71.176	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.21.191 104.18.21.191	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.186.68 142.250.186.68	15169 (GOOGLE) (GOOGLE)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	185.33.221.13 185.33.221.13	29990 (ASN-APPNEX) (ASN-APPNEX)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
3	104.16.87.5 104.16.87.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
4	104.19.154.83 104.19.154.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	199.60.103.2 199.60.103.2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
6	54.147.21.139 54.147.21.139	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.98.58 143.204.98.58	16509 (AMAZON-02) (AMAZON-02)
214	38

70 104.18.12.124 (United States)

ASN13335 (CLOUDFLARENET, US)

www.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.74.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.19.155.83 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.221.204 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.125.175 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.59.220.193 (Frankfurt am Main, Germany) 1 redirects

ASN60068 (CDN77 ^_^, GB)
PTR: edge-601.bunnyinfra.net

cdn.materialdesignicons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.86.20 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.19.94 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.108.153 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-108-153.github.com

kenwheeler.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.211.204 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.111.233.140 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.20.19 (United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-80.fra50.r.cloudfront.net

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 143.204.98.47 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-47.fra50.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.71.162.228 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a8b6f710f441cdbc2.awsglobalaccelerator.com

recordedfuture.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-8.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.20.35 (United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-frt3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.174.11.37 (United States) 1 redirects

ASN14413 (LINKEDIN, US)
PTR: 108-174-11-37.fwd.linkedin.com

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.102.1.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f157.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.71.176 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.21.191 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.13 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.87.5 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.20 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.154.83 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 199.60.103.2 (Canada)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

go.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.147.21.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-21-139.compute-1.amazonaws.com

metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.58 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-58.fra50.r.cloudfront.net

embeds.driftcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
76	recordedfuture.com www.recordedfuture.com go.recordedfuture.com	2 MB
62	driftt.com js.driftt.com	735 KB
9	6sc.co j.6sc.co b.6sc.co c.6sc.co	15 KB
9	hubspot.com no-cache.hubspot.com cta-service-cms2.hubspot.com track.hubspot.com	136 KB
7	matomo.cloud cdn.matomo.cloud recordedfuture.matomo.cloud	178 KB
6	drift.com metrics.api.drift.com bootstrap.api.drift.com	411 B
6	google-analytics.com ssl.google-analytics.com www.google-analytics.com	72 KB
3	hsforms.com perf.hsforms.com	2 KB
3	google.com www.google.com	672 B
3	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	2 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	googletagmanager.com www.googletagmanager.com	140 KB
3	jsdelivr.net 1 redirects cdn.jsdelivr.net	212 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	facebook.com www.facebook.com	443 B
2	facebook.net connect.facebook.net	113 KB
2	cloudflare.com cdnjs.cloudflare.com	5 KB
2	unpkg.com 1 redirects unpkg.com	5 KB
1	driftcdn.com embeds.driftcdn.com	12 KB
1	nr-data.net bam.nr-data.net	322 B
1	newrelic.com js-agent.newrelic.com	13 KB
1	adnxs.com secure.adnxs.com	700 B
1	hs-banner.com js.hs-banner.com	16 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	googleadservices.com www.googleadservices.com	15 KB
1	t.co t.co	471 B
1	twitter.com analytics.twitter.com	676 B
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	6 KB
1	hs-scripts.com js.hs-scripts.com	910 B
1	github.io kenwheeler.github.io	1 KB
1	materialdesignicons.com 1 redirects cdn.materialdesignicons.com	747 B
1	hscta.net js.hscta.net	6 KB
214	33

	Domain	Requested by
70	www.recordedfuture.com	www.recordedfuture.com
62	js.driftt.com	www.recordedfuture.com js.driftt.com
7	b.6sc.co	www.recordedfuture.com
6	go.recordedfuture.com
5	recordedfuture.matomo.cloud	cdn.matomo.cloud www.recordedfuture.com
4	metrics.api.drift.com	js.driftt.com
4	cta-service-cms2.hubspot.com	js.hscta.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	track.hubspot.com
3	perf.hsforms.com	js.hscta.net
3	www.google.com	www.recordedfuture.com
3	www.googletagmanager.com	www.recordedfuture.com www.googletagmanager.com
3	cdn.jsdelivr.net	1 redirects www.recordedfuture.com cdn.jsdelivr.net
3	fonts.googleapis.com	www.recordedfuture.com
2	bootstrap.api.drift.com	js.driftt.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	px.ads.linkedin.com	1 redirects www.recordedfuture.com
2	www.facebook.com	www.recordedfuture.com
2	ssl.google-analytics.com	www.recordedfuture.com
2	cdn.matomo.cloud	www.recordedfuture.com
2	connect.facebook.net	www.recordedfuture.com connect.facebook.net
2	cdnjs.cloudflare.com	www.recordedfuture.com
2	unpkg.com	1 redirects www.recordedfuture.com
2	no-cache.hubspot.com	www.recordedfuture.com
1	embeds.driftcdn.com	js.driftt.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.recordedfuture.com
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	googleads.g.doubleclick.net	www.googleadservices.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.linkedin.com	1 redirects
1	t.co	www.recordedfuture.com
1	analytics.twitter.com	static.ads-twitter.com
1	snap.licdn.com	www.recordedfuture.com
1	static.ads-twitter.com	www.googletagmanager.com
1	j.6sc.co	www.recordedfuture.com
1	js.hs-scripts.com	www.recordedfuture.com
1	kenwheeler.github.io	www.recordedfuture.com
1	cdn.materialdesignicons.com	1 redirects
1	js.hscta.net	www.recordedfuture.com
214	43

This site contains links to these domains. Also see Links.

Domain
go.recordedfuture.com
support.recordedfuture.com
app.recordedfuture.com
aws.amazon.com
recfut.force.com
therecord.media
www.fireeye.com
news.sophos.com
cobaltstrike.com
www.blackhillsinfosec.com
www.proofpoint.com
attack.mitre.org
blog.cobaltstrike.com
2016.eicar.org
www.shodan.io
blog.fox-it.com
www.cobaltstrike.com
opendata.rapid7.com
medium.com
github.com
engineering.salesforce.com
sslbl.abuse.ch
twitter.com
blog.morphisec.com
talosintelligence.com
otx.alienvault.com
www.clearskysec.com
www.virustotal.com
www.abuseipdb.com
censys.io
theintelligencefund.com
id.recordedfuture.com
www.facebook.com
www.instagram.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
*.recordedfuture.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-23` - `2022-02-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-07` - `2021-11-05`	3 months	crt.sh
cdn.matomo.cloud Amazon	`2021-01-28` - `2022-02-25`	a year	crt.sh
drift.com Amazon	`2021-09-08` - `2022-10-07`	a year	crt.sh
*.matomo.cloud Amazon	`2021-08-20` - `2022-09-18`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
go.recordedfuture.com Cloudflare Inc ECC CA-3	`2021-07-16` - `2022-07-15`	a year	crt.sh
*.driftcdn.com Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.recordedfuture.com/cobalt-strike-servers/
Frame ID: 7BACC5889900630D4556B49A5D25928B
Requests: 151 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 34D91E3227B4438D5956226E260C0EA4
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
Frame ID: 34AFA675AFE3ED615FADF8A17D1D8A01
Requests: 33 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
Frame ID: 3057350FFC9314822EAC35E7FE6436BE
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers

Page Statistics

214
Requests

99 %
HTTPS

0 %
IPv6

33
Domains

43
Subdomains

38
IPs

5
Countries

4212 kB
Transfer

10348 kB
Size

49
Cookies

61 Outgoing links

These are links going to different origins than the main page.

URL: https://go.recordedfuture.com/cyber-daily
Title: Subscribe Today

Search URL Search Domain Scan URL

URL: http://support.recordedfuture.com/
Title: Support

Search URL Search Domain Scan URL

URL: https://app.recordedfuture.com/live/login/
Title: Sign In

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/demo
Title: Get a Demo

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/seller-profile?id=0e798044-1f43-48fa-8621-cf2207e7e204
Title: Learn More

Search URL Search Domain Scan URL

URL: https://recfut.force.com/partnerportal
Title: Partner Portal Log In

Search URL Search Domain Scan URL

URL: https://therecord.media/?__hstc=57501621.3b97b3126beecb902afe650f6f9a8402.1635492731667.1635492731667.1635492731667.1&__hssc=57501621.1.1635492731667&__hsfp=2427650321
Title: The Record

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/hubfs/reports/cta-2019-0618.pdf
Title: Click here

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
Title: APT32

Search URL Search Domain Scan URL

URL: https://news.sophos.com/en-us/2019/05/03/megacortex-ransomware-wants-to-be-the-one/
Title: Sophos

Search URL Search Domain Scan URL

URL: https://cobaltstrike.com/downloads/csmanual38.pdf
Title: Cobalt Strike

Search URL Search Domain Scan URL

URL: https://www.blackhillsinfosec.com/morning-cobalt-strike-symantec/
Title: security professionals

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html
Title: criminal

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets
Title: nation-state

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0154/
Title: MITRE

Search URL Search Domain Scan URL

URL: https://blog.cobaltstrike.com/2013/09/05/how-to-crack-cobalt-strike-and-backdoor-it/
Title: pirated versions

Search URL Search Domain Scan URL

URL: http://2016.eicar.org/86-0-Intended-use.html
Title: EICAR

Search URL Search Domain Scan URL

URL: https://www.shodan.io/search?query=ssl.cert.serial%3A146473198
Title: security certificate

Search URL Search Domain Scan URL

URL: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/
Title: findings

Search URL Search Domain Scan URL

URL: https://blog.cobaltstrike.com/2019/02/19/cobalt-strike-team-server-population-study/
Title: Cobalt Strike Team Server Population Study

Search URL Search Domain Scan URL

URL: https://www.cobaltstrike.com/releasenotes.txt
Title: Cobalt Strike release notes

Search URL Search Domain Scan URL

URL: https://opendata.rapid7.com/
Title: Rapid7

Search URL Search Domain Scan URL

URL: https://medium.com/@80vul/identifying-cobalt-strike-team-servers-in-the-wild-by-using-zoomeye-debf995b6798
Title: blog

Search URL Search Domain Scan URL

URL: https://github.com/salesforce/ja3
Title: JA3 project

Search URL Search Domain Scan URL

URL: https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967
Title: fingerprints

Search URL Search Domain Scan URL

URL: https://github.com/OISF/suricata/blob/master/src/util-ja3.c
Title: Suricata

Search URL Search Domain Scan URL

URL: https://github.com/salesforce/ja3/tree/master/lists
Title: Salesforce’s Github account

Search URL Search Domain Scan URL

URL: https://sslbl.abuse.ch/ja3-fingerprints/
Title: sources

Search URL Search Domain Scan URL

URL: https://github.com/fox-it/cobaltstrike-extraneous-space
Title: detection methodology

Search URL Search Domain Scan URL

URL: https://twitter.com/ScumBots/statuses/1096073797688545280
Title: @Scumbots

Search URL Search Domain Scan URL

URL: https://twitter.com/ScumBots/statuses/1109450986530181122
Title: @Scumbots

Search URL Search Domain Scan URL

URL: https://www.shodan.io/search?query=31.220.43.11
Title: data

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
Title: ransomware

Search URL Search Domain Scan URL

URL: https://blog.morphisec.com/new-global-attack-on-point-of-sale-systems
Title: malware

Search URL Search Domain Scan URL

URL: https://talosintelligence.com/reputation_center/lookup?search=mail.sexlove24.com
Title: data

Search URL Search Domain Scan URL

URL: https://otx.alienvault.com/indicator/ip/185.80.233.166
Title: activity

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
Title: observed

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html
Title: TEMP.Periscope

Search URL Search Domain Scan URL

URL: https://www.clearskysec.com/tulip/
Title: Wilted Tulip

Search URL Search Domain Scan URL

URL: https://twitter.com/ScumBots/statuses/1109458537850261504
Title: @Scumbots

Search URL Search Domain Scan URL

URL: https://www.shodan.io/host/89.105.198.18
Title: corroborated

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/3a143d038aae9e4253ed6656beaaae298795a3df20e874544c0122435ef79bc0/detection
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/99d51f599e52988e92e5a6c124c252e203cabc41aecf4dab9c4ed72012b4aed2/relations
Title: delivering

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/99d51f599e52988e92e5a6c124c252e203cabc41aecf4dab9c4ed72012b4aed2/analysis/
Title: Cobalt Strike beacon

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/99d51f599e52988e92e5a6c124c252e203cabc41aecf4dab9c4ed72012b4aed2/community
Title: detected

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/06f8004835c5851529403f73ad23168b1127315d02c68e0153e362a73f915c72/behavior/Tencent%20HABO
Title: detected

Search URL Search Domain Scan URL

URL: https://www.abuseipdb.com/check/72.14.184.90
Title: implicated

Search URL Search Domain Scan URL

URL: https://censys.io/certificates/25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
Title: certificates

Search URL Search Domain Scan URL

URL: https://censys.io/certificates/e86b77b36a18ae3142d662d7a21a83993ecd487814649030449915e5d212e5aa
Title: linked

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/57b44bc1e2eca1b246b528db281d101532479b5688d743021cb7add7c08fd253/detection
Title: command and control

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/cs/c/?cta_guid=bfb042c4-2edc-4f3e-b748-d104f601ac33&signature=AAH58kHKnuDkhiIJrbKpk_n0xD_vxD1iVw&placement_guid=9210833d-34a7-4597-ade0-03e16dcbc24c&click=7158634a-173a-4706-90f2-043897e6ca00&hsutk=3b97b3126beecb902afe650f6f9a8402&canon=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&portal_id=252628&redirect_url=APefjpFqeUYMFB-iHHoP3svix3dSJKJyHeo1Q6D3PC7qUvaCt_MFxhVavHRiumANSF_qH0ulxDPpzlLTSjYkMSTxVm6Zkp8UFoQYXLaobq_QeGzgNbFPsySLw3e5nJMk3M3NkKDC6jHk9-kZGXHkGrOpbIvmtSU_C7LXZ9o6lxZThgERYDuCLNv5nfzWPs3Ta86htKkQQKcD_DHr6i_bhBQ7mhMQK5twTraTpckASoI_QDZ8h3oYVHkLb4txnttQfMZPyhVpV4u9thF9Y_6HYU5n_mvSAT-O3Q&__hstc=57501621.3b97b3126beecb902afe650f6f9a8402.1635492731667.1635492731667.1635492731667.1&__hssc=57501621.1.1635492731667&__hsfp=2427650321

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/cs/c/?cta_guid=9d9a2f2d-7a5e-4b33-9cfa-4f7e5e866275&signature=AAH58kElXzM7vvS_aCnJsoR1I4rT2fBVZQ&placement_guid=a7fb8b5c-b14d-4030-a76d-26dbc96ab43b&click=7e0bac5a-c643-4632-85a3-cf0dff628132&hsutk=3b97b3126beecb902afe650f6f9a8402&canon=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&portal_id=252628&redirect_url=APefjpEb7AJ6NRVw7nUpiwx-n3_7S36OAoTTQvVkruxdUrPo-B6PQ8qoI_8eAW1iI89WazqfUrv3V2dBOOKszdWwqiQasD7JN85xA-nAF0ksZfyTmhK6DqZiu1WkGAAxYpFfOZ2vg0efJceitMof1W5AK7xm4SOhIYSvHsXXQUKYpWtQ_0P9GUoLj_dbfCFPVtaoZDcBco5ZDBboW4cjCEsGNdeLV2U4_P6whXTziScxAVHNvLo9VBmML05-IK5TDWhn1fvcv9Uk1kWoaf9GGGO_4lht7l3BTg&__hstc=57501621.3b97b3126beecb902afe650f6f9a8402.1635492731667.1635492731667.1635492731667.1&__hssc=57501621.1.1635492731667&__hsfp=2427650321

Search URL Search Domain Scan URL

URL: https://theintelligencefund.com/
Title: The Intelligence Fund

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/book-3
Title: Handbook

Search URL Search Domain Scan URL

URL: https://id.recordedfuture.com/login?request_id=eyJpZCI6IjI3OTY0N2RhLWRmNDctNDJmNC1hM2FjLTM5MTM3NTQ1MmQ1NiIsImNsaWVudF9pZCI6InBvcnRhbCIsInJlc3BvbnNlX3R5cGUiOlsiY29kZSJdLCJzdGF0ZSI6IjZ3MUszdFlwNEhaNSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vYXBwLnJlY29yZGVkZnV0dXJlLmNvbS9yZi9hcGkvdjEvbG9naW5fY2FsbGJhY2siLCJzY29wZSI6WyJlbWFpbCIsIm9wZW5pZCJdfQ==
Title: Sign In

Search URL Search Domain Scan URL

URL: https://support.recordedfuture.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.facebook.com/RecordedFuture

Search URL Search Domain Scan URL

URL: https://twitter.com/RecordedFuture

Search URL Search Domain Scan URL

URL: https://www.instagram.com/recordedfuture/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/recorded-future/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/RecordedFuture

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://unpkg.com/aos@2.3.1/dist/aos.js?ver=3.8.5 HTTP 302
https://unpkg.com/aos@2.3.1/dist/aos.js

Request Chain 58

https://cdn.materialdesignicons.com/3.5.95/css/materialdesignicons.min.css HTTP 301
https://cdn.jsdelivr.net/mdi/3.5.95/css/materialdesignicons.min.css HTTP 301
https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css

Request Chain 108

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492730574&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26800%26time%3D1635492730574%26url%3Dhttps%253A%252F%252Fwww.recordedfuture.com%252Fcobalt-strike-servers%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492730574&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true

214 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.recordedfuture.com/cobalt-strike-servers/ 129 KB
36 KB 1312ms
1273ms Document
text/html 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b853433ae9f74d2536d11c7be13f1424d26c9108f97874c68179d53261258f6f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=60
cf-edge-cache: cache,platform=wordpress
content-security-policy: frame-ancestors 'none'
link: <https://www.recordedfuture.com/?p=37827>; rel=shortlink
referrer-policy: strict-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-bp7rr
x-styx-req-id: 5310e00a-388a-11ec-b51c-8617b0c79250
x-xss-protection: 1; mode=block
x-served-by: cache-mdw17335-MDW, cache-wdc5524-WDC
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1635492729.171223,VS0,VE731
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
cf-cache-status: MISS
last-modified: Fri, 29 Oct 2021 07:32:10 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a5ab5530fc727c0-PRG
content-encoding: gzip

GET
H2 200 materialize.css
www.recordedfuture.com/wp-content/themes/recorded-future-2019/css/ 146 KB
29 KB 38ms
36ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/css/materialize.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c142f741438550d5cad8e88b6b2952f8f256efda416f35e5a84dd2f6066144d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41304
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 29052
x-served-by: cache-mdw17343-MDW, cache-bwi5037-BWI
last-modified: Tue, 19 Oct 2021 23:40:00 GMT
server: cloudflare
x-timer: S1635451427.767181,VS0,VE2
etag: W/"616f5750-2491e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 23 Oct 2022 07:31:07 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d7e27c0-PRG
x-styx-req-id: 052097c8-330a-11ec-a383-3277ea497536
x-cache-hits: 0, 1

GET
H2 200 style.min.css
www.recordedfuture.com/wp-includes/css/dist/block-library/ 57 KB
11 KB 25ms
23ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42175
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 10961
x-served-by: cache-mdw17367-MDW, cache-bwi5037-BWI
last-modified: Wed, 13 Oct 2021 16:50:41 GMT
server: cloudflare
x-timer: S1635450555.253374,VS0,VE0
etag: W/"61670e61-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 06:27:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d7f27c0-PRG
x-styx-req-id: e7825872-2d80-11ec-92da-66ca9ee36be7
x-cache-hits: 0, 2

GET
H2 200 blocks.style.build.css
www.recordedfuture.com/wp-content/plugins/cool-timeline-pro/includes/gutenberg-instant-builder/dist/ 11 KB
2 KB 37ms
36ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/cool-timeline-pro/includes/gutenberg-instant-builder/dist/blocks.style.build.css?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c60328c2a2fba270c2fc603e556bb6eb41d10cecac5941dfe54e0c071472cc78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42175
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 1813
x-served-by: cache-mdw17332-MDW, cache-wdc5554-WDC
last-modified: Tue, 26 Oct 2021 19:46:46 GMT
server: cloudflare
x-timer: S1635450555.242647,VS0,VE1
etag: W/"61785b26-2d20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 08:50:20 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d8027c0-PRG
x-styx-req-id: 14c7542f-37cc-11ec-8013-ce1f3dd47c6f
x-cache-hits: 0, 1

GET
H2 200 dashicons.min.css
www.recordedfuture.com/wp-includes/css/ 58 KB
36 KB 25ms
23ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/css/dashicons.min.css?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42175
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 36701
x-served-by: cache-mdw17379-MDW, cache-wdc5560-WDC
last-modified: Tue, 26 Oct 2021 19:46:47 GMT
server: cloudflare
x-timer: S1635450555.262716,VS0,VE1
etag: W/"61785b27-e688"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 06:34:27 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d8327c0-PRG
x-styx-req-id: 195ce8bd-37b9-11ec-92da-66ca9ee36be7
x-cache-hits: 0, 1

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 39ms
16ms Stylesheet
text/css 142.250.74.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700&ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f10.1e100.net

Software

ESF /

Resource Hash

4b31f597e9852f3e8ef045d9f6032a8ecfe9d8e5c6cde3196c6964e193fe6615

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 07:13:44 GMT
server: ESF
date: Fri, 29 Oct 2021 07:32:10 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Fri, 29 Oct 2021 07:32:10 GMT

GET
H2 200 genericons.css
www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/genericons/genericons/ 27 KB
17 KB 37ms
36ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/genericons/genericons/genericons.css?ver=1.9

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98726f9632fa3f6359c2d118f2061241729bcfc9a98563ccb6cf87444d32bd88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42175
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 16752
x-served-by: cache-mdw17334-MDW, cache-bwi5039-BWI
last-modified: Wed, 13 Oct 2021 16:50:37 GMT
server: cloudflare
x-timer: S1635450555.242530,VS0,VE0
etag: W/"61670e5d-6b84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 05:45:11 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d8427c0-PRG
x-styx-req-id: 104a1147-2d7b-11ec-8d6c-a6abd588099d
x-cache-hits: 1, 3

GET
H2 200 font-awesome.min.css
www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/fontawesome/css/ 30 KB
8 KB 36ms
35ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/fontawesome/css/font-awesome.min.css?ver=1.9

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42175
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 7949
x-served-by: cache-mdw17320-MDW, cache-bwi5040-BWI
last-modified: Wed, 13 Oct 2021 16:50:37 GMT
server: cloudflare
x-timer: S1635450555.260372,VS0,VE1
etag: W/"61670e5d-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 05:35:20 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d8527c0-PRG
x-styx-req-id: afcb3aef-2d79-11ec-8013-ce1f3dd47c6f
x-cache-hits: 0, 1

GET
H2 200 all.min.css
www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/fontawesome5/css/ 51 KB
12 KB 25ms
24ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/fontawesome5/css/all.min.css?ver=1.9

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84decc00a588d65b9c7ae58a79d11fa6eb4a1ae0330a0e78097ef88599482168

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42175
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 12389
x-served-by: cache-mdw17349-MDW, cache-wdc5554-WDC
last-modified: Tue, 26 Oct 2021 19:46:46 GMT
server: cloudflare
x-timer: S1635450555.257262,VS0,VE0
etag: W/"61785b26-ca00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 06:25:40 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d8727c0-PRG
x-styx-req-id: df0d9a22-37b7-11ec-8431-aac19659ab0b
x-cache-hits: 1, 2

GET
H2 200 style.css
www.recordedfuture.com/wp-content/themes/recorded-future-2019/ 616 KB
83 KB 36ms
35ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b22a782d08b25024012dd62af1848c8e9fc236b147753ba3b98f03e8034aafa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42175
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9jmjz
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 84229
x-served-by: cache-mdw17349-MDW, cache-bwi5041-BWI
last-modified: Tue, 26 Oct 2021 19:46:48 GMT
server: cloudflare
x-timer: S1635450555.267334,VS0,VE2
etag: W/"61785b28-9a1a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 07:23:59 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d8927c0-PRG
x-styx-req-id: 04d19930-37c0-11ec-8aba-3a45c8ccc7dd
x-cache-hits: 1, 1

GET
H2 200 cookieconsent.min.css
www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/css/ 20 KB
4 KB 37ms
36ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/css/cookieconsent.min.css?ver=5.2.5.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42175
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 4188
x-served-by: cache-mdw17321-MDW, cache-wdc5538-WDC
last-modified: Sun, 17 Oct 2021 08:09:20 GMT
server: cloudflare
x-timer: S1635450555.257320,VS0,VE1
etag: W/"616bda30-519d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 05:20:14 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55b2d8b27c0-PRG
x-styx-req-id: 920f34e2-322e-11ec-b1cd-36fd5dbf0b73
x-cache-hits: 1, 1

GET
H2 200 jquery.min.js Show response
www.recordedfuture.com/wp-includes/js/jquery/ 87 KB
35 KB 41ms
32ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-drgj6
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 36073
x-served-by: cache-mdw17349-MDW, cache-bwi5055-BWI
last-modified: Mon, 04 Oct 2021 13:09:18 GMT
server: cloudflare
x-timer: S1635450556.308568,VS0,VE1
etag: W/"615afcfe-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 08 Oct 2022 05:30:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8527c0-PRG
x-styx-req-id: af8f4780-272f-11ec-b570-325a77174e1b
x-cache-hits: 1, 1

GET
H2 200 jquery-migrate.min.js Show response
www.recordedfuture.com/wp-includes/js/jquery/ 11 KB
5 KB 27ms
19ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 4565
x-served-by: cache-mdw17379-MDW, cache-bwi5052-BWI
last-modified: Tue, 26 Oct 2021 19:46:47 GMT
server: cloudflare
x-timer: S1635450556.312772,VS0,VE1
etag: W/"61785b27-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 05:14:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8627c0-PRG
x-styx-req-id: ecc0ce8c-37ad-11ec-92da-66ca9ee36be7
x-cache-hits: 1, 1

GET
H2 200 rf-logo-2020-1.png
www.recordedfuture.com/wp-content/uploads/ 4 KB
4 KB 40ms
32ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/rf-logo-2020-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0940efb55fa2f1deb76f9261931ac680e0fc2429e1073e2bafaadc7a32bab6d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-8s28k
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4016
x-served-by: cache-mdw17323-MDW, cache-bwi5051-BWI
last-modified: Fri, 03 Jul 2020 11:31:31 GMT
server: cloudflare
x-timer: S1635450556.334516,VS0,VE1
etag: "5eff1713-fb0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 3c812bc0-269a-11ec-85ab-0e5e40533d09
expires: Fri, 07 Oct 2022 11:40:42 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8727c0-PRG
x-cache-hits: 0, 1

GET
H2 200 logo-primary-black-2020.svg
www.recordedfuture.com/wp-content/uploads/ 5 KB
2 KB 50ms
42ms Image
image/svg+xml 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/logo-primary-black-2020.svg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40bcd63ab74f4ab4d6976033797595ea693379a4186ba951e8059d8f2b63c7a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-tkn5g
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1879
x-served-by: cache-mdw17353-MDW, cache-wdc5571-WDC
access-control-allow-origin: *
last-modified: Tue, 11 Aug 2020 17:58:16 GMT
server: cloudflare
x-timer: S1635450556.368740,VS0,VE0
etag: W/"5f32dc38-141a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 05:38:55 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8827c0-PRG
x-styx-req-id: 2ea08547-3231-11ec-8dcb-6ed349c1c73f
x-cache-hits: 1, 2

GET
H2 200 menu-aws-1.png
www.recordedfuture.com/wp-content/uploads/ 7 KB
7 KB 40ms
32ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/menu-aws-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b44433b6d777aed38ed9359c5453bba1fb62c181f99f060b94cc58e457457d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 6793
x-served-by: cache-mdw17340-MDW, cache-bwi5061-BWI
last-modified: Thu, 16 Jul 2020 14:51:53 GMT
server: cloudflare
x-timer: S1635450556.364987,VS0,VE1
etag: "5f106989-1a89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 712f5d32-3243-11ec-a383-3277ea497536
expires: Sat, 22 Oct 2022 07:49:38 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8927c0-PRG
x-cache-hits: 1, 1

GET
H2 200 solution-menu-2.png
www.recordedfuture.com/wp-content/uploads/ 42 KB
42 KB 48ms
41ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/solution-menu-2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1cc82f513588a417cfb181cd5b2329432cc3b2bb9d1f056e432838a036851aed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 42837
x-served-by: cache-mdw17345-MDW, cache-bwi5044-BWI
last-modified: Wed, 02 Sep 2020 14:38:31 GMT
server: cloudflare
x-timer: S1635450556.360921,VS0,VE0
etag: "5f4fae67-a755"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 2df6326e-37ca-11ec-8431-aac19659ab0b
expires: Sat, 29 Oct 2022 08:36:43 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8a27c0-PRG
x-cache-hits: 0, 2

GET
H2 200 Live-Demo-Button-min.png
www.recordedfuture.com/wp-content/uploads/ 3 KB
4 KB 47ms
40ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/Live-Demo-Button-min.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaeb4f0f1808f80c63dfe32e104ca7e0d2f34811e935891f591275d14b1a7826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-2wb7t
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3440
x-served-by: cache-mdw17379-MDW, cache-bwi5029-BWI
last-modified: Wed, 07 Jul 2021 17:28:07 GMT
server: cloudflare
x-timer: S1635450556.357062,VS0,VE1
etag: "60e5e427-d70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: dcd7f980-32fb-11ec-a09e-227203492b43
expires: Sun, 23 Oct 2022 05:49:46 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8b27c0-PRG
x-cache-hits: 1, 1

GET
H2 200 The-Record-Sq.png
www.recordedfuture.com/wp-content/uploads/ 6 KB
6 KB 50ms
41ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/The-Record-Sq.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7f76c0835d3a337c354d936e4797b1453457ab37dadb9f99cbf75bc792daede

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 6353
x-served-by: cache-mdw17376-MDW, cache-bwi5050-BWI
last-modified: Wed, 01 Sep 2021 15:14:27 GMT
server: cloudflare
x-timer: S1635450556.352171,VS0,VE1
etag: "612f98d3-18d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 5fcfdaaa-3272-11ec-b1cd-36fd5dbf0b73
expires: Sat, 22 Oct 2022 13:25:35 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8d27c0-PRG
x-cache-hits: 0, 1

GET
H2 200 insikt-group-logo-updated-2.png
www.recordedfuture.com/assets/ 12 KB
12 KB 48ms
40ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/insikt-group-logo-updated-2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faf835f97585eb330064dc8e8b23593c89ccbaf59ec5dc3fae770ddc6afedbda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 29592
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 12127
x-served-by: cache-mdw17337-MDW, cache-wdc5578-WDC
last-modified: Tue, 17 Dec 2019 17:53:59 GMT
server: cloudflare
x-timer: S1635463138.099840,VS0,VE1
etag: "5df91637-2f5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 12df3ffd-3239-11ec-949c-2a1d1f5da7d2
expires: Sat, 22 Oct 2022 06:35:25 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9027c0-PRG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-1-1.png
www.recordedfuture.com/assets/ 23 KB
23 KB 518ms
510ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-1-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f3923859a304623f0c5efd3103b04660502b9d2c7410b559d163266363efae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 23668
x-served-by: cache-mdw17333-MDW, cache-wdc5561-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492731.562337,VS0,VE1
etag: "5df6af1e-5c74"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 0b7243c5-2cc6-11ec-b1cd-36fd5dbf0b73
expires: Sat, 15 Oct 2022 08:09:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9227c0-PRG
x-cache-hits: 1, 1

GET
H2 200 cobalt-strike-servers-2-1.png
www.recordedfuture.com/assets/ 245 KB
246 KB 617ms
609ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-2-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c662a9b742f184dc32f391cb1a7e22636157ef73c441024f8bc217a9d76f744f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 251050
x-served-by: cache-mdw17346-MDW, cache-bwi5052-BWI
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492731.565675,VS0,VE2
etag: "5df6af1e-3d4aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 87ece03a-37bf-11ec-8d6c-a6abd588099d
expires: Sat, 29 Oct 2022 07:20:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9327c0-PRG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-3-2.png
www.recordedfuture.com/assets/ 46 KB
46 KB 613ms
605ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-3-2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04b12fe4b726c8e5ba04dcff9b0d38ce4732135f29f207d157298e361217dbe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 47059
x-served-by: cache-mdw17369-MDW, cache-wdc5577-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492731.564817,VS0,VE1
etag: "5df6af1e-b7d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: a7900da4-324c-11ec-8013-ce1f3dd47c6f
expires: Sat, 22 Oct 2022 08:55:35 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9427c0-PRG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-4-2.png
www.recordedfuture.com/assets/ 372 KB
373 KB 631ms
624ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-4-2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca30196668a7f8ebe3b4a6ef2d30a2e3d491b06557b222a75d98b47c50f69bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-rwnjp
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 381121
x-served-by: cache-mdw17363-MDW, cache-wdc5531-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492731.576016,VS0,VE2
etag: "5df6af1e-5d0c1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 40bc9902-26a0-11ec-a1eb-72f4ee0ed6c4
expires: Fri, 07 Oct 2022 12:23:46 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9527c0-PRG
x-cache-hits: 1, 1

GET
H2 200 cobalt-strike-servers-5-1.png
www.recordedfuture.com/assets/ 46 KB
46 KB 619ms
612ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-5-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba11b78c71401e77efe041c42fd9d50277c38a01ca9f377adf9f038338d28cc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9jmjz
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 46669
x-served-by: cache-mdw17345-MDW, cache-bwi5079-BWI
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492731.570260,VS0,VE2
etag: "5df6af1e-b64d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 24bedba1-3304-11ec-8aba-3a45c8ccc7dd
expires: Sun, 23 Oct 2022 06:49:03 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9627c0-PRG
x-cache-hits: 1, 1

GET
H2 200 cobalt-strike-servers-6-1.png
www.recordedfuture.com/assets/ 54 KB
54 KB 627ms
620ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-6-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

680ffc6fb7452a4d41dcccc5c5dff70c52d39aba45492d33c5413dddbf238c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-lq4jv
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 55340
x-served-by: cache-mdw17349-MDW, cache-bwi5053-BWI
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492731.577102,VS0,VE2
etag: "5df6af1e-d82c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 5d46ad9b-274c-11ec-9af9-1209d3a7d90f
expires: Sat, 08 Oct 2022 08:55:47 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9727c0-PRG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-7-1.png
www.recordedfuture.com/assets/ 85 KB
85 KB 608ms
601ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-7-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db41595d2e0dc3c39109915e8858537bdc06d9bf2b4800082478179af14db26b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-b6mvq
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 87053
x-served-by: cache-mdw17353-MDW, cache-wdc5522-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492731.559107,VS0,VE2
etag: "5df6af1e-1540d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 40a7883d-2bc9-11ec-adb8-669110ad1daa
expires: Fri, 14 Oct 2022 01:59:51 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9927c0-PRG
x-cache-hits: 1, 1

GET
H2 200 cobalt-strike-servers-8-1.png
www.recordedfuture.com/assets/ 84 KB
84 KB 630ms
623ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-8-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87ead41c0a6b481b3cc9c1bc9833aa34e2528b09e72516a285c734039ce5f168

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 85746
x-served-by: cache-mdw17375-MDW, cache-wdc5574-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492731.571567,VS0,VE4
etag: "5df6af1e-14ef2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: e9c8e4e9-2cc5-11ec-92da-66ca9ee36be7
expires: Sat, 15 Oct 2022 08:08:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce9a27c0-PRG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-9-1.png
www.recordedfuture.com/assets/ 81 KB
81 KB 151ms
145ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-9-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f25666e0933bf72ec6b39d6fc904783fbf5159b3fad915bdccca1a73e2ca273b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 82751
x-served-by: cache-mdw17327-MDW, cache-bwi5029-BWI
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635492730.287601,VS0,VE2
etag: "5df6af1e-1433f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: ee90c642-37c9-11ec-b1cd-36fd5dbf0b73
expires: Sat, 29 Oct 2022 08:34:57 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beee527c0-PRG
x-cache-hits: 0, 1

GET
H2 200 9210833d-34a7-4597-ade0-03e16dcbc24c.png
no-cache.hubspot.com/cta/default/252628/ 106 KB
107 KB 203ms
159ms Image
image/png 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/252628/9210833d-34a7-4597-ade0-03e16dcbc24c.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265fd69dc48e408e11848da1bdaea9a27f2f474a502775577ee17e62abcb761a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M392J0W3QMX333KG
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 108866
x-amz-id-2: u/sijJniQRhsTvv2kBDwf01VcnwybDEfXcqkh17l5YEKMqX3Fdg8juyTO9gcZqDjYC/Z7B66k7o=
last-modified: Wed, 13 Oct 2021 15:59:51 GMT
server: cloudflare
etag: "db62a06d8de823cfae569d82d79e5bff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWPliHhF0yKkxt%2BbE4Re88Bj5Cql0i5a%2FgTAOep6icJpouyKf%2FGjTjoBI39dW5VLVJWSUHJqSmQwW7Q1BN9R6oYKshA%2F1znYjm3%2BOVpYRkk%2FjYSvOewD2OqbOOMSTuYnV8QlfN20"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 6a5ab55c0f604131-PRG

GET
H2 200 current.js Show response
js.hscta.net/cta/ 15 KB
6 KB 64ms
25ms Script
application/javascript 104.17.221.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.221.204 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d40a41723def70b4af303c98a8269de407ed39586596106e16c9e0be01942d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 a12c29ca3e64ac2015cf4f6c9099b8ce.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
age: 512
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.58/bundles/current.js&cfRay=6a5aa8de6aea2788-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Tue, 12 Oct 2021 02:01:47 UTC
server: cloudflare
etag: W/"a8a49c7978076612823c74a68af6ddd2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: bIX34_Z7jbBTKmCHOiEuDTn.zv2_JoZI
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6a5ab55ba8d5f9d2-PRG
x-amz-cf-id: TlXLeg-cMueSCYH47ecJJk_fOFiB3Es2HrXifBgiBt9X22tvXqm2nw==
x-hs-target-asset: cta-embed-js/static-1.58/bundles/current.js

GET
H2 200 a7fb8b5c-b14d-4030-a76d-26dbc96ab43b.png
no-cache.hubspot.com/cta/default/252628/ 19 KB
19 KB 203ms
160ms Image
image/jpeg 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/252628/a7fb8b5c-b14d-4030-a76d-26dbc96ab43b.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f527f0504570ea0238ac6eff51a33a70834b3ed3123265351526460cbe0d8d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M39EVYDZAH36AVYN
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19318
x-amz-id-2: g8sfo2LHmnVGbAWT9IpN+nZ2hn361ZJ3E9ZzyOOphp/QF+hQlh2/3IoAW9+eAwar7OhKWLAHo74=
last-modified: Wed, 13 Oct 2021 16:00:34 GMT
server: cloudflare
etag: "6de6b71af030820504a0f539322a3e49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KD60JWOiz2fj2v3hL7A8aBggFk%2FVCnRF1jixXd557WTJwqVKnnsYZIC3zduOkTYx6T3AnH6tiWkOYGqyQKbjp7yeIOvIoz3Us98jYkGUpyCF6NUn5rYTOziiT7pHurA7cE9dTRp8"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 6a5ab55c0f654131-PRG

GET
H2 200 termination-federal-unemployment-programs-turning-point-fraudsters-list.jpg
www.recordedfuture.com/wp-content/uploads/ 378 KB
379 KB 49ms
43ms Image
image/jpeg 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/termination-federal-unemployment-programs-turning-point-fraudsters-list.jpg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f412e2b324d3f4828a4eebd87cbeef91837054dc9cbecee057c2a172ad3287ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41302
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
cf-bgj: h2pri
content-length: 387526
x-served-by: cache-mdw17371-MDW, cache-wdc5539-WDC
last-modified: Thu, 28 Oct 2021 15:59:35 GMT
server: cloudflare
x-timer: S1635451429.655751,VS0,VE1
etag: "617ac8e7-5e9c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 10a78b74-3809-11ec-b1cd-36fd5dbf0b73
expires: Sat, 29 Oct 2022 16:06:52 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beee827c0-PRG
x-cache-hits: 1, 1

GET
H2 200 operation-secondary-infektion-impersonates-swedish-riksdag-list.jpg
www.recordedfuture.com/wp-content/uploads/ 86 KB
86 KB 57ms
51ms Image
image/jpeg 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/operation-secondary-infektion-impersonates-swedish-riksdag-list.jpg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef52ef34f25e761b4c0392f953bdd8d9edda1bc028657df3dd9fdc6438183115

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41302
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: MISS, HIT
cf-bgj: h2pri
content-length: 87800
x-served-by: cache-mdw17323-MDW, cache-wdc5525-WDC
last-modified: Tue, 26 Oct 2021 13:53:05 GMT
server: cloudflare
x-timer: S1635451429.659274,VS0,VE1
etag: "61780841-156f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 5e56886e-3665-11ec-8013-ce1f3dd47c6f
expires: Thu, 27 Oct 2022 14:02:34 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beee927c0-PRG
x-cache-hits: 0, 1

GET
H2 200 List-View-1.jpg
www.recordedfuture.com/wp-content/uploads/ 363 KB
364 KB 58ms
52ms Image
image/jpeg 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/List-View-1.jpg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b95cb9d1afbdd93fee9b33d9f2da1b4e0df06ad73b77b8f507005d0ae2089e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41302
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: HIT, HIT
cf-bgj: h2pri
content-length: 371732
x-served-by: cache-mdw17350-MDW, cache-bwi5079-BWI
last-modified: Thu, 21 Oct 2021 12:56:05 GMT
server: cloudflare
x-timer: S1635451429.661461,VS0,VE0
etag: "61716365-5ac14"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 0564486b-37c0-11ec-8431-aac19659ab0b
expires: Sat, 29 Oct 2022 07:24:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beeea27c0-PRG
x-cache-hits: 1, 2

GET
H2 200 rf-logo-square-white-1.png
www.recordedfuture.com/wp-content/themes/recorded-future-2019/img/ 4 KB
4 KB 77ms
71ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/img/rf-logo-square-white-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22d9ce45b9c08488a55c6806bb6dc4cbfde25f244f223ad95dafa7ab4fdf09f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-bdff5
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4199
x-served-by: cache-mdw17345-MDW, cache-wdc5552-WDC
last-modified: Wed, 13 Oct 2021 16:50:36 GMT
server: cloudflare
x-timer: S1635450556.348746,VS0,VE0
etag: "61670e5c-1067"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: d73d2069-2cba-11ec-a29b-cab5920faf7c
expires: Sat, 15 Oct 2022 06:49:12 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beeec27c0-PRG
x-cache-hits: 1, 2

GET
H2 200 qppr_frontend_script.min.js Show response
www.recordedfuture.com/wp-content/plugins/quick-pagepost-redirect-plugin/js/ 2 KB
825 B 60ms
54ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/quick-pagepost-redirect-plugin/js/qppr_frontend_script.min.js?ver=5.2.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fc2845d22c09928ba9dae73f657a21ede05bed89a42efafe1028bcbe4ee499b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9jmjz
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 568
x-served-by: cache-mdw17345-MDW, cache-wdc5542-WDC
last-modified: Wed, 13 Oct 2021 16:50:36 GMT
server: cloudflare
x-timer: S1635450556.347820,VS0,VE1
etag: W/"61670e5c-636"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 15 Oct 2022 11:15:21 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beeed27c0-PRG
x-styx-req-id: 0592089c-2ce0-11ec-8aba-3a45c8ccc7dd
x-cache-hits: 0, 1

GET
H2 200 jquery.rwdImageMaps.min.js Show response
www.recordedfuture.com/wp-content/plugins/responsive-image-maps/ 1 KB
910 B 47ms
41ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/responsive-image-maps/jquery.rwdImageMaps.min.js?ver=1.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed839d9fae4a8e722e9c408c2716a6f1eb789b99ef16722cd39ff4965749d8fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 661
x-served-by: cache-mdw17377-MDW, cache-bwi5063-BWI
last-modified: Tue, 26 Oct 2021 19:46:46 GMT
server: cloudflare
x-timer: S1635450556.366872,VS0,VE1
etag: W/"61785b26-45a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 08:12:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beef127c0-PRG
x-styx-req-id: c3b4885c-37c6-11ec-b1cd-36fd5dbf0b73
x-cache-hits: 1, 1

GET
H2

200

aos.js Show response
unpkg.com/aos@2.3.1/dist/
Redirect Chain

https://unpkg.com/aos@2.3.1/dist/aos.js?ver=3.8.5
https://unpkg.com/aos@2.3.1/dist/aos.js

14 KB
5 KB

20ms
20ms

Script
application/javascript

104.16.125.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Server

104.16.125.175 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16336782
fly-request-id: 01F3YKE0RE4AJ5JH3SVYCCQB2Z
content-encoding: br
vary: Accept-Encoding
last-modified: Thu, 17 May 2018 22:11:13 GMT
server: cloudflare
etag: W/"379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6a5ab55cac2f4107-PRG

Redirect headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: EXPIRED
fly-request-id: 01FK5FD5CQ6S1K17W0TEQWW5NQ
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /aos@2.3.1/dist/aos.js
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6a5ab55bfb224107-PRG

GET
H2 200 materialize.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 217 KB
61 KB 60ms
55ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/materialize.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9576157078dda9a522dad222249eeec6e639a856351b9f09451163cec1828ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 61953
x-served-by: cache-mdw17348-MDW, cache-wdc5548-WDC
last-modified: Tue, 12 Oct 2021 13:13:50 GMT
server: cloudflare
x-timer: S1635450556.350991,VS0,VE1
etag: W/"61658a0e-36305"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 13 Oct 2022 13:14:04 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beef227c0-PRG
x-styx-req-id: 44db5377-2b5e-11ec-949c-2a1d1f5da7d2
x-cache-hits: 0, 1

GET
H2 200 isotope.pkgd.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 89 KB
27 KB 58ms
52ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/isotope.pkgd.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

699713f69dbd2387b7c3b57204bcdc3d86d3ac350718a7ad65a5293e0d2c53eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 27654
x-served-by: cache-mdw17341-MDW, cache-bwi5056-BWI
last-modified: Tue, 26 Oct 2021 19:46:48 GMT
server: cloudflare
x-timer: S1635450556.368344,VS0,VE1
etag: W/"61785b28-16506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 06:04:55 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beef327c0-PRG
x-styx-req-id: f9453655-37b4-11ec-949c-2a1d1f5da7d2
x-cache-hits: 0, 1

GET
H2 200 navigation.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 3 KB
1 KB 62ms
57ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/navigation.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 1179
x-served-by: cache-mdw17354-MDW, cache-bwi5045-BWI
last-modified: Tue, 26 Oct 2021 19:46:48 GMT
server: cloudflare
x-timer: S1635450556.360166,VS0,VE1
etag: W/"61785b28-b97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 08:12:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beef527c0-PRG
x-styx-req-id: c3c9c3a6-37c6-11ec-8013-ce1f3dd47c6f
x-cache-hits: 1, 1

GET
H2 200 skip-link-focus-fix.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 685 B
710 B 56ms
51ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/skip-link-focus-fix.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 426
x-served-by: cache-mdw17359-MDW, cache-bwi5036-BWI
last-modified: Tue, 26 Oct 2021 19:46:52 GMT
server: cloudflare
x-timer: S1635450556.403636,VS0,VE1
etag: W/"61785b2c-2ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 07:24:01 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beef627c0-PRG
x-styx-req-id: 05b2d923-37c0-11ec-92da-66ca9ee36be7
x-cache-hits: 0, 1

GET
H2 200 util.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 3 KB
2 KB 55ms
51ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/util.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

773a8f6755c75e51461fb4809413075f96342df2696625580b407967292d915c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-tkn5g
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 1302
x-served-by: cache-mdw17332-MDW, cache-wdc5537-WDC
last-modified: Tue, 19 Oct 2021 00:39:01 GMT
server: cloudflare
x-timer: S1635450556.374775,VS0,VE1
etag: W/"616e13a5-d48"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 05:38:56 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beef827c0-PRG
x-styx-req-id: 2ed1e179-3231-11ec-8dcb-6ed349c1c73f
x-cache-hits: 0, 1

GET
H2 200 swipe-content.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 3 KB
1 KB 61ms
56ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/swipe-content.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8207ade6f639887a7838b2903d39de1b3d21a327b031310555676d120e068b47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-bdff5
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 912
x-served-by: cache-mdw17352-MDW, cache-wdc5549-WDC
last-modified: Tue, 12 Oct 2021 13:13:50 GMT
server: cloudflare
x-timer: S1635450556.400191,VS0,VE1
etag: W/"61658a0e-c29"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 13 Oct 2022 13:14:04 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beefa27c0-PRG
x-styx-req-id: 44dc6167-2b5e-11ec-a29b-cab5920faf7c
x-cache-hits: 1, 1

GET
H2 200 nodelist-foreach-polyfill.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 242 B
525 B 75ms
70ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/nodelist-foreach-polyfill.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70c9b373b81d6e43a3479f52231ac50d2691fd9232042514159be5866a65e40f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-bdff5
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 174
x-served-by: cache-mdw17383-MDW, cache-bwi5034-BWI
last-modified: Wed, 13 Oct 2021 16:50:40 GMT
server: cloudflare
x-timer: S1635450556.384459,VS0,VE1
etag: W/"61670e60-f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 15 Oct 2022 11:22:25 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beefb27c0-PRG
x-styx-req-id: 0214e400-2ce1-11ec-a29b-cab5920faf7c
x-cache-hits: 0, 1

GET
H2 200 smoothscroll.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 11 KB
4 KB 58ms
53ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/smoothscroll.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83e7b0edd83ba89635382f425dfdfd4e2dc0f4c43a059c41dce98cdb1048ab86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 3373
x-served-by: cache-mdw17350-MDW, cache-wdc5535-WDC
last-modified: Tue, 12 Oct 2021 13:13:49 GMT
server: cloudflare
x-timer: S1635450556.377164,VS0,VE0
etag: W/"61658a0d-2c9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 13 Oct 2022 13:14:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beefc27c0-PRG
x-styx-req-id: 44df4aec-2b5e-11ec-a383-3277ea497536
x-cache-hits: 1, 2

GET
H2 200 slick.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 50 KB
14 KB 56ms
52ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/slick.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec3873a49c77ec8a26f8c7a6f60eff1c0a7884459b5f8d2fcef28ef0ce271792

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-2wb7t
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 14024
x-served-by: cache-mdw17370-MDW, cache-bwi5057-BWI
last-modified: Tue, 26 Oct 2021 19:46:48 GMT
server: cloudflare
x-timer: S1635450556.412598,VS0,VE0
etag: W/"61785b28-c676"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 06:27:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beefe27c0-PRG
x-styx-req-id: 1fcee821-37b8-11ec-a09e-227203492b43
x-cache-hits: 1, 3

GET
H2 200 jquery.matchHeight.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 5 KB
2 KB 58ms
54ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/jquery.matchHeight.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

271bc594ffc1d972db7f089f567b29b1174183bcd46c672eb7775226a404a027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-b6mvq
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 1694
x-served-by: cache-mdw17364-MDW, cache-wdc5545-WDC
last-modified: Tue, 19 Oct 2021 00:39:01 GMT
server: cloudflare
x-timer: S1635450556.383367,VS0,VE1
etag: W/"616e13a5-12b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 06:42:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55beeff27c0-PRG
x-styx-req-id: ffc0c0ff-3239-11ec-adb8-669110ad1daa
x-cache-hits: 1, 1

GET
H2 200 jquery.tabslet.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 3 KB
2 KB 55ms
51ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/jquery.tabslet.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5238692ecf23970cbc3bad3899f5ad4913886cd16f0883d22fda406b3324a253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 1305
x-served-by: cache-mdw17347-MDW, cache-bwi5057-BWI
last-modified: Tue, 12 Oct 2021 13:13:50 GMT
server: cloudflare
x-timer: S1635450556.415722,VS0,VE1
etag: W/"61658a0e-ceb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 13 Oct 2022 13:14:04 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0127c0-PRG
x-styx-req-id: 44dbc194-2b5e-11ec-949c-2a1d1f5da7d2
x-cache-hits: 0, 1

GET
H2 200 vendor.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 101 KB
26 KB 66ms
63ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/vendor.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

692f218144b18d4f2c28c9d8d69385106263fb3239fd0ae2b42680202941ba0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-bdff5
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 26112
x-served-by: cache-mdw17341-MDW, cache-bwi5063-BWI
last-modified: Sun, 17 Oct 2021 08:09:21 GMT
server: cloudflare
x-timer: S1635450556.394367,VS0,VE1
etag: W/"616bda31-19302"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 23 Oct 2022 06:18:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0327c0-PRG
x-styx-req-id: d7d2e4b7-32ff-11ec-a29b-cab5920faf7c
x-cache-hits: 1, 1

GET
H2 200 script.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 10 KB
3 KB 61ms
57ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/script.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ab1a5e7c2b115dc7e18cc7715b14ee689e79dcb8ff780d7398991d19a6858f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-tkn5g
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 3131
x-served-by: cache-mdw17334-MDW, cache-bwi5064-BWI
last-modified: Tue, 12 Oct 2021 13:13:49 GMT
server: cloudflare
x-timer: S1635450556.400829,VS0,VE1
etag: W/"61658a0d-2999"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 13 Oct 2022 13:14:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0427c0-PRG
x-styx-req-id: 44dc88e4-2b5e-11ec-8dcb-6ed349c1c73f
x-cache-hits: 0, 1

GET
H2 200 IGLibrary.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 33 KB
10 KB 60ms
57ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/IGLibrary.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f7e6a6c895c100151dfb452658d754fba7965e3ca95359990486db344d531e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 9789
x-served-by: cache-mdw17360-MDW, cache-bwi5072-BWI
last-modified: Tue, 26 Oct 2021 19:46:52 GMT
server: cloudflare
x-timer: S1635450556.408875,VS0,VE1
etag: W/"61785b2c-853a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 07:24:01 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0627c0-PRG
x-styx-req-id: 05b74fb9-37c0-11ec-8431-aac19659ab0b
x-cache-hits: 1, 1

GET
H2 200 hoverIntent.min.js Show response
www.recordedfuture.com/wp-includes/js/ 1 KB
837 B 57ms
54ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/hoverIntent.min.js?ver=1.8.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 501
x-served-by: cache-mdw17346-MDW, cache-bwi5043-BWI
last-modified: Tue, 26 Oct 2021 19:46:49 GMT
server: cloudflare
x-timer: S1635450556.441176,VS0,VE1
etag: W/"61785b29-462"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 08:12:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0827c0-PRG
x-styx-req-id: c3b4ba65-37c6-11ec-8431-aac19659ab0b
x-cache-hits: 1, 1

GET
H2 200 maxmegamenu.js Show response
www.recordedfuture.com/wp-content/plugins/megamenu/js/ 29 KB
6 KB 75ms
72ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=2.9.3

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8271756d5397dd04fee9e7b5e9bb25a40b32102998938539946d9a006a0ec737

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-drgj6
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 6172
x-served-by: cache-mdw17376-MDW, cache-wdc5527-WDC
last-modified: Mon, 04 Oct 2021 13:09:17 GMT
server: cloudflare
x-timer: S1635450556.441262,VS0,VE1
etag: W/"615afcfd-7583"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 08 Oct 2022 05:51:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0927c0-PRG
x-styx-req-id: 8df6df95-2732-11ec-b570-325a77174e1b
x-cache-hits: 0, 1

GET
H2 200 public.js Show response
www.recordedfuture.com/wp-content/plugins/megamenu-pro/assets/ 20 KB
4 KB 75ms
72ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu-pro/assets/public.js?ver=1.9

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24dc262ca6db1017f88a6f18786dbb088dce4d06f65ed2b4b43cfd8d0cc618b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 4080
x-served-by: cache-mdw17340-MDW, cache-bwi5024-BWI
last-modified: Thu, 21 Oct 2021 10:54:05 GMT
server: cloudflare
x-timer: S1635450556.422642,VS0,VE0
etag: W/"617146cd-4f87"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 13:06:29 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0a27c0-PRG
x-styx-req-id: b4b13206-326f-11ec-b1cd-36fd5dbf0b73
x-cache-hits: 0, 2

GET
H2 200 cookieconsent.min.js Show response
www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/ 25 KB
9 KB 58ms
55ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/cookieconsent.min.js?ver=5.2.5.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81dbdd695385ce9e3065e0cf1d8f058169de79244b1d1be4059b527e31d23c77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-b6mvq
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 8808
x-served-by: cache-mdw17344-MDW, cache-bwi5033-BWI
last-modified: Wed, 13 Oct 2021 16:50:39 GMT
server: cloudflare
x-timer: S1635450556.434583,VS0,VE1
etag: W/"61670e5f-6441"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 06:03:57 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0b27c0-PRG
x-styx-req-id: aee50b0d-2d7d-11ec-adb8-669110ad1daa
x-cache-hits: 1, 1

GET
H2 200 complianz.min.js Show response
www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/ 40 KB
11 KB 56ms
53ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/complianz.min.js?ver=5.2.5.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

326d6c39524da9a4b3d35286c798b93738a4665b29ce498d5b5df959a3a19012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 10632
x-served-by: cache-mdw17348-MDW, cache-bwi5043-BWI
last-modified: Tue, 26 Oct 2021 19:46:51 GMT
server: cloudflare
x-timer: S1635450556.386176,VS0,VE1
etag: W/"61785b2b-9e2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 08:36:43 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0c27c0-PRG
x-styx-req-id: 2e0d6de1-37ca-11ec-8431-aac19659ab0b
x-cache-hits: 0, 1

GET
H2 200 wp-embed.min.js Show response
www.recordedfuture.com/wp-includes/js/ 1 KB
1018 B 58ms
55ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/wp-embed.min.js?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-6b6d6f77d6-7hfl5
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 779
x-served-by: cache-mdw17381-MDW, cache-wdc5554-WDC
last-modified: Mon, 04 Oct 2021 19:08:05 GMT
server: cloudflare
x-timer: S1635450556.429363,VS0,VE0
etag: W/"615b5115-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 08 Oct 2022 05:39:38 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0e27c0-PRG
x-styx-req-id: f62a8696-2730-11ec-a8d7-0e710ff1d229
x-cache-hits: 0, 2

GET
H3

200

materialdesignicons.min.css
cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/
Redirect Chain

https://cdn.materialdesignicons.com/3.5.95/css/materialdesignicons.min.css
https://cdn.jsdelivr.net/mdi/3.5.95/css/materialdesignicons.min.css
https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css

151 KB
27 KB

39ms
23ms

Stylesheet
text/css

104.16.86.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Server

104.16.86.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81a0af4b719cd7130599920adcdb46c1baee5556a3bdac934cc13acab1da9d30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297613
x-jsd-version: 3.5.95
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19175-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"25b36-muzSasCNVhPtM//V10IY3npbGLE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6a5ab55cfcac4107-PRG

Redirect headers

date: Fri, 29 Oct 2021 07:32:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297613
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 111
x-served-by: cache-fra19178-FRA
timing-allow-origin: *
server: cloudflare
location: https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000
cf-ray: 6a5ab55ca8f44138-PRG

GET
H2 200 icon
fonts.googleapis.com/ 569 B
440 B 17ms
16ms Stylesheet
text/css 142.250.74.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f10.1e100.net

Software

ESF /

Resource Hash

bd54d3dc95cf10c02ae9f22ec9e0d584284f02c241478074e4caadf5a8f49e6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 07:32:10 GMT
server: ESF
date: Fri, 29 Oct 2021 07:32:10 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Fri, 29 Oct 2021 07:32:10 GMT

GET
H2 200 slick.css
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ 2 KB
779 B 58ms
27ms Stylesheet
text/css 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.19.94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3414421
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 450
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-6f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ObztVrm7E3%2B16EnSlfusg3LrrTQMh1c50HfM1TlUyp%2BV0xb%2FinbtsuPyxEikUaSpHgCgVz3ycNUeB5D%2FsDGPgqXwQl8%2F0%2BNxeQAnpOM9gU5Fv4LfRpF9t5JO523Nk85tGo2nvl5T"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a5ab55beef427c0-PRG
expires: Wed, 19 Oct 2022 07:32:10 GMT

GET
H2 200 slick-theme.css
kenwheeler.github.io/slick/slick/ 3 KB
1 KB 29ms
6ms Stylesheet
text/css 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://kenwheeler.github.io/slick/slick/slick-theme.css
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-fastly-request-id: e9dc868ce47cfa4bee640926acbcf289edd8bb56
date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
age: 515
x-cache: HIT
content-length: 882
x-served-by: cache-hhn4071-HHN
access-control-allow-origin: *
last-modified: Mon, 02 Jul 2018 12:58:42 GMT
server: GitHub.com
x-github-request-id: 0C48:06C5:B94B5:10436D:617B5F92
x-timer: S1635492730.218767,VS0,VE0
etag: W/"5b3a2182-c49"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 varnish
expires: Fri, 29 Oct 2021 02:49:28 GMT
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
x-proxy-cache: HIT
x-cache-hits: 10

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.0/ 57 KB
4 KB 56ms
26ms Stylesheet
text/css 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.0/animate.min.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.19.94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ed082521f47921ffff14d4ec1c6c3f1ea55114741bee23cc23d4ab6a3213642

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4195877
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3541
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d2a-e283"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ADB9k54LB1f0pV1ixEKUb9NLLQ8TW%2FU%2FTij%2FSo%2B4XMrdjkrXDyi9q%2Ff5If%2FKVM8T2CeVlC0P4Aic7NQMg1W5E0b0BE9w77981nJP%2BFIhyvd1z94O7vo1TFiQTmlIsjnCfp%2BVMb7I"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a5ab55beef927c0-PRG
expires: Wed, 19 Oct 2022 07:32:10 GMT

GET
H2 200 lity.css
www.recordedfuture.com/wp-content/themes/recorded-future-2019/css/ 3 KB
1 KB 39ms
31ms Stylesheet
text/css 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/css/lity.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0604167abf2874fdbd5b6d19037baba5d36642b21656c3a6ce6cfef5b6ae8a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 1025
x-served-by: cache-mdw17355-MDW, cache-bwi5058-BWI
last-modified: Sun, 17 Oct 2021 08:09:21 GMT
server: cloudflare
x-timer: S1635450556.306231,VS0,VE1
etag: W/"616bda31-cd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 23 Oct 2022 05:55:48 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bce8427c0-PRG
x-styx-req-id: b4949ac7-32fc-11ec-8013-ce1f3dd47c6f
x-cache-hits: 1, 1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 42ms
18ms Script
application/javascript 142.250.186.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-9153858-2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d9d77a3f1c26a593a4d4fa4c7122e85ee25a2c6c0888727f7e2b2f808f4353fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35800
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 07:32:10 GMT

GET
H2 200 252628.js Show response
js.hs-scripts.com/ 984 B
910 B 473ms
422ms Script
application/javascript 104.17.211.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/252628.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.211.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2141abf196d6e27db0c32272439429c12f3ad7ac611be5b9fe7c079a0735d827

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 6303dd3d-dd74-4300-9045-b89927d14600
last-modified: Fri, 29 Oct 2021 07:21:59 GMT
server: cloudflare
x-trace: 2B3EF74577E22454DBBE619F22A5ADA51E83130393000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.recordedfuture.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6a5ab55c28ee2790-PRG
expires: Fri, 29 Oct 2021 07:33:10 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 37ms
6ms Script
application/javascript 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:10 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Fri, 29 Oct 2021 07:32:10 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 22ms
7ms Script
application/x-javascript 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.19 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

9d1a71851b9c575f7a08134336da7769a379f0db481b058bf45a82d60b7e2ddc

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25969
x-xss-protection: 0
pragma: public
x-fb-debug: EiUSEq/GsUYhi55kKoKghiNsQK31m94G5H9F07lxTi16GVp2gXmqVGG8aQ35tdzru1abYi8wAmekdpaLPsSEnw==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 29 Oct 2021 07:32:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 195 KB
66 KB 26ms
25ms Script
application/javascript 142.250.186.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

449f8a15dcb126b3fcc4c718a80860c9b494b2703705263e921964e664b0a9f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67621
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 07:32:10 GMT

GET
H2 200 matomo.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 191 KB
56 KB 48ms
14ms Script
application/javascript 143.204.98.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-80.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1519dacf01319cb5e0caa709cf1cb40794474a6ca4eb2de3d6fcb86c6157bf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 22:23:52 GMT
content-encoding: gzip
age: 119299
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 17 Oct 2021 20:19:00 GMT
server: AmazonS3
etag: W/"7cb87695146dc95cd8d88df28207416b"
vary: Accept-Encoding
x-amz-version-id: 6OU.jcK726xIXqmaHxPRdLJ.sc4VC7b9
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
cache-control: max-age=691200
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: llgeUZzjDRhORmAZ2cJBnFczc9a0MlOexMR3Ia_PNHWjOse1b5p2cA==

GET
H2 200 container_nbhoRDM8.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 228 KB
66 KB 47ms
13ms Script
application/javascript 143.204.98.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/container_nbhoRDM8.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-80.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fccfcbc28d8356bdb5cf1c1323928aeb3e837f96cca5d64458d495f21f03e357

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 06:49:04 GMT
content-encoding: gzip
age: 607387
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 17 Oct 2021 20:19:01 GMT
server: AmazonS3
etag: W/"82805d16c3df5ec5c6c2ffe082ad7879"
vary: Accept-Encoding
x-amz-version-id: ofsW2xtj62u5IQvDiXMYwHzZx8qUII54
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
cache-control: max-age=691200
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: w3F53BHs0JffV6RV4BmTSNMmVi81eJ4pP0i8fnLraxUhBotmDRbg4A==

GET
H2 200 wp-emoji-release.min.js Show response
www.recordedfuture.com/wp-includes/js/ 14 KB
5 KB 67ms
65ms Script
application/x-javascript 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 5269
x-served-by: cache-mdw17354-MDW, cache-wdc5528-WDC
last-modified: Sun, 17 Oct 2021 08:09:22 GMT
server: cloudflare
x-timer: S1635450556.407475,VS0,VE1
etag: W/"616bda32-3795"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 07:02:09 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef0f27c0-PRG
x-styx-req-id: cf0bace3-323c-11ec-949c-2a1d1f5da7d2
x-cache-hits: 0, 1

GET
H2 400 css2
fonts.googleapis.com/ 0
0 17ms
16ms Stylesheet
text/html 142.250.74.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.googleapis.com/css2?family=Inter:ital,wght@100..900
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.74.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f10.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 mp5rtwcnz2nd.js Show response
js.driftt.com/include/1635492900000/ 216 KB
62 KB 147ms
124ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1635492900000/mp5rtwcnz2nd.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

707fa94515d8bb05911ba2599cc33e2ea12338116fdbb426d7bb27745fc854ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: pIN9Mmbe9.qgbdzPKgHQdtjAVPuAONp0
content-encoding: gzip
etag: W/"813ae9adbbed4c9c0d39f0db074d4529"
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 19:03:47 GMT
server: nginx
date: Fri, 29 Oct 2021 07:32:10 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: T0tt09WxegHSxFSXB86M9i6KaKAFegWlecJoPAE-xD7tn93p7FT9Rg==

GET
DATA 200
OK truncated
/ 609 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 420 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5efce88ac7228ea159bcf7fd1cc56d73c19428394218706524bac0e9151d4c61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 545 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79a39793efbf8217efbbc840e1b2041fe995363a5f12f0c01dd4d1462e5eb842

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 545 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3323814006fe6739493d27057954941830b59eff37ebaac994310e17c522dd57

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 592 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6fdd24bd96b3a482bc058d5c9bcfd6f1c664d91bbd47658d65ac5d852535f7fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 icon-brand-protect.png
www.recordedfuture.com/wp-content/uploads/ 4 KB
4 KB 47ms
46ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-brand-protect.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c23c7b5a64271af443cbff923966e7878bdbe67654ff666c1619e991be666775

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3905
x-served-by: cache-mdw17353-MDW, cache-bwi5069-BWI
last-modified: Wed, 05 Feb 2020 16:09:29 GMT
server: cloudflare
x-timer: S1635450556.467871,VS0,VE0
etag: "5e3ae8b9-f41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 12d10f81-2d7b-11ec-949c-2a1d1f5da7d2
expires: Sun, 16 Oct 2022 05:45:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1127c0-PRG
x-cache-hits: 1, 3

GET
H2 200 icon-secops.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
5 KB 58ms
58ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-secops.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a09ca406e89e7b1d3172741824df92d81eb000aa3241559c573f1bf17bc4899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4735
x-served-by: cache-mdw17334-MDW, cache-bwi5062-BWI
last-modified: Wed, 05 Feb 2020 16:09:33 GMT
server: cloudflare
x-timer: S1635450556.385885,VS0,VE1
etag: "5e3ae8bd-127f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 1dc341cf-37cc-11ec-8d6c-a6abd588099d
expires: Sat, 29 Oct 2022 08:50:35 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1327c0-PRG
x-cache-hits: 0, 1

GET
H2 200 icon-threat-intel.png
www.recordedfuture.com/wp-content/uploads/ 3 KB
3 KB 45ms
45ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-threat-intel.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f76e86c6a29453f0e15e74069a1e105af353ff07abaf5b7fdbb599e7c3263741

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2590
x-served-by: cache-mdw17377-MDW, cache-wdc5564-WDC
last-modified: Wed, 05 Feb 2020 16:09:28 GMT
server: cloudflare
x-timer: S1635450556.389729,VS0,VE1
etag: "5e3ae8b8-a1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 9d055898-3248-11ec-8d6c-a6abd588099d
expires: Sat, 22 Oct 2022 08:26:39 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1427c0-PRG
x-cache-hits: 0, 1

GET
H2 200 icon-vuln-mgmt.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
6 KB 48ms
47ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-vuln-mgmt.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6759e1844268d4ab9f5c8a9c16c245b58c1b5cc8d8361ce751bf8902a0025293

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 5398
x-served-by: cache-mdw17354-MDW, cache-wdc5536-WDC
last-modified: Wed, 05 Feb 2020 16:09:32 GMT
server: cloudflare
x-timer: S1635450556.449770,VS0,VE1
etag: "5e3ae8bc-1516"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: fbf80578-37b4-11ec-a383-3277ea497536
expires: Sat, 29 Oct 2022 06:05:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1527c0-PRG
x-cache-hits: 0, 1

GET
H2 200 icon-third-party.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
5 KB 47ms
47ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-third-party.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7223c0b2ffaafe54a5aa7784420e711a847bde036b3e8050c319e815a4b1aa33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-6b6d6f77d6-rtbxr
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 5241
x-served-by: cache-mdw17349-MDW, cache-bwi5052-BWI
last-modified: Wed, 05 Feb 2020 16:09:31 GMT
server: cloudflare
x-timer: S1635450556.430546,VS0,VE1
etag: "5e3ae8bb-1479"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 3727d247-2696-11ec-87ae-d639ca93668d
expires: Fri, 07 Oct 2022 11:11:55 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1627c0-PRG
x-cache-hits: 0, 1

GET
H2 200 icon-geopoli.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
5 KB 46ms
46ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-geopoli.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7915f988d90a47aff5003835c6e0255c3cb35247762ff36f005e7f94d5e8fbbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4916
x-served-by: cache-mdw17361-MDW, cache-bwi5049-BWI
last-modified: Wed, 05 Feb 2020 16:09:30 GMT
server: cloudflare
x-timer: S1635450556.391448,VS0,VE1
etag: "5e3ae8ba-1334"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: fc2a624a-37b4-11ec-949c-2a1d1f5da7d2
expires: Sat, 29 Oct 2022 06:05:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1727c0-PRG
x-cache-hits: 1, 1

GET
H2 200 icon-overview.png
www.recordedfuture.com/wp-content/uploads/ 790 B
1 KB 57ms
57ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-overview.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

593f56bb9b00b639f6aadc57954f46080ce233d1bc01ef50f85720df619029f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-tkn5g
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 790
x-served-by: cache-mdw17335-MDW, cache-wdc5573-WDC
last-modified: Tue, 17 Dec 2019 15:13:34 GMT
server: cloudflare
x-timer: S1635450556.418814,VS0,VE1
etag: "5df8f09e-316"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 21626777-37b8-11ec-8dcb-6ed349c1c73f
expires: Sat, 29 Oct 2022 06:27:31 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1927c0-PRG
x-cache-hits: 1, 1

GET
H2 200 icon-portal.png
www.recordedfuture.com/wp-content/uploads/ 521 B
752 B 47ms
47ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-portal.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

613c27d45e0551e5862b4bbbf3c6f5241f73bc472ff15e84492f9b4f6579c58b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 521
x-served-by: cache-mdw17346-MDW, cache-bwi5057-BWI
last-modified: Tue, 17 Dec 2019 15:13:47 GMT
server: cloudflare
x-timer: S1635450556.421912,VS0,VE1
etag: "5df8f0ab-209"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: e4264512-37f2-11ec-8013-ce1f3dd47c6f
expires: Sat, 29 Oct 2022 13:28:09 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1a27c0-PRG
x-cache-hits: 0, 1

GET
H2 200 menu-integrations-1-36x36.png
www.recordedfuture.com/wp-content/uploads/ 966 B
1 KB 42ms
41ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/menu-integrations-1-36x36.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ec19e731a605af29732582f00be3657470562ad2c1059ce01e58feda8f8d141

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 966
x-served-by: cache-mdw17354-MDW, cache-bwi5076-BWI
last-modified: Sun, 15 Dec 2019 22:09:35 GMT
server: cloudflare
x-timer: S1635450556.425355,VS0,VE1
etag: "5df6af1f-3c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 2d05ee11-37bb-11ec-8431-aac19659ab0b
expires: Sat, 29 Oct 2022 06:49:19 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1b27c0-PRG
x-cache-hits: 0, 1

GET
H2 200 icon-services.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
5 KB 54ms
53ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-services.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1026d9fb308f7ae9af4b10ee43618382be1a6313656b395da90681d6a10b1988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4639
x-served-by: cache-mdw17379-MDW, cache-bwi5040-BWI
last-modified: Mon, 16 Dec 2019 20:33:19 GMT
server: cloudflare
x-timer: S1635450556.101532,VS0,VE0
etag: "5df7ea0f-121f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: dfa2254f-37b7-11ec-b1cd-36fd5dbf0b73
expires: Sat, 29 Oct 2022 06:25:41 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1c27c0-PRG
x-cache-hits: 0, 2

GET
H2 200 icon-license.png
www.recordedfuture.com/wp-content/uploads/ 872 B
1 KB 54ms
53ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-license.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db2af24bfef6358a1c62eb490dcef92470cfd816b84f7fac5c50ae79b1397f81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-5xtc4
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 872
x-served-by: cache-mdw17379-MDW, cache-wdc5569-WDC
last-modified: Tue, 17 Dec 2019 15:13:28 GMT
server: cloudflare
x-timer: S1635450556.463852,VS0,VE1
etag: "5df8f098-368"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 506f2f7c-2121-11ec-9434-561ca06a9593
expires: Fri, 30 Sep 2022 12:32:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1d27c0-PRG
x-cache-hits: 0, 38

GET
H2 200 2019_0618-Cobalt-Strike-1.png
www.recordedfuture.com/wp-content/uploads/ 11 KB
11 KB 432ms
431ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/2019_0618-Cobalt-Strike-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2003c6297eb3b8cbe99aa25e9953a881081149bfc9817d49e13cf63d23fbd84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/cobalt-strike-servers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: MISS
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 10956
x-served-by: cache-mdw17331-MDW, cache-bwi5069-BWI
last-modified: Fri, 17 Jan 2020 15:43:41 GMT
server: cloudflare
x-timer: S1635492731.590390,VS0,VE1
etag: "5e21d62d-2acc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 94506260-37b6-11ec-8d6c-a6abd588099d
expires: Sat, 29 Oct 2022 06:16:25 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55bef1e27c0-PRG
x-cache-hits: 0, 1

GET
DATA 200
OK truncated
/ 31 KB
31 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855

Request headers

Referer
Origin: https://www.recordedfuture.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 footer-icons.png
www.recordedfuture.com/wp-content/themes/recorded-future-2019/img/ 1 KB
1 KB 25ms
24ms Image
image/png 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/img/footer-icons.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb54e94c545f03932d631cd985aff128d39396abed2de7cbb522b535493d0262

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42174
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9jmjz
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1293
x-served-by: cache-mdw17361-MDW, cache-bwi5060-BWI
last-modified: Tue, 26 Oct 2021 19:46:47 GMT
server: cloudflare
x-timer: S1635450556.442421,VS0,VE1
etag: "61785b27-50d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 58c319b1-37b6-11ec-8aba-3a45c8ccc7dd
expires: Sat, 29 Oct 2022 06:14:45 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab55c986327c0-PRG
x-cache-hits: 0, 1

GET
H3 200 194163687656043 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 78ms
69ms Script
application/x-javascript 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/194163687656043?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.20.19 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

50b65e8904b4b0452adb190cdcf16f6f0f2b31d1179c1eb5d8429284f135260a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: mJj+Y9srgq1jwiBgd8HvRJtNhVINHymxxKjMSAUWbP5M/hFHOz3KiSLA6crW/KQEk0CgZBIsg8TWKO5x3dihkw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 29 Oct 2021 07:32:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 matomo.php
recordedfuture.matomo.cloud/ 0
173 B 88ms
57ms Ping
text/plain 35.71.162.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.php?action_name=www.recordedfuture.com%2F&idsite=1&rec=1&r=743147&h=7&m=32&s=10&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&_id=444b87797b6eb376&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=Sp5twq&fa_pv=1&fa_fp[0][fa_vid]=XYXQ6B&fa_fp[0][fa_fv]=1&fa_fp[1][fa_vid]=M6RRLz&fa_fp[1][fa_fv]=1&pf_net=39&pf_srv=1272&pf_tfr=2
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.162.228 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://www.recordedfuture.com
date: Fri, 29 Oct 2021 07:32:10 GMT
access-control-allow-credentials: true
server: Apache
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

GET
H2 200 configs.php Show response
recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/ 116 B
291 B 18ms
15ms Script
application/javascript 35.71.162.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=1&trackerid=NM6B8J&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.162.228 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: b66b829dadd04612728f728f6e8bd8fcc42d4ac46e5987cb4d353a4abbe0f9ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
server: Apache
content-length: 119
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
content-type: application/javascript

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 34ms
6ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-geo-cc_and_ra: DE-BY
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100035-IAD, cache-hhn11526-HHN

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 29ms
7ms Script
text/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 2188
date: Fri, 29 Oct 2021 06:55:42 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Fri, 29 Oct 2021 08:55:42 GMT

GET
H3 200 materialdesignicons-webfont.woff2
cdn.jsdelivr.net/npm/@mdi/font@3.5.95/fonts/ 184 KB
184 KB 34ms
19ms Font
font/woff2 104.16.86.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/fonts/materialdesignicons-webfont.woff2?v=3.5.95

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.86.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7201c12b0e82cd05a60c412f53f98f37cfec9616ef61f6e34d7d3a5293e440a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css
Origin: https://www.recordedfuture.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297613
x-jsd-version: 3.5.95
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 188316
x-served-by: cache-fra19134-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2df9c-phH0PGPYo4B5H0mrSvcp1jz84oo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
cf-ray: 6a5ab55d7a2f4138-PRG

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 44ms
18ms Script
application/x-javascript 2.16.186.8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.8 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-8.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:10 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=15915
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 28ms
6ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-9153858-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 5464
date: Fri, 29 Oct 2021 06:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Fri, 29 Oct 2021 08:01:06 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 33ms
19ms Script
application/javascript 142.250.186.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1003136084&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-9153858-2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

f20043d6d0a668de0bb60c94ed1acb16cd82d6288de82cb8e6ea181f8e79a8e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39105
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 07:32:10 GMT

GET
H3 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
54 B 43ms
22ms Image
image/gif 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1547241748&utmhn=www.recordedfuture.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&utmhid=668157664&utmr=-&utmp=%2Fcobalt-strike-servers%2F&utmht=1635492730519&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D93161374.1105624788.1635492731.1635492731.1635492731.1%3B%2B__utmz%3D93161374.1635492731.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1903248432&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
425 B 22ms
7ms Image
image/gif 157.240.20.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=194163687656043&ev=PageView&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&rl=&if=false&ts=1635492730534&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1635492730533.26482011&it=1635492730369&coo=false&rqm=GET

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.35 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-frt3.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 29 Oct 2021 07:32:10 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 203ms
179ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&session=3888920a-e5dc-4071-89bc-92e6814653cb&event=click&q=%7B%22event_id%22%3A%22%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=99c35ff3-47c8-46a3-8224-89ac04422232

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:10 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 / Show response
www.recordedfuture.com/wp-json/complianz/v1/banner/ 125 B
599 B 858ms
857ms XHR
application/json 104.18.12.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-json/complianz/v1/banner/?lang=en&locale=en_US&token=iouxi

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/complianz.min.js?ver=5.2.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.12.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f766851b62b6bd1f49906a5aeb2ef2d75d2f022c857a489aaebca788fc410602

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type: application/json

Response headers

cf-edge-cache: cache,platform=wordpress
date: Fri, 29 Oct 2021 07:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
x-styx-req-id: 541bb9cd-388a-11ec-949c-2a1d1f5da7d2
x-cache: MISS, MISS
x-cache-hits: 0, 0
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 122
x-served-by: cache-mdw17345-MDW, cache-wdc5547-WDC
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
last-modified: Fri, 29 Oct 2021 07:32:11 GMT
server: cloudflare
x-timer: S1635492731.919686,VS0,VE437
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-robots-tag: noindex
accept-ranges: bytes
cf-ray: 6a5ab55e0aad27c0-PRG
link: <https://www.recordedfuture.com/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
676 B 133ms
116ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nv0r6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f7bfc0e9-8c7a-472a-87bd-bde582913929&tw_document_href=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 109
pragma: no-cache
last-modified: Fri, 29 Oct 2021 07:32:10 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 77153478d8edfa4c8b7df928ea4a1bfe4687f28d8781c22de0f2a78c4cc8df3f
x-transaction: 803b7a75c61b2825
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
471 B 134ms
119ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nv0r6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f7bfc0e9-8c7a-472a-87bd-bde582913929&tw_document_href=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 112
pragma: no-cache
last-modified: Fri, 29 Oct 2021 07:32:10 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 5b9739ebed53553274e60b9c78eaec16e7e1f53e697cb47a459e52c0d51c4d66
x-transaction: 8986b6f57cd7ef05
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492730574&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26800%26time%3D1635492730574%26url%3Dhttps%253A%252F%252Fwww.recordedfuture.com%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492730574&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true

0
57 B

190ms
188ms

Image
application/javascript

108.174.11.37
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492730574&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Server: 108.174.11.37 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-11-37.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-esv5
content-type: application/javascript
content-length: 0
x-li-uuid: K+E4YPlvshagboi/hSsAAA==

Redirect headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAXPeNNIkcAgT951C7SwoQ==
pragma: no-cache
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1EC1864950EC4C728836C0EED68F1000 Ref B: PRG01EDGE0809 Ref C: 2021-10-29T07:32:11Z
date: Fri, 29 Oct 2021 07:32:10 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492730574&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 js Show response
www.google-analytics.com/gtm/ 89 KB
35 KB 32ms
18ms Script
application/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-MV8X7B7&t=gtag_UA_9153858_2&cid=1105624788.1635492731

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Google Tag Manager /

Resource Hash

23164036a457019ff92b638a4f43e60f218b4b9beee1ac712d5730a74de68533

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35723
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 07:32:10 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 640ms
619ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1003136084&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

12c384a5a3b640621e09e7ab688b24b29213485413f0418db7bf257104fa9a74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14423
x-xss-protection: 0
server: cafe
etag: 6068111015770736385
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 29 Oct 2021 07:32:11 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=668157664&t=pageview&_s=1&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&ul=en-us&de=UTF-8&dt=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=93161374.1105624788.1635492731.1635492731.1635492731.1&_utmz=93161374.1635492731.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1635492730637&_u=aSBCAUADQAAAAC~&jid=770413513&gjid=1899645072&cid=1105624788.1635492731&tid=UA-9153858-2&_gid=1845219583.1635492731&_r=1&gtm=2ouar0&z=1011351220

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
416 B 43ms
14ms XHR
text/plain 66.102.1.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-9153858-2&cid=1105624788.1635492731&jid=770413513&gjid=1899645072&_gid=1845219583.1635492731&_u=aSBCAUACQAAAAC~&z=62003391

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f157.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 29 Oct 2021 07:32:10 GMT
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
14ms XHR
text/plain 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=668157664&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&ul=en-us&de=UTF-8&dt=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blog%20Tracking&ea=Post%20Type%20Blog%20Tracking&el=Blog%20Tracking%20%7C%7C%20https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&_utma=93161374.1105624788.1635492731.1635492731.1635492731.1&_utmz=93161374.1635492731.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1635492730666&_u=aSDCAUADQAAAAC~&jid=370309769&gjid=1052762099&cid=1105624788.1635492731&tid=UA-9153858-2&_gid=1845219583.1635492731&_r=1&gtm=2wgar0539N74N&z=1421488471

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 252628.js Show response
js.hs-analytics.net/analytics/1635492600000/ 63 KB
20 KB 196ms
153ms Script
text/javascript 104.17.71.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1635492600000/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.71.176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f958b4527bcb3c4da9d038386657b0a8e498e40bb6d5eede4f0a42d4b1503221

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:10 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: M39DTQSGTAJAH2W3
x-amz-server-side-encryption: AES256
cf-ray: 6a5ab55f0a804126-PRG
x-amz-id-2: QZYZlZrs0GEWajtJ1Kt3OrnoJcNhs+SFHjY4IGkIQZy+HHv1AC93i7pxXradRueEGXpScYyF83A=
last-modified: Mon, 19 Jul 2021 13:55:02 GMT
server: cloudflare
etag: W/"eb683456778d317c80ce91826fab13f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Fri, 29 Oct 2021 07:37:10 GMT

GET
H2 200 252628.js Show response
js.hs-banner.com/ 61 KB
16 KB 493ms
442ms Script
text/javascript 104.18.21.191
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.191 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e90135befb1cde3a65a625bd4b1947fe8241484d5248194fbb3ab8b3b9912706

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 15NS0YBMFC3XMKW9
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: cY0uGWG8IiELn9Ks3tEP6nEcDNuQoKX4K7zbFD1aALqZmJ2KAPVX0PeD01O9RUa5wOWJCuJuaTU=
timing-allow-origin: *
last-modified: Fri, 03 Sep 2021 19:24:49 GMT
server: cloudflare
etag: W/"e0c913f4a0cc31dc55b4467584a6d8e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: lq2tXQvbi9wr797yewJV6QQGCJrrtX2q
access-control-allow-origin: https://therecord.media
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6a5ab55f191b4108-PRG
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Fri, 29 Oct 2021 07:37:11 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
68 B 16ms
15ms XHR
text/plain 66.102.1.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-9153858-2&cid=1105624788.1635492731&jid=370309769&gjid=1052762099&_gid=1845219583.1635492731&_u=aSDCAUADQAAAAC~&z=1843769226

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f157.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 29 Oct 2021 07:32:10 GMT
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 73ms
52ms Image
image/gif 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-9153858-2&cid=1105624788.1635492731&jid=370309769&_u=aSDCAUADQAAAAC~&z=868503745

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 51ms
30ms Image
image/gif 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-9153858-2&cid=1105624788.1635492731&jid=770413513&_u=aSBCAUACQAAAAC~&z=1365407559

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 34D9 0
18 B 15ms
6ms Document
text/plain 157.240.20.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.20.35 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-frt3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.recordedfuture.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
date: Fri, 29 Oct 2021 07:32:11 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1003136084/ 2 KB
2 KB 120ms
98ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1003136084/?random=1635492731239&cv=9&fst=1635492731239&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&tiba=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

3358935920615baf65e451b57eeaace2fbc36408d7983a6ebe31fe64dda08b32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1060
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1003136084/ 42 B
64 B 34ms
18ms Image
image/gif 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1003136084/?random=1635492731239&cv=9&fst=1635490800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&tiba=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&async=1&fmt=3&is_vtc=1&random=273291421&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 matomo.php
recordedfuture.matomo.cloud/ 0
173 B 40ms
39ms Ping
text/plain 35.71.162.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.php?action_name=www.recordedfuture.com%2F&idsite=1&rec=1&r=587463&h=7&m=32&s=11&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&_id=444b87797b6eb376&_idn=0&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=31KJlk&pf_net=39&pf_srv=1272&pf_tfr=2&pf_dm1=387
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.162.228 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://www.recordedfuture.com
date: Fri, 29 Oct 2021 07:32:11 GMT
access-control-allow-credentials: true
server: Apache
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

GET
H2 200 matomo.js Show response
recordedfuture.matomo.cloud/ 191 KB
56 KB 16ms
16ms Script
application/javascript 35.71.162.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.162.228 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: AmazonS3 /
Resource Hash: c1519dacf01319cb5e0caa709cf1cb40794474a6ca4eb2de3d6fcb86c6157bf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
content-encoding: gzip
age: 300655
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 17 Oct 2021 20:19:00 GMT
server: AmazonS3
etag: W/"7cb87695146dc95cd8d88df28207416b"
vary: Accept-Encoding,User-Agent
x-amz-version-id: 6OU.jcK726xIXqmaHxPRdLJ.sc4VC7b9
via: 1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
cache-control: max-age=691200, max-age=691200
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
x-amz-cf-id: JwyYEvXI4e-_vTr-52keR2tTAnGXt13PYU4N0lvVpzr0MRcd4C1yAg==
expires: Sat, 06 Nov 2021 07:32:11 GMT

GET
H2 200 configs.php Show response
recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/ 116 B
290 B 17ms
17ms Script
application/javascript 35.71.162.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=1&trackerid=6nZ6ea&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.162.228 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: c603c541f94baf65c45293c624e017b584fc0860ce57c2d1385045fe8807939e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
content-encoding: gzip
server: Apache
content-length: 119
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
content-type: application/javascript

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
700 B 70ms
38ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 29 Oct 2021 07:32:11 GMT
X-Proxy-Origin: 216.131.114.108; 216.131.114.108; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: fd98295f-ba5d-4626-b640-095a8e942516
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.recordedfuture.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
378 B 29ms
7ms XHR
text/plain 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 02ca1340552bfb367e2b6ca0b579fdda8263c5d2c65f90f93272c5f2ddd5ea12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:11 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.recordedfuture.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H2 200 core Show response
js.driftt.com/ Frame 34AF 2 KB
1 KB 114ms
114ms Document
text/html 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1635492900000/mp5rtwcnz2nd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

44a71fb13f43360c9013841611c5c20848a929ac2ef5cff804dce3da0e02271e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Thu, 28 Oct 2021 19:03:31 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: bMJdpKzFuimfQxj5V4jQaOBHqq.Y5SZg
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Fri, 29 Oct 2021 07:32:11 GMT
cache-control: no-cache
etag: W/"3dc284cb1ef587649834a9ae64c54484"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 3OlQNlyAuK58Q1dKqlkmKpJKTc6W2hymKfWGuGtbMqmUJYGWjVhs0g==

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 3057 2 KB
1 KB 116ms
116ms Document
text/html 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1635492900000/mp5rtwcnz2nd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

44a71fb13f43360c9013841611c5c20848a929ac2ef5cff804dce3da0e02271e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Thu, 28 Oct 2021 19:03:31 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: bMJdpKzFuimfQxj5V4jQaOBHqq.Y5SZg
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Fri, 29 Oct 2021 07:32:11 GMT
cache-control: no-cache
etag: W/"3dc284cb1ef587649834a9ae64c54484"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 94mg6jlAmjNrswd08zup9MggFeIDllI2JqxZuDLlEGgOEyLyvCt79w==

GET
H2 200 nr-1211.min.js Show response
js-agent.newrelic.com/ 33 KB
13 KB 23ms
6ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1211.min.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4e42e478fd27161799c18a75c2e9a7341996250f696d09d53db336a2962ba06b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: yf8j0EL0OxPIPTHd.58X6iFExO4xIT0R
content-encoding: gzip
etag: "3ad2268e635f4d033b0062f582c5b85a"
x-amz-request-id: X3M81H4NM1B4G6R6
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 12477
x-amz-id-2: cvOSmODg07/4O4zGwviZMR3PU/m+IFAgnbTWch2Pw3XfIW/4Me7DGjuuZsigtg0xT+fI73EM98w=
x-served-by: cache-hhn4020-HHN
last-modified: Mon, 27 Sep 2021 20:46:50 GMT
server: AmazonS3
x-timer: S1635492732.681082,VS0,VE0
date: Fri, 29 Oct 2021 07:32:11 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 8327

GET
H2 200 loader-v2.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 6 KB
3 KB 155ms
146ms Script
text/javascript 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/loader-v2.js?__hsfp=2427650321&__hssc=57501621.1.1635492731667&__hstc=57501621.3b97b3126beecb902afe650f6f9a8402.1635492731667.1635492731667.1635492731667.1&canon=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&hsutk=3b97b3126beecb902afe650f6f9a8402&pg=9210833d-34a7-4597-ade0-03e16dcbc24c&pid=252628&sv=cta-embed-js-static-1.58&lag=1349&rdy=1&df=a

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4b74d8f3be81034620ed4601bf78517f60b7d85892e7714fdebafbc1d432853

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: eddd841a-d724-4b48-997d-2ddf21a3b8f6
cf-ray: 6a5ab5650d9f4131-PRG
content-disposition: attachment; name="loaderJS" filename="loader-v2.js"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 29 Oct 2021 07:32:11 GMT
server: cloudflare
x-trace: 2BF5A799E79CCF193108FD4277C5192D4693DCDA6D000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBizNs4asAD76N%2F72x8UAd360wND5c2K9vrouFIhtirbAcwaVffITH9BOk8xs%2BGCBqlBp2dS1NW5ZSwclYd0sxOaSDZccwV16%2Bk6tRVTuTdabhhjpJftLev03cLMva9%2FkD6y%2Be%2BJ2RbnWSSIt4Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
x-robots-tag: noindex, follow

GET
H2 200 loader-v2.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 7 KB
3 KB 145ms
136ms Script
text/javascript 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/loader-v2.js?__hsfp=2427650321&__hssc=57501621.1.1635492731667&__hstc=57501621.3b97b3126beecb902afe650f6f9a8402.1635492731667.1635492731667.1635492731667.1&canon=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&hsutk=3b97b3126beecb902afe650f6f9a8402&pg=a7fb8b5c-b14d-4030-a76d-26dbc96ab43b&pid=252628&sv=cta-embed-js-static-1.58&lag=1348&rdy=1&df=a

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26ed451dc70837699aa46708429b9c637101e8c3c17e4a825bb1c4d56daf6854

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: ae0f8ca6-9c99-43d1-92a6-882f459960ba
cf-ray: 6a5ab5650d9d4131-PRG
content-disposition: attachment; name="loaderJS" filename="loader-v2.js"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 29 Oct 2021 07:32:11 GMT
server: cloudflare
x-trace: 2BCEDB834F54BABD73726A46B34C942E6984F82887000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lz6btlrTVdF%2BL4wINHw5gKD2uVIDWhd5pATAZ%2FEmWkS3GlHaR%2B5OUzpigoXKkm5h759JmiGo%2B0CsL4T8hsE%2FNsAMk3i7eIevzpMySmOee8zbySfzie0GpGZYnsSNzHFlE8iCMv8M4jTkhW3vawc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
548 B 170ms
132ms Image
image/gif 104.16.87.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.87.5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 3dbab0a1-41c6-45a4-a4c8-a1503d4d1d6e
cf-ray: 6a5ab5653fa92798-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Fri, 29 Oct 2021 07:32:11 GMT
server: cloudflare
x-trace: 2BDBE21D325A6187F6FF936AA61F8932FB46D132CE000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
511 B 59ms
48ms Image
image/gif 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2427650321&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&t=A+Multi-Method+Approach+to+Identifying+Rogue+Cobalt+Strike+Servers&cts=1635492731670&vi=3b97b3126beecb902afe650f6f9a8402&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 2910c65b-f833-4f47-a980-0771c8c72009
cf-ray: 6a5ab5651dab4131-PRG
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1v8iy8W7JyD09VKzG4rZG5w%2B%2BN3vV9kiWzUzakqvtw5JvCyeRUz4zInS0jM%2BMEQfO6EzoAeVG9um7EUu3C%2FUW8zPsFU%2FruGvJwfcxvwYAvz5E0Tv8p7DteqaOq%2BjdGj3i2I2"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H/1.1 200
OK da2b64f2d4 Show response
bam.nr-data.net/1/ 57 B
322 B 435ms
111ms Script
text/javascript 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/da2b64f2d4?a=155511080&v=1211.ba193a8&to=ZVxUY0UAD0AEAENQClwWd1RDCA5dShBeVwJeXA%3D%3D&rst=2926&ck=1&ref=https://www.recordedfuture.com/cobalt-strike-servers/&ap=679&be=1339&fe=2898&dc=1721&perf=%7B%22timing%22:%7B%22of%22:1635492728762,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:10,%22c%22:10,%22s%22:22,%22ce%22:40,%22rq%22:41,%22rp%22:1313,%22rpe%22:1315,%22dl%22:1316,%22di%22:1703,%22ds%22:1722,%22de%22:1725,%22dc%22:2889,%22l%22:2898,%22le%22:2916%7D,%22navigation%22:%7B%7D%7D&fp=1552&fcp=1899&at=SRtXFQ0aHE4%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1211.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/javascript;charset=iso-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 178ms
178ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=64bb1002ce1e00007aa37b61ef00000028408a00&session=3888920a-e5dc-4071-89bc-92e6814653cb&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A10%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=99c35ff3-47c8-46a3-8224-89ac04422232&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:11 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 runtime~main.052c7d9a.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 6 KB
3 KB 8ms
2ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1348cfccbfc3386e39f760e3e95f6d79c2546051541c316747dd39925c459c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:30 GMT
content-encoding: gzip
age: 44921
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:36 GMT
server: nginx
etag: W/"90fee67c6fbb12760c1a1e979845582c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: yntBPbIX58PzJmaOGQUaG9sm7tcOlsEQ
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tfKPLBk4Rv-o0VW_Ej9PdiVqY9MlD4nFPny7D1ybVolO09Ysjpxk4w==

GET
H2 200 4.a93e53d9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 58 KB
20 KB 15ms
6ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.a93e53d9.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

58332a4cc75a697eafeb1b4d9cb66326d6a29acb2f98afc1de3f1ef2401be056

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 21:20:20 GMT
content-encoding: gzip
age: 2369511
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Oct 2021 18:06:48 GMT
server: nginx
etag: W/"fce0b3daf28dfa888be2818f43b06ef0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Pgk9ysJ48SOFGxVI8P5y6LcHfEaqt_r.
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mYvuvt8KdUitb6IlkX03RTEySFmLmVUNf12CJyqXaMiWbHEcaEH_VQ==

GET
H2 200 main~493df0b3.580db5ef.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 6 KB
3 KB 16ms
8ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.580db5ef.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

52997a640c38c5915b6105ad464bf2bf8121f3fe40c72d70791f54c4be95971a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:14 GMT
content-encoding: gzip
age: 568557
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:07:00 GMT
server: nginx
etag: W/"9b4aab2d855603fa59a09f8160eb7cb4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SHbjo2Z875cq.BpS9ven0n3hNF1FVxPh
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qPJn6agADxWhxNsq6PI0aVtdM3nUq8ttDDHyD_7KwkbFNAuMHjfIMw==

GET
H2 200 runtime~main.052c7d9a.js Show response
js.driftt.com/core/assets/js/ Frame 3057 6 KB
3 KB 11ms
7ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1348cfccbfc3386e39f760e3e95f6d79c2546051541c316747dd39925c459c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:30 GMT
content-encoding: gzip
age: 44921
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:36 GMT
server: nginx
etag: W/"90fee67c6fbb12760c1a1e979845582c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: yntBPbIX58PzJmaOGQUaG9sm7tcOlsEQ
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: j2uHkgPJOTffuhw1SE545g06GbjXs084oaATTMl4NNgPIm0igG07jQ==

GET
H2 200 4.a93e53d9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 58 KB
20 KB 16ms
13ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.a93e53d9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

58332a4cc75a697eafeb1b4d9cb66326d6a29acb2f98afc1de3f1ef2401be056

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 21:20:20 GMT
content-encoding: gzip
age: 2369511
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Oct 2021 18:06:48 GMT
server: nginx
etag: W/"fce0b3daf28dfa888be2818f43b06ef0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Pgk9ysJ48SOFGxVI8P5y6LcHfEaqt_r.
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _izSvC-DDOh0CBgepC57FiVz_DnlU0B47mXuqz7sWLuxXkvh2c3tJA==

GET
H2 200 main~493df0b3.580db5ef.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 6 KB
3 KB 17ms
14ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.580db5ef.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

52997a640c38c5915b6105ad464bf2bf8121f3fe40c72d70791f54c4be95971a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:14 GMT
content-encoding: gzip
age: 568557
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:07:00 GMT
server: nginx
etag: W/"9b4aab2d855603fa59a09f8160eb7cb4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SHbjo2Z875cq.BpS9ven0n3hNF1FVxPh
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fGgTMHyUoJH9Yxr99QZ1VLBw1uArDnVIsPMJlhvA0rOEbrRcyYZzAQ==

GET
H2 200 42.3b1c2441.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 47 KB
14 KB 7ms
7ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

7727399fe5d8441829176e6a661b540efaac1680120a1d7fb1235e258d70770b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 18:05:58 GMT
content-encoding: gzip
age: 2726773
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 27 Sep 2021 17:53:30 GMT
server: nginx
etag: W/"62fe06940598a98760a9eae46800ff59"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .VUhmN0wteSIOoD7zf42Fx9jVTzQPjY_
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6JT9IzxYlnaENEcE5opL_nnO5ERL4kmfObraYI2S6uvklIjGpjpMRA==

GET
H2 200 17.cce21c2a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 44 KB
13 KB 8ms
8ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.cce21c2a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

cda9b31d709444e003d3adbfbdec43f093e405b36841fde5c1d187e439585219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 18:05:58 GMT
content-encoding: gzip
age: 2726773
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 27 Sep 2021 17:53:29 GMT
server: nginx
etag: W/"565bf690dc82ce7e1f45c9647d892490"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: jEi2sT.oz2dMTnmIGznKkCTerYS6HNwY
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -yum79Q3zuY8bwmeZB7AMhBqFhPzlKn6SjTkBFnSSKtV1DFE5nmndQ==

GET
H2 200 35.3e4eba7e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 25 KB
8 KB 8ms
8ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.3e4eba7e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

41f7afd6088c39cdc0d6f910f7f4b6afbf6a2133533847e960a8ca906fabc1c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 07:58:47 GMT
content-encoding: gzip
age: 948804
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 15 Oct 2021 18:19:50 GMT
server: nginx
etag: W/"b1a0f364c9ad5137b5ab8e5237a825b8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: wtyEfV_VeCyLrvfG8ayPCp8enm9yMMuF
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OaOmP68dJFBUnVBciGQc1P-tCk3iCNO45YV8JuwVudjGG_fB0Lzr5Q==

GET
H2 200 15.8065fdbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 16 KB
5 KB 9ms
9ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.8065fdbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f978da291f493e64d4420d2cfab5c2bdc736c53f11c8d61c6da1efdb7df1155d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 06:18:05 GMT
content-encoding: gzip
age: 4583646
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:32 GMT
server: nginx
etag: W/"db60664de2c8d54d23e359c94e68f6ce"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vLMtFICr__AmVbpyC1134yZVvjJr6q0Q
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: y3tjOgd6GCVPjAdXDtlbxFZBr01UefyDlLwlPzyg8t21cxxVz3cRbQ==

GET
H2 200 19.5937a5b2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 72 KB
22 KB 9ms
9ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.5937a5b2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

2b4d9e531f3302ad49380ce5e5e160925956edb55179c63ee2bac32ab040d1a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:09 GMT
server: nginx
etag: W/"08aceb94bd26b0e431ca437d628e3c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PpKcHacqpQIWv5LlWxshj7GW7ctXBTRY
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NsY6GUJh71VRiowRqfkjE0DRGjQs28yieXh4rubk0FxxCHWoU2FxCw==

GET
H2 200 32.04864e7d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 16 KB
6 KB 10ms
10ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.04864e7d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

af0ad47815cfcb0fc8402cf431dd782af68f2ba05752c66d9bb11a4354f65754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580806
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"3b6707d602c1f7d03c4c8b0bdecb8e4e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: IQWkyjvCMbbf.bwH.bxeulTS_dkZZlBI
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6dZhLMRv279w4P88uwnQhIDoDPM6SGqzYV6ncSzCNIiLVa0uhUR0Xg==

GET
H2 200 23.a53d721f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 59 KB
19 KB 11ms
11ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.a53d721f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:10 GMT
server: nginx
etag: W/"fe96cb8c4c390342c29d3c8cb0a4ca14"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: v0Q3sUg3fAcXKBWqoZodUDobSoc9.NX8
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yh87Cfa5bJbu4vgrmbJqY0JAwW8g87CBYWVGSWc-LO0fxqsz-fpK2A==

GET
H2 200 10.704ab67c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 91 KB
28 KB 12ms
11ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.704ab67c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1612e3d01a9389defe81c28b91ee18b7b1f97b54f39dd8aa651667c25bce28e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:47:44 GMT
content-encoding: gzip
age: 2371466
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Oct 2021 18:06:47 GMT
server: nginx
etag: W/"50dcb170ca1ae1f4a09fe8f23065f2a8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 8SLWCghXfnMEQiqJuVzEB4mWFfFgTeMA
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EhguEhZRWkRbGeXHpxfKQ0TOCoQv8DcB8vqF_NuWPEWGwVzPULAuNg==

GET
H2 200 9.a48906f3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 23 KB
7 KB 12ms
12ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.a48906f3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

5059bfed12587f496894f97319682ccb715e7748ae93dd2cafd6310e914f3870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 06:18:05 GMT
content-encoding: gzip
age: 4583646
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:34 GMT
server: nginx
etag: W/"60e5547ed381473c15e63274bcd796b6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: on0QWFowRpcm8h177qmACTSXpT0Jqz7f
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6jtnokj9My5tO9UTBOqhGHdHLQiPr8Tt8zVpzkWily3aVErmG6Xhbw==

GET
H2 200 13.c2156fc2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 62 KB
20 KB 13ms
13ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.c2156fc2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f94ce8666bf003756c16b56edad5a0121b3516222d4f093bdb771afabfb2cc5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 21:49:43 GMT
content-encoding: gzip
age: 1503748
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 11 Oct 2021 21:20:00 GMT
server: nginx
etag: W/"b94404e76324bd4454531b2e0a54f7bb"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: dduSgTmTEeX.c1xrsh3Cd4WUJFtbN06M
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UxjSblDVWFOwOdnikkFuMjMX9Ge1pJsSJTYAliS8yuDY3_XsAupouQ==

GET
H2 200 40.01f4f7b3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 105 KB
34 KB 16ms
15ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.01f4f7b3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

71f918c131027703d4692c7e7cc9d46fc09554fc2b211e60f12e8fea8360deb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580806
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"7dd9b27f83583b6d43567ed4b21eff8c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: y2Sw4rqaMZnrkHZZfz79v4_9V0UisJNM
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: N7J_Se18ayMLbCFoXIA963RmAN9bigeJ7rS855qeo3MfkA-5nqzksA==

GET
H2 200 33.c1910d43.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 12 KB
4 KB 19ms
19ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.c1910d43.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

c2d8b5ed5baf711d51629607797e32e5ff638637a0091598427eac4908dbae47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580806
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"0e451f1cf9656229ccd33dfa3ad0638d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: x9xPxe0FOgEjzVEWwoqmEw_u_0f8UbkY
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wq0G0jVJGoWUCTdFXI6yjlV9fUf5AoR5rkuWnVYsOe802IOjfc8pjA==

GET
H2 200 25.b7a0bf53.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 12 KB
5 KB 19ms
19ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.b7a0bf53.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

c87e0e31334c6998b90c83d48eff6252a248120d32b376414965e1421203c901

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:10 GMT
server: nginx
etag: W/"808f7c7829001881a39cef6846a36ce0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _ix5iBb64na.L1JY7ymqDewgFGceFL7s
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: T-XK1gKcs07_KjQClJNqRzaHbc95VMAipLchhELxBkXoir6Np5E-lw==

GET
H2 200 16.fab21cf4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 17 KB
7 KB 20ms
20ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.fab21cf4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

fa110ac06915e913fea0ad440e557cd75b95101504acc6a865efb5d7f0f34d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 18:08:17 GMT
content-encoding: gzip
age: 5750634
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 23 Aug 2021 17:42:07 GMT
server: nginx
etag: W/"b451093ecfaa012f364641010ed13346"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mlbxReFt8YmdLvOZ4ChXgFfj8NP88809
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FiavBUZWgNke3jJUlqkYCZZYC2FdWDoEXGdN6WuyS65PV_VLiCp_KQ==

GET
H2 200 7.ea51c6ed.chunk.css
js.driftt.com/core/assets/css/ Frame 34AF 11 KB
3 KB 20ms
19ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/7.ea51c6ed.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

a42d7e3e31574f46088f10ef28941abf54233afa6c88e4c1dbdca1e30f7d1d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:32 GMT
server: nginx
etag: W/"e87bf3956b83df89533ed143a9c0c06b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: LHV.oH0gwktF4jnhsCJIoVIXzJywrym8
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6gXoCZVUOT4AXuAIrQg6e_7MAJuOicO4b4v9wahOqSNB4UfRZ43pzQ==

GET
H2 200 7.098b8816.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 68 KB
21 KB 20ms
20ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/7.098b8816.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

792cbd24e934bdcb0e62deaaefed93938b59a01223bafe4004eeb8b54baa5808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:35 GMT
server: nginx
etag: W/"3c32ffd586275849e767bd285d8adc4a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: WrJRYvrD7eXTt.dy2mnsL_0HScpDLQF_
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lkB7vSL-NXT2PG5IjZu5m35fwB6SBQ1ma8t0LjhjhupkqdITJVNV4A==

GET
H2 200 14.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 34AF 24 B
667 B 21ms
21ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/14.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 19:32:17 GMT
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
age: 7214393
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Fri, 06 Aug 2021 18:47:22 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: TvxaskXeU1vX5QWjGFtspdoYt.ZZ_9cE
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MfsSTMrsLOQQXg8GftCC07XEWUxeNHFUtTXj1De_xbe1s1qrrMQqew==

GET
H2 200 14.03c017b5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 71 KB
18 KB 22ms
21ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.03c017b5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

a4ca8d1377ccd3f8b6c41a288a2fbf8101a5cb4cf51202747b706269bece8dbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:14 GMT
content-encoding: gzip
age: 568557
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:06:58 GMT
server: nginx
etag: W/"c34078b7dac13ea8ac14ab51434795df"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Q8fMkTTTL7O5vEW45ly7dAsRJgoH_WtQ
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fD-SO2jpfo3O2-1jR02tA7TAepRYX1NaOfmJdVWaZTkSivC4jUURLw==

GET
H2 200 20.1baaa537.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 46 KB
13 KB 22ms
22ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.1baaa537.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

852cd8d4d0443f3e12551ea41d1a2fde9e962edabda4afd5c8496f397a8dcbe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 18:53:57 GMT
content-encoding: gzip
age: 218294
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 26 Oct 2021 18:24:49 GMT
server: nginx
etag: W/"0e951b4ab93678b94bf79313d886aaf3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vSg8w9fhSOF1p10wor9Wyt__PlLKXRCS
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5yKMNL__C80zY4_lB44PtWmZA_n9sNcce0X1WCsP7h_na2t_7fLNZg==

GET
H2 200 12.28cf3bf7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 40 KB
13 KB 21ms
21ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.28cf3bf7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

7161c0d59473e4252d49119a51cb9b5e2ee3829684f461bc4be3541d0902d66c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:33 GMT
server: nginx
etag: W/"2e01bb2ae1b1914ea5c578e17744b422"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: flDAxDLRsacaAoJIOqhtcKtkWZaQbJCj
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8df-DxFDi8XsDG4KwM7HOh2gjL4XwjtMmKw7d-jJvNKIJk7RXylQzw==

GET
H3 200 __ptq.gif
track.hubspot.com/ 45 B
758 B 78ms
57ms Image
image/gif 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22a7fb8b5c-b14d-4030-a76d-26dbc96ab43b%22%2C%229d9a2f2d-7a5e-4b33-9cfa-4f7e5e866275%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2427650321&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&t=A+Multi-Method+Approach+to+Identifying+Rogue+Cobalt+Strike+Servers&cts=1635492731834&vi=3b97b3126beecb902afe650f6f9a8402&nc=true&u=57501621.3b97b3126beecb902afe650f6f9a8402.1635492731667.1635492731667.1635492731667.1&b=57501621.1.1635492731667&cc=15

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.154.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 90d69ee5-3072-4da4-bc1b-c6a0d5bb9615
cf-ray: 6a5ab56628444113-PRG
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=086QS8cUoi8vttYuYURxoSr2w9wyS4n8FEv3DtENI3S2Bd9U7Jnk4TSNF8CPE7m0RE%2ByYEDpDMEoAcmHXudfuo6MolJOMCawNuNWbRdIwTdSWVFgzRHizDc0xHH1TAVbKDQX"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 42.3b1c2441.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 47 KB
14 KB 15ms
5ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

7727399fe5d8441829176e6a661b540efaac1680120a1d7fb1235e258d70770b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 18:05:58 GMT
content-encoding: gzip
age: 2726773
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 27 Sep 2021 17:53:30 GMT
server: nginx
etag: W/"62fe06940598a98760a9eae46800ff59"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .VUhmN0wteSIOoD7zf42Fx9jVTzQPjY_
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GvA-n7DmvBfNSFKTdGxz4GbV1widsmyCt1pVvftTLbVlZGhGQVcsDw==

GET
H2 200 17.cce21c2a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 44 KB
13 KB 18ms
6ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.cce21c2a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

cda9b31d709444e003d3adbfbdec43f093e405b36841fde5c1d187e439585219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 18:05:58 GMT
content-encoding: gzip
age: 2726773
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 27 Sep 2021 17:53:29 GMT
server: nginx
etag: W/"565bf690dc82ce7e1f45c9647d892490"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: jEi2sT.oz2dMTnmIGznKkCTerYS6HNwY
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4YFmI16mQYcfORtWBXJ7Cj-f3iiEY83wguVokkkdN2EK0Qn1_KobKQ==

GET
H2 200 35.3e4eba7e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 25 KB
8 KB 20ms
9ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.3e4eba7e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

41f7afd6088c39cdc0d6f910f7f4b6afbf6a2133533847e960a8ca906fabc1c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 07:58:47 GMT
content-encoding: gzip
age: 948804
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 15 Oct 2021 18:19:50 GMT
server: nginx
etag: W/"b1a0f364c9ad5137b5ab8e5237a825b8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: wtyEfV_VeCyLrvfG8ayPCp8enm9yMMuF
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 988cDLjP6B_Vn6Usr4eOfq0zfa9wMTnOW1GPX-6BLPEIKV3ORuAIRA==

GET
H2 200 15.8065fdbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 16 KB
5 KB 20ms
9ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.8065fdbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f978da291f493e64d4420d2cfab5c2bdc736c53f11c8d61c6da1efdb7df1155d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 06:18:05 GMT
content-encoding: gzip
age: 4583646
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:32 GMT
server: nginx
etag: W/"db60664de2c8d54d23e359c94e68f6ce"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vLMtFICr__AmVbpyC1134yZVvjJr6q0Q
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mF7Db1Bq0g3Z1wIOjz1xfgg4FY-iXcW5LYTkTVq6mC9MC9OiXjw2fQ==

GET
H2 200 19.5937a5b2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 72 KB
22 KB 20ms
9ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.5937a5b2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

2b4d9e531f3302ad49380ce5e5e160925956edb55179c63ee2bac32ab040d1a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:09 GMT
server: nginx
etag: W/"08aceb94bd26b0e431ca437d628e3c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PpKcHacqpQIWv5LlWxshj7GW7ctXBTRY
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QoZI9wExEwMZjq5tNBQcYixQm1lL85Fn4g2BaxqX83OcnxY-KSjIPg==

GET
H2 200 32.04864e7d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 16 KB
6 KB 20ms
10ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.04864e7d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

af0ad47815cfcb0fc8402cf431dd782af68f2ba05752c66d9bb11a4354f65754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580806
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"3b6707d602c1f7d03c4c8b0bdecb8e4e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: IQWkyjvCMbbf.bwH.bxeulTS_dkZZlBI
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: F7t_tYVPRqos9LGDYbTnXP-b05SDnAeZJV8_lr6U9KGRNtiHpNhJJg==

GET
H2 200 23.a53d721f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 59 KB
19 KB 20ms
10ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.a53d721f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:10 GMT
server: nginx
etag: W/"fe96cb8c4c390342c29d3c8cb0a4ca14"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: v0Q3sUg3fAcXKBWqoZodUDobSoc9.NX8
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eWkOkubnR4lR3J9sBvMR0l82cFIr1lapsNStuAZFiGi_muG0rbwV4Q==

GET
H2 200 10.704ab67c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 91 KB
28 KB 20ms
11ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.704ab67c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1612e3d01a9389defe81c28b91ee18b7b1f97b54f39dd8aa651667c25bce28e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:47:44 GMT
content-encoding: gzip
age: 2371466
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Oct 2021 18:06:47 GMT
server: nginx
etag: W/"50dcb170ca1ae1f4a09fe8f23065f2a8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 8SLWCghXfnMEQiqJuVzEB4mWFfFgTeMA
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Q99XAZ9VvWZLz4E9Cd9nFjses_eb70eYyuHB0403zaoWO0n1X0tbhQ==

GET
H2 200 9.a48906f3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 23 KB
7 KB 21ms
12ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.a48906f3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

5059bfed12587f496894f97319682ccb715e7748ae93dd2cafd6310e914f3870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 06:18:05 GMT
content-encoding: gzip
age: 4583646
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:34 GMT
server: nginx
etag: W/"60e5547ed381473c15e63274bcd796b6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: on0QWFowRpcm8h177qmACTSXpT0Jqz7f
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 91qNsJozMEYATq2EI9AJETHdSVbLD8Egb0QhVNCgEmiUMgLBJNb3AQ==

GET
H2 200 13.c2156fc2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 62 KB
20 KB 21ms
12ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.c2156fc2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f94ce8666bf003756c16b56edad5a0121b3516222d4f093bdb771afabfb2cc5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 21:49:43 GMT
content-encoding: gzip
age: 1503748
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 11 Oct 2021 21:20:00 GMT
server: nginx
etag: W/"b94404e76324bd4454531b2e0a54f7bb"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: dduSgTmTEeX.c1xrsh3Cd4WUJFtbN06M
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 536AVqeRbLG1BUWEBjiGaqTqDF19x_LFJ2Ni-kqm_HqQJKU75w2EEg==

GET
H2 200 40.01f4f7b3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 105 KB
34 KB 22ms
13ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.01f4f7b3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

71f918c131027703d4692c7e7cc9d46fc09554fc2b211e60f12e8fea8360deb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580806
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"7dd9b27f83583b6d43567ed4b21eff8c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: y2Sw4rqaMZnrkHZZfz79v4_9V0UisJNM
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: skUjIW-w2LIQpx3CRCLjnnc4Brz3579crHp_zu9afbrnCv7Wj82Wdg==

GET
H2 200 33.c1910d43.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 12 KB
4 KB 23ms
14ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.c1910d43.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

c2d8b5ed5baf711d51629607797e32e5ff638637a0091598427eac4908dbae47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580806
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"0e451f1cf9656229ccd33dfa3ad0638d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: x9xPxe0FOgEjzVEWwoqmEw_u_0f8UbkY
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8xQHGXOxhOn5cwsxiwCGum10Y5SoMd_CrhyXiGmETTHk2xKtYsXmng==

GET
H2 200 25.b7a0bf53.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 12 KB
5 KB 23ms
14ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.b7a0bf53.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

c87e0e31334c6998b90c83d48eff6252a248120d32b376414965e1421203c901

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:10 GMT
server: nginx
etag: W/"808f7c7829001881a39cef6846a36ce0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _ix5iBb64na.L1JY7ymqDewgFGceFL7s
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4uU0kYfRCeS5Xny7hUzNzXvg2morrBEqN-GgKHj08QcCztXGEq9MLQ==

GET
H2 200 16.fab21cf4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 17 KB
7 KB 24ms
15ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.fab21cf4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

fa110ac06915e913fea0ad440e557cd75b95101504acc6a865efb5d7f0f34d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 18:08:17 GMT
content-encoding: gzip
age: 5750634
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 23 Aug 2021 17:42:07 GMT
server: nginx
etag: W/"b451093ecfaa012f364641010ed13346"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mlbxReFt8YmdLvOZ4ChXgFfj8NP88809
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -xOYYWbLUyt79DYOxYJgZxYpXUOr8qaeYdRy9RcPUX3ARqWc1ZkDrw==

GET
H2 200 7.ea51c6ed.chunk.css
js.driftt.com/core/assets/css/ Frame 3057 11 KB
3 KB 14ms
5ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/7.ea51c6ed.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

a42d7e3e31574f46088f10ef28941abf54233afa6c88e4c1dbdca1e30f7d1d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:32 GMT
server: nginx
etag: W/"e87bf3956b83df89533ed143a9c0c06b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: LHV.oH0gwktF4jnhsCJIoVIXzJywrym8
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: goPiBfO4DY1LRHT-5NoSpK-ml63vs1bDLAqd7orUmJq1o7V6gb9dIw==

GET
H2 200 7.098b8816.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 68 KB
21 KB 24ms
15ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/7.098b8816.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

792cbd24e934bdcb0e62deaaefed93938b59a01223bafe4004eeb8b54baa5808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:35 GMT
server: nginx
etag: W/"3c32ffd586275849e767bd285d8adc4a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: WrJRYvrD7eXTt.dy2mnsL_0HScpDLQF_
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: y0pLo8eKjYsX1rk7RUKXObQtAKopRTMAqK6s1R0RvqjPJp8Qj9-6ww==

GET
H2 200 14.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 3057 24 B
667 B 14ms
6ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/14.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 19:32:17 GMT
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
age: 7214393
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Fri, 06 Aug 2021 18:47:22 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: TvxaskXeU1vX5QWjGFtspdoYt.ZZ_9cE
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8RoLlkBOyPt7jhqMcBDnw1eN36cKyn46nrzgtn-5Pqbrv7dnFNdIRg==

GET
H2 200 14.03c017b5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 71 KB
18 KB 24ms
16ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.03c017b5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

a4ca8d1377ccd3f8b6c41a288a2fbf8101a5cb4cf51202747b706269bece8dbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:14 GMT
content-encoding: gzip
age: 568557
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:06:58 GMT
server: nginx
etag: W/"c34078b7dac13ea8ac14ab51434795df"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Q8fMkTTTL7O5vEW45ly7dAsRJgoH_WtQ
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: sCYz2wJLt8NK3aTAgziCJ37eShmUBx_4x3uOc358YNIO76LdZyv7Ig==

GET
H2 200 20.1baaa537.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 46 KB
13 KB 25ms
16ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.1baaa537.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

852cd8d4d0443f3e12551ea41d1a2fde9e962edabda4afd5c8496f397a8dcbe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 18:53:57 GMT
content-encoding: gzip
age: 218294
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 26 Oct 2021 18:24:49 GMT
server: nginx
etag: W/"0e951b4ab93678b94bf79313d886aaf3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vSg8w9fhSOF1p10wor9Wyt__PlLKXRCS
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _ky8-aroV7h8fruhC25IaH1pqnGWIiaU3sj8YDGlKG-6MwmZvfM8qw==

GET
H2 200 12.28cf3bf7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 40 KB
13 KB 25ms
17ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.28cf3bf7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

7161c0d59473e4252d49119a51cb9b5e2ee3829684f461bc4be3541d0902d66c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:33 GMT
server: nginx
etag: W/"2e01bb2ae1b1914ea5c578e17744b422"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: flDAxDLRsacaAoJIOqhtcKtkWZaQbJCj
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wIMTWZR_sVzz-PFFf6lBU1Vds8yP0xxHt2zfGHSXVF-JtZSxV3HhcA==

GET
H3 200 __ptq.gif
track.hubspot.com/ 45 B
725 B 62ms
60ms Image
image/gif 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%229210833d-34a7-4597-ade0-03e16dcbc24c%22%2C%22bfb042c4-2edc-4f3e-b748-d104f601ac33%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2427650321&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&t=A+Multi-Method+Approach+to+Identifying+Rogue+Cobalt+Strike+Servers&cts=1635492731856&vi=3b97b3126beecb902afe650f6f9a8402&nc=true&u=57501621.3b97b3126beecb902afe650f6f9a8402.1635492731667.1635492731667.1635492731667.1&b=57501621.1.1635492731667&cc=15

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.154.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: a0539acc-db16-4998-811a-bbf514c50cd4
cf-ray: 6a5ab566384e4113-PRG
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=No9wD71U%2BQNlQTZRLSgmFh4w6ZH2SVOS7CANsDr4rahYj%2FhzNwyzRGIOfEn0k7HrtJpJGDEntPcxVHhRlrPjaqvgsUHfwJmN6Rh2ZmFRFB6gx5h0mj04CoYFbuNJXk%2B5N1GV"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H3 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
724 B 134ms
133ms Script
text/plain 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=252628&pg=a7fb8b5c-b14d-4030-a76d-26dbc96ab43b&lt=1635492730321&dt=1635492731669&at=1635492731860&ae=1&sl=1&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.154.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
cf-cache-status: MISS
last-modified: Fri, 29 Oct 2021 07:32:11 GMT
server: cloudflare
x-hubspot-correlation-id: 8e79bdc4-3bce-4868-af30-4dbf21fc804d
x-trace: 2BEBC0DD7F6913BDA2C8EB06BE3FB76B7F56355278000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3rmo3ptk1THkyCYn6DlGNxt%2FBNHMEkAt5nob1ZsXkSra0y94xzokscZEPI8NL8hMeIacY5JMrpBFHW82rFwY6coMVL1uefxydmEA2eI05DVjqyKPU99JLfC37e8yrdojeoe1sWN%2FFphSC82ZA4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6a5ab566384f4113-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-robots-tag: noindex, follow

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
482 B 160ms
139ms Image
image/gif 104.16.87.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.87.5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:12 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: fa31f374-c278-4f8a-a783-1c123177bf27
cf-ray: 6a5ab5665c46412c-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Fri, 29 Oct 2021 07:32:12 GMT
server: cloudflare
x-trace: 2BAFC79408890B43AD9167C46A6CE50ABD5EBB436A000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H3 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
725 B 130ms
130ms Script
text/plain 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=252628&pg=9210833d-34a7-4597-ade0-03e16dcbc24c&lt=1635492730319&dt=1635492731668&at=1635492731874&ae=1&sl=1&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.154.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:11 GMT
cf-cache-status: MISS
last-modified: Fri, 29 Oct 2021 07:32:11 GMT
server: cloudflare
x-hubspot-correlation-id: 1416daaf-be95-46f2-a9e7-f2b44a5fc9b9
x-trace: 2BA3090F5AC823437C3B2F75B8FD97469F88726C2E000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nu2MdZ5Ptb8rwZAaYF65SbMwVwe7BBanRu6GmHoXIoh%2Bc4f4yb2L6nhhjLykzgLk1Tp1oyLJRxruXWk9uejNj0pcsE%2F9cw0YZkISyRIOhm3SDrv64bapYEkUTQnrkwYJ3JFKAd2UwUlIzSQiI8M%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6a5ab56648634113-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-robots-tag: noindex, follow

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
517 B 145ms
135ms Image
image/gif 104.16.87.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.87.5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:12 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: a735c520-edd3-42e9-a95f-65b1a5d13df9
cf-ray: 6a5ab5665c40412c-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Fri, 29 Oct 2021 07:32:12 GMT
server: cloudflare
x-trace: 2BC3A6953CA6338A321E6DB85C0970E91B050F90B6000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 206 Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
go.recordedfuture.com/hubfs/video/ 382 KB
0 134ms
43ms Media
video/mp4 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=0-

Response headers

x-amz-meta-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
age: 43139
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: R247ST6KJTN6QPG4
etag: "7f4242e366fbe63e1f2907688d81e5dc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610487504295
date: Fri, 29 Oct 2021 07:32:11 GMT
via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: PRG50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
Content-Range: bytes 0-4150014/4150015
Content-Length: 4150015
x-amz-id-2: goU4idp7Hue6ITLEaHMsNcXXJUfvq7m4rr43pIRniVvRUigWWhxO0kBH4EbJMfVmXT50r+aABcw=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:38:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TeYHo%2BNywubYxgUi%2FAazoYj14uBGon0%2B%2B3RRHCPeGDLUPuWYkr61C6yk%2F80TfGtiYJ3R4IMzlxlSGBdwYFgqZvjZbn1AbN7asEagTP6OJhuDiagODdO9alJT99oZulVEM2plF6qiHg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: .5QE3xlgKIP9l5dOUqTrCu4sct8O.z5W
cf-ray: 6a5ab566d8d827b8-PRG
x-amz-cf-id: ZNzzdFJwPZkVc2kw5hlulEpYC_uVNePcCQzWV-vAnHcJRT2V4Hqh2Q==

GET
H2 206 Be%20In%20The%20Know%20-%201000x150.mp4
go.recordedfuture.com/hubfs/video/ 308 KB
0 116ms
31ms Media
video/mp4 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Be%20In%20The%20Know%20-%201000x150.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=0-

Response headers

x-amz-meta-cache-tag: F-40645593741,FD-40644989410,P-252628,FLS-ALL
age: 43140
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593741,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: R245XM59Y3AZCNJ8
etag: "7e96f071cd2d83e5b7ed23b469d79a6e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610488579540
date: Fri, 29 Oct 2021 07:32:11 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cd.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: PRG50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
Content-Range: bytes 0-4182721/4182722
Content-Length: 4182722
x-amz-id-2: rcuCQ3CeEKL5/mrqOLHK3n5wAaDYVkO47vtGeQffs0baE38NF/O19hz9heZCv2IIYLsok0hWTLw=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:56:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1NRNFN9iuPOzOHZeAJv2iG1kjKTxtX08wAM11OWIDpHYqeEfyLtZVSIz0L9pnk8RNLLVXk%2Btl%2BBIVtx7CLBUO6IeMMlBC35fMJvPV36GbFtqybdBIrm3gUB47hJv7qrbZfRJ1zZqcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: csscr0TOmaPgfBrU9ZjgdZG283D4s.x.
cf-ray: 6a5ab566d8d927b8-PRG
x-amz-cf-id: 16V-Gmu7i7GA4wD3zC1RK3mf4cWNVlsJTIDj2Z4SGPqD7skt_i0CGw==

GET
H2 200 22.e10510b6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 42 KB
12 KB 7ms
7ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.e10510b6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

b0257060098cdc51166f35b62e7dd8f0c5f8d6cfa319901c0c51a629537e02fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 01:13:23 GMT
content-encoding: gzip
age: 1232328
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 14 Oct 2021 21:28:22 GMT
server: nginx
etag: W/"a99459752bee496e4af7c45277fd9c26"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: T8L5krx2cqygd71cKnQ.RlFky1lNaO_x
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IPT7MW3F9GSJKkaJRvv7djOktcTAR4eEDqaXzYQPzGrAO4ZSYBTWQQ==

GET
H2 200 24.49c6961c.chunk.css
js.driftt.com/core/assets/css/ Frame 34AF 8 KB
2 KB 8ms
8ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/24.49c6961c.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

578cda2391db4e4d761ae5c4f05c03614d0ea8fec0b260edc036cc0bbdfcdd93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:31 GMT
content-encoding: gzip
age: 1874380
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:07 GMT
server: nginx
etag: W/"f80cd64e339375567091159cb077b941"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Jae8JqW663dCPtKcAWnt.q.y_JeyJDGP
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wWdp_4YoFFumXlmmyWdYQn0JiL9wEZZvw4dfcNi0m7AlzTqA3xzCDg==

GET
H2 200 24.76cfc36a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 11 KB
5 KB 8ms
8ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.76cfc36a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

39a37a8590ed1f9c94e9cf2559ecef149e3c26c33a902bf317be1d1a4e239dc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 17:56:28 GMT
content-encoding: gzip
age: 912943
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 18 Oct 2021 17:22:52 GMT
server: nginx
etag: W/"ef507f77f0656bb96ae332b6aa56a704"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: dimasf7fktpZ3ilSSOILefw61MPRf19Q
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -Q1GW2u4C58rYVYTmjhbmvLsZjMwHyGtOMCKq6V4BVBma92F-ws1dw==

GET
H2 200 18.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 34AF 365 B
1008 B 9ms
9ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/18.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 18:05:58 GMT
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
age: 2726773
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 365
last-modified: Mon, 27 Sep 2021 17:53:27 GMT
server: nginx
etag: "06b2963b029c0824382815165bfea73e"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 2nl84_Ynkb7J4eflOi4MBL9RG1iL8udX
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: INGAokATXmqAaDWnPqZ4G0JupwMm9sEY_FvF_Vqg2q0ludN_U6IeUw==

GET
H2 200 18.eb1a6df4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 34AF 84 KB
23 KB 9ms
9ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.eb1a6df4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f19b1f14c864b5c91313c4ff558be0405a4912d5f980a75ca55fd9138e2122e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=8aa52cbe-d9fe-48d8-9b09-83435ce9912b&sessionStarted=1635492731.654&campaignRefreshToken=9952c9bb-d824-4059-bd3c-437e59091810&hideController=false&pageLoadStartTime=1635492730077&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 18:53:57 GMT
content-encoding: gzip
age: 218294
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 26 Oct 2021 18:24:49 GMT
server: nginx
etag: W/"fca6f88644e3f72c16abd34367e299db"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 8Dtw1x8g7uQYQi_RZW4NW_rYatewsWyL
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fixbuJf7PJ1CTNILX5V5Alqvf5yUegHdFvRKJZTEvhjFCUybP4fl9A==

GET
H2 200 30.e776e5b0.chunk.css
js.driftt.com/core/assets/css/ Frame 3057 6 KB
1 KB 7ms
7ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/30.e776e5b0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 06:18:06 GMT
content-encoding: gzip
age: 4583645
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:30 GMT
server: nginx
etag: W/"9f36443a9402e1e03bf8070ddc88b8db"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: tAgW8ISL_lhmF8yDc7EFC6RakUCehknp
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SKhesB1QB4aH3k6ssW6H8krnUh87yzPPBKMsd7A3PrW72Fj_n77VaA==

GET
H2 200 30.1cba0c50.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 2 KB
2 KB 8ms
7ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.1cba0c50.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

2337e32bed1dffbceeade3e898616dadd4b6ba320b8201ec767923828a91dbe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 18:18:48 GMT
content-encoding: gzip
age: 1775603
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 08 Oct 2021 17:49:20 GMT
server: nginx
etag: W/"d54ffcde15f455981e28d3c9524c5a65"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mpksmuuRXsbc0e.AvyCNzrcsYNrGiRlA
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EqqZdNEginu5OqKHQMY8YchmGBDNKWb1RIZAmoMMSlGrQeryTVkVqg==

GET
H2 200 1.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 3057 7 KB
2 KB 7ms
6ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:26 GMT
content-encoding: gzip
age: 4580805
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:30 GMT
server: nginx
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: H3lCc5pGZRKjCHfgJqwvBl_pDrcMRgYg
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xshbW_39OB7UmijSUymwYK2YaknTNZr5XFkIdlyZi3eq7L_XWwXw9A==

GET
H2 200 1.187c50a5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 54 KB
16 KB 8ms
7ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.187c50a5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

a3075e2c162e41c4962a4221ae035dd607d895bd424e87aa4065a044c43763e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:57:01 GMT
content-encoding: gzip
age: 7400110
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 04 Aug 2021 15:23:59 GMT
server: nginx
etag: W/"eeccccb655ee3b6bcb8b1a9b1da4fd30"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .bVTg0MSlE6rXjintZc.g75plFKA2.sd
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iScvKkmXRhcPfgbZkuuoDKhNWIRk4oTBPb3yhs8lH6F1lt_i2JW3rw==

GET
H2 200 0.ad8639b0.chunk.css
js.driftt.com/core/assets/css/ Frame 3057 42 KB
7 KB 9ms
8ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/0.ad8639b0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

c84f3c933180c0ed1706f8f1923c12fb57a172ebf24c8836491c475918312ff0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 16:26:50 GMT
content-encoding: gzip
age: 831921
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 19 Oct 2021 15:04:44 GMT
server: nginx
etag: W/"a5653da1eea0ce65836fae4712db2473"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mQv2gyI5K.QRprLf3a7EsELFpJyDQLND
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -y2FX0wQ6McV0oyH0cY_hgJQnIW8Rtlm3736fgq1d-bZ92aW0jVCzA==

GET
H2 200 0.5ea0d49e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 64 KB
22 KB 9ms
9ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.5ea0d49e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

122848c6dceeeadfaf910d73d86132a3f93e61c6ff1e96d6d8c7d8468c0a7995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 16:26:50 GMT
content-encoding: gzip
age: 831921
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 19 Oct 2021 15:04:46 GMT
server: nginx
etag: W/"2996e5ba3e005bdf8e42e630171ac432"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: ANfBCF9YOHpHxJhPHvW3WC43S2ZFQyIl
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n88fLuAEhTTkXNQ_tr9fRYqrZFKpPBCXxB9vmpoutBfsUDCLj4IxTw==

GET
H2 200 29.d680488a.chunk.css
js.driftt.com/core/assets/css/ Frame 3057 11 KB
2 KB 10ms
9ms Stylesheet
text/css 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/29.d680488a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

875438cf4486dbc880f1db9771e4fd278245d0ab049cf5791c306d4373ad279f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 16:26:50 GMT
content-encoding: gzip
age: 831921
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 19 Oct 2021 15:04:45 GMT
server: nginx
etag: W/"9f452b950fbeae1c64bd0358798fcb33"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: k01PIVMggK2WuJWw6lbDZ.1.Qn1d1d5I
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oKvCnfN7iljSuw9CggECo6rzY_73ahM0WHgH1s6Pjhi9sUBZDNRssw==

GET
H2 200 29.e378e9bb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3057 11 KB
5 KB 10ms
10ms Script
application/javascript 143.204.98.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.e378e9bb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.47 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-47.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

61c5e0ee01b43350fc63d6540019ca4a1a2fec438e09e225b715a442a63115f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492730077
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:15 GMT
content-encoding: gzip
age: 568556
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:06:58 GMT
server: nginx
etag: W/"08a72aad434f11567a747fd67be2d3fb"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: giCtYEsUB_JM_Od5EXfAQpRwov8jwuh0
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -0kWb82brAhBVH3PrbnHbef0yYij6NoNQZWctf2Vg8LtZbbY6p-MRA==

OPTIONS
H2 200 v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 0
0 332ms
102ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 29 Oct 2021 07:32:12 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift9797aaf4e1c9a710adb14695174
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 v2 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 34AF 25 B
122 B 111ms
111ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 29 Oct 2021 07:32:12 GMT
server: istio-envoy
requestid: aec33aa0fc454b3c
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame 34AF 103 B
200 B 102ms
101ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

7c3c905b1aff3b713b47574d8e1ad8ff8e4ca4ea0afd0f68384ec6afc809492e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 29 Oct 2021 07:32:12 GMT
server: istio-envoy
requestid: d6134ad07bea53be
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 103
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 324ms
102ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 29 Oct 2021 07:32:12 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift98fdb824c08996b92422c0f7d9e
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

GET
H2 206 Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
go.recordedfuture.com/hubfs/video/ 128 KB
0 47ms
47ms Media
video/mp4 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=360448-

Response headers

x-amz-meta-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
age: 43140
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: R247ST6KJTN6QPG4
etag: "7f4242e366fbe63e1f2907688d81e5dc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610487504295
date: Fri, 29 Oct 2021 07:32:12 GMT
via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: PRG50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
Content-Range: bytes 360448-4150014/4150015
Content-Length: 3789567
x-amz-id-2: goU4idp7Hue6ITLEaHMsNcXXJUfvq7m4rr43pIRniVvRUigWWhxO0kBH4EbJMfVmXT50r+aABcw=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:38:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gOI6IdqHztIWgCI4AIsmlUbefwWV2xkhQOblTzSdXmLzAm%2FtQjzzJQs0lF7FZ5oivTSBti0RzDNZ7DWn9GyYe9Xb29yQvRKGiwjqbDXG89ECdo5G6DOo1JJoYNcV%2BOIlnPb%2BrTI1fg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: .5QE3xlgKIP9l5dOUqTrCu4sct8O.z5W
cf-ray: 6a5ab56789ec27b8-PRG
x-amz-cf-id: ZNzzdFJwPZkVc2kw5hlulEpYC_uVNePcCQzWV-vAnHcJRT2V4Hqh2Q==

GET
H2 206 Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
go.recordedfuture.com/hubfs/video/ 128 KB
0 32ms
31ms Media
video/mp4 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=491520-

Response headers

x-amz-meta-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
age: 43140
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: R247ST6KJTN6QPG4
etag: "7f4242e366fbe63e1f2907688d81e5dc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610487504295
date: Fri, 29 Oct 2021 07:32:12 GMT
via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: PRG50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
Content-Range: bytes 491520-4150014/4150015
Content-Length: 3658495
x-amz-id-2: goU4idp7Hue6ITLEaHMsNcXXJUfvq7m4rr43pIRniVvRUigWWhxO0kBH4EbJMfVmXT50r+aABcw=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:38:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5RAFt%2FbkLUOG6iO2MzTA0tL50XafXg93CNnm7xVye%2FKY%2BzS770F8%2FWZVUW9dVD5sr%2F5QPYFoKgdn0cSWKfbLf8laCzHRcA6NjWAOPcZk2L55ixYRRxSJ%2FS%2Fvt7Bn3Z8wT2UipNnbSA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: .5QE3xlgKIP9l5dOUqTrCu4sct8O.z5W
cf-ray: 6a5ab567da4b27b8-PRG
x-amz-cf-id: ZNzzdFJwPZkVc2kw5hlulEpYC_uVNePcCQzWV-vAnHcJRT2V4Hqh2Q==

GET
H2 206 Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
go.recordedfuture.com/hubfs/video/ 160 KB
0 34ms
34ms Media
video/mp4 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=622592-

Response headers

x-amz-meta-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
age: 43140
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: R247ST6KJTN6QPG4
etag: "7f4242e366fbe63e1f2907688d81e5dc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610487504295
date: Fri, 29 Oct 2021 07:32:12 GMT
via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: PRG50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
Content-Range: bytes 622592-4150014/4150015
Content-Length: 3527423
x-amz-id-2: goU4idp7Hue6ITLEaHMsNcXXJUfvq7m4rr43pIRniVvRUigWWhxO0kBH4EbJMfVmXT50r+aABcw=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:38:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rwNs4w0CKCNhNosQYjhAm3HCpPUfeIMXfLVlgK0aGlBKJBpJ7Y0C1qdPEi7%2BGkR60w56zzGdu8CbceKvNMVqRdVryhVy%2BJPOGiXun8t3FcdOW%2BFvlkPgAmFECHTXXjsXd0eI6Vrlw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: .5QE3xlgKIP9l5dOUqTrCu4sct8O.z5W
cf-ray: 6a5ab5681aa027b8-PRG
x-amz-cf-id: ZNzzdFJwPZkVc2kw5hlulEpYC_uVNePcCQzWV-vAnHcJRT2V4Hqh2Q==

GET
H2 206 Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
go.recordedfuture.com/hubfs/video/ 498 KB
0 44ms
43ms Media
video/mp4 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=786432-

Response headers

x-amz-meta-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
age: 43140
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: R247ST6KJTN6QPG4
etag: "7f4242e366fbe63e1f2907688d81e5dc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610487504295
date: Fri, 29 Oct 2021 07:32:12 GMT
via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: PRG50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
Content-Range: bytes 786432-4150014/4150015
Content-Length: 3363583
x-amz-id-2: goU4idp7Hue6ITLEaHMsNcXXJUfvq7m4rr43pIRniVvRUigWWhxO0kBH4EbJMfVmXT50r+aABcw=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:38:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mLtgFSQQ2KOWsH2H0NqNkciCNhkL97s5U5VTbbDFC%2BQgmQjUp1bpPISTeHSEnu7Ub18Z0Iu1SBxycuiDCzuuF%2BkC%2FMbicw51rZv3%2FjuMLaqdIUVU4uwkWjscow%2BSREjqQF8%2FRIc03g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: .5QE3xlgKIP9l5dOUqTrCu4sct8O.z5W
cf-ray: 6a5ab5684ae027b8-PRG
x-amz-cf-id: ZNzzdFJwPZkVc2kw5hlulEpYC_uVNePcCQzWV-vAnHcJRT2V4Hqh2Q==

GET
H2 200 mp5rtwcnz2nd.json Show response
embeds.driftcdn.com/embeds/ Frame 34AF 47 KB
12 KB 430ms
412ms XHR
application/json 143.204.98.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embeds.driftcdn.com/embeds/mp5rtwcnz2nd.json
Requested by: Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.58 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-58.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eb12d13ad02ba7962f843a06b7728b8d136a25182694903a57ff950fed773031

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:13 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 29 Oct 2021 06:25:45 GMT
server: AmazonS3
etag: W/"825d36d1702d81109dcf7e1c830a2721"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json; charset=UTF-8
via: 1.1 a1098f0eeab192209962e3a9d76d0339.cloudfront.net (CloudFront)
cache-control: public, max-age=30
x-amz-cf-id: qMbN_r4q5yHgNCO8JU4IMV79tByoKNk65QQ13jp2z_wHBf_05kyi_Q==

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 178ms
178ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=64bb1002ce1e00007aa37b61ef00000028408a00&session=3888920a-e5dc-4071-89bc-92e6814653cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A10%20GMT%22%2C%22timeSpent%22%3A%222293%22%2C%22totalTimeSpent%22%3A%222293%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=99c35ff3-47c8-46a3-8224-89ac04422232&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:12 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 181ms
181ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=64bb1002ce1e00007aa37b61ef00000028408a00&session=3888920a-e5dc-4071-89bc-92e6814653cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A12%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223294%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=99c35ff3-47c8-46a3-8224-89ac04422232&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:13 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame 34AF 25 B
89 B 114ms
114ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 29 Oct 2021 07:32:14 GMT
server: istio-envoy
requestid: 954594f7c5fedf03
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 14
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 100ms
100ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 29 Oct 2021 07:32:14 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftd26dd4c48ce8e01ad2b9b50580a
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 177ms
177ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=64bb1002ce1e00007aa37b61ef00000028408a00&session=3888920a-e5dc-4071-89bc-92e6814653cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A13%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224296%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=99c35ff3-47c8-46a3-8224-89ac04422232&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:14 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 177ms
177ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=64bb1002ce1e00007aa37b61ef00000028408a00&session=3888920a-e5dc-4071-89bc-92e6814653cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A14%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225297%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=99c35ff3-47c8-46a3-8224-89ac04422232&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:15 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 180ms
180ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=64bb1002ce1e00007aa37b61ef00000028408a00&session=3888920a-e5dc-4071-89bc-92e6814653cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A15%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226298%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=99c35ff3-47c8-46a3-8224-89ac04422232&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:16 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

128 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

49 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.6sc.co/	1970-01-20 15:49:24	Name: 6suuid Value: 64bb1002ce1e00007aa37b61ef00000028408a00
.recordedfuture.com/	1970-01-20 07:44:07	Name: _pk_id.1.e343 Value: 444b87797b6eb376.1635492730.
.recordedfuture.com/	1970-01-19 22:18:14	Name: _pk_ses.1.e343 Value: 1
.hubspot.com/	1970-01-19 22:18:14	Name: __cf_bm Value: rOU3ovShFyWVJsmJqccWKpLSfRtLK4q30Z4f4S_GZps-1635492730-0-AcRiM2qguOiTXbIp/26jVNQ2MIDeY/3b9uf9R2chz3rpyV7SFbHS+mawnKmwXRDMvan+8dURjex7zNJWGR1QAaw=
.recordedfuture.com/	1970-01-20 00:27:48	Name: _gcl_au Value: 1.1.114465578.1635492730
.recordedfuture.com/	1970-01-20 15:49:24	Name: __utma Value: 93161374.1105624788.1635492731.1635492731.1635492731.1
.recordedfuture.com/	1969-12-31 23:59:59	Name: __utmc Value: 93161374
.recordedfuture.com/	1970-01-20 02:41:00	Name: __utmz Value: 93161374.1635492731.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.recordedfuture.com/	1970-01-19 22:18:13	Name: __utmt_sfga Value: 1
.recordedfuture.com/	1970-01-19 22:18:14	Name: __utmb Value: 93161374.1.10.1635492731
.recordedfuture.com/	1970-01-20 00:27:48	Name: _fbp Value: fb.1.1635492730533.26482011
www.recordedfuture.com/	1970-01-20 15:49:24	Name: _gd_visitor Value: be7cd438-a837-4772-8456-198fc2b593ff
www.recordedfuture.com/	1970-01-19 22:18:27	Name: _gd_session Value: 3888920a-e5dc-4071-89bc-92e6814653cb
.facebook.com/	1970-01-20 00:27:48	Name: fr Value: 0qi0Up36d8xIAo3NT..Bhe6N6...1.0.Bhe6N6.
.recordedfuture.com/	1970-01-20 15:49:24	Name: _ga Value: GA1.2.1105624788.1635492731
.recordedfuture.com/	1970-01-19 22:19:39	Name: _gid Value: GA1.2.1845219583.1635492731
.recordedfuture.com/	1970-01-19 22:18:12	Name: _gat_gtag_UA_9153858_2 Value: 1
.recordedfuture.com/	1970-01-19 22:18:12	Name: _gat_UA-9153858-2 Value: 1
.twitter.com/	1970-01-20 15:49:24	Name: personalization_id Value: "v1_h5w0/NZfVwzZVSsO/+kDlQ=="
.linkedin.com/	1970-01-19 23:01:24	Name: UserMatchHistory Value: AQISje5XsM41uwAAAXzK9pjr1Iq4_Alms3s3d_HKS177PejnnVSqJTba29n4MoM9YzwKFuSkr2gwUw
.linkedin.com/	1970-01-19 23:01:24	Name: AnalyticsSyncHistory Value: AQIXH8HqKdgHBQAAAXzK9pjrWODabGn19kOiKM0WYjMZwNdtaDrTrtAYjYZqVl5NkAZLxq27Vne8DhzJ6GSNvg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 15:50:06	Name: bcookie Value: "v=2&50326ffd-0f0c-4ca7-8cf9-286e8548a972"
.linkedin.com/	1970-01-19 22:19:39	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2157:u=1:x=1:i=1635492731:t=1635579131:v=2:sig=AQGMtWv6DKxNJ-wvRufvlAkpcHqEFzvW"
.doubleclick.net/	1970-01-19 22:18:13	Name: test_cookie Value: CheckForPermission
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_policy_id Value: 17
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_functional Value: allow
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_statistics-anonymous Value: allow
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_preferences Value: allow
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_statistics Value: allow
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_marketing Value: allow
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 15:50:06	Name: bscookie Value: "v=1&2021102907321134b9d570-8146-4478-8d85-1ed30e96afc9AQH3kYENQi2uLWd3DmXSHU717oiWO6si"
www.recordedfuture.com/	1970-01-19 22:18:14	Name: drift_campaign_refresh Value: 9952c9bb-d824-4059-bd3c-437e59091810
.recordedfuture.com/	1970-01-20 07:39:48	Name: __hstc Value: 57501621.3b97b3126beecb902afe650f6f9a8402.1635492731667.1635492731667.1635492731667.1
.recordedfuture.com/	1970-01-20 07:39:48	Name: hubspotutk Value: 3b97b3126beecb902afe650f6f9a8402
.recordedfuture.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.recordedfuture.com/	1970-01-19 22:18:14	Name: __hssc Value: 57501621.1.1635492731667
www.recordedfuture.com/	1970-01-20 15:49:24	Name: _gd_svisitor Value: 64bb1002ce1e00007aa37b61ef00000028408a00
www.recordedfuture.com/	1970-01-19 22:28:17	Name: _an_uid Value: 0
.go.recordedfuture.com/	1969-12-31 23:59:59	Name: __cfruid Value: fb84a8bfa5cb2884a8e8d10d7249bf0be09cc3a2-1635492731
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: ab044db05aa40eb6
.recordedfuture.com/	1970-01-19 22:19:39	Name: source Value: (direct)
.recordedfuture.com/	1970-01-19 22:19:39	Name: medium Value: (none)
.recordedfuture.com/	1970-01-19 22:19:39	Name: content Value: undefined
.recordedfuture.com/	1970-01-19 22:19:39	Name: keyword Value: undefined
.recordedfuture.com/	1970-01-19 22:19:39	Name: campaign Value:
.recordedfuture.com/	1970-01-19 22:19:39	Name: landing_page Value: /cobalt-strike-servers/
.recordedfuture.com/	1970-01-19 22:19:39	Name: conversion_page Value: /cobalt-strike-servers/

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fonts.googleapis.com/css2?family=Inter:ital,wght@100..900 Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
b.6sc.co
bam.nr-data.net
bootstrap.api.drift.com
c.6sc.co
cdn.jsdelivr.net
cdn.materialdesignicons.com
cdn.matomo.cloud
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
embeds.driftcdn.com
fonts.googleapis.com
go.recordedfuture.com
googleads.g.doubleclick.net
j.6sc.co
js-agent.newrelic.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscta.net
kenwheeler.github.io
metrics.api.drift.com
no-cache.hubspot.com
perf.hsforms.com
px.ads.linkedin.com
recordedfuture.matomo.cloud
secure.adnxs.com
snap.licdn.com
ssl.google-analytics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
track.hubspot.com
unpkg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.recordedfuture.com
104.111.233.140
104.16.125.175
104.16.19.94
104.16.86.20
104.16.87.5
104.17.211.204
104.17.221.204
104.17.71.176
104.18.12.124
104.18.21.191
104.19.154.83
104.19.155.83
104.244.42.195
104.244.42.197
108.174.11.37
13.107.42.14
142.250.185.130
142.250.186.130
142.250.186.40
142.250.186.68
142.250.186.72
142.250.186.78
142.250.74.202
143.204.98.47
143.204.98.58
143.204.98.80
151.101.2.137
157.240.20.19
157.240.20.35
162.247.242.20
185.199.108.153
185.33.221.13
185.59.220.193
199.232.136.157
199.60.103.2
2.16.186.8
35.71.162.228
54.147.21.139
66.102.1.157
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02ca1340552bfb367e2b6ca0b579fdda8263c5d2c65f90f93272c5f2ddd5ea12
04b12fe4b726c8e5ba04dcff9b0d38ce4732135f29f207d157298e361217dbe9
0940efb55fa2f1deb76f9261931ac680e0fc2429e1073e2bafaadc7a32bab6d5
0b22a782d08b25024012dd62af1848c8e9fc236b147753ba3b98f03e8034aafa
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
1026d9fb308f7ae9af4b10ee43618382be1a6313656b395da90681d6a10b1988
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
122848c6dceeeadfaf910d73d86132a3f93e61c6ff1e96d6d8c7d8468c0a7995
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
12c384a5a3b640621e09e7ab688b24b29213485413f0418db7bf257104fa9a74
1348cfccbfc3386e39f760e3e95f6d79c2546051541c316747dd39925c459c89
14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2
1612e3d01a9389defe81c28b91ee18b7b1f97b54f39dd8aa651667c25bce28e2
1cc82f513588a417cfb181cd5b2329432cc3b2bb9d1f056e432838a036851aed
1ed082521f47921ffff14d4ec1c6c3f1ea55114741bee23cc23d4ab6a3213642
1f7e6a6c895c100151dfb452658d754fba7965e3ca95359990486db344d531e7
2141abf196d6e27db0c32272439429c12f3ad7ac611be5b9fe7c079a0735d827
22d9ce45b9c08488a55c6806bb6dc4cbfde25f244f223ad95dafa7ab4fdf09f6
23164036a457019ff92b638a4f43e60f218b4b9beee1ac712d5730a74de68533
2337e32bed1dffbceeade3e898616dadd4b6ba320b8201ec767923828a91dbe9
265fd69dc48e408e11848da1bdaea9a27f2f474a502775577ee17e62abcb761a
26ed451dc70837699aa46708429b9c637101e8c3c17e4a825bb1c4d56daf6854
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
271bc594ffc1d972db7f089f567b29b1174183bcd46c672eb7775226a404a027
2b4d9e531f3302ad49380ce5e5e160925956edb55179c63ee2bac32ab040d1a5
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
326d6c39524da9a4b3d35286c798b93738a4665b29ce498d5b5df959a3a19012
3323814006fe6739493d27057954941830b59eff37ebaac994310e17c522dd57
3358935920615baf65e451b57eeaace2fbc36408d7983a6ebe31fe64dda08b32
36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585
39a37a8590ed1f9c94e9cf2559ecef149e3c26c33a902bf317be1d1a4e239dc1
3b44433b6d777aed38ed9359c5453bba1fb62c181f99f060b94cc58e457457d9
3ca30196668a7f8ebe3b4a6ef2d30a2e3d491b06557b222a75d98b47c50f69bc
3ec19e731a605af29732582f00be3657470562ad2c1059ce01e58feda8f8d141
3fc2845d22c09928ba9dae73f657a21ede05bed89a42efafe1028bcbe4ee499b
40bcd63ab74f4ab4d6976033797595ea693379a4186ba951e8059d8f2b63c7a8
41f7afd6088c39cdc0d6f910f7f4b6afbf6a2133533847e960a8ca906fabc1c6
449f8a15dcb126b3fcc4c718a80860c9b494b2703705263e921964e664b0a9f8
44a71fb13f43360c9013841611c5c20848a929ac2ef5cff804dce3da0e02271e
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4
4b31f597e9852f3e8ef045d9f6032a8ecfe9d8e5c6cde3196c6964e193fe6615
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e42e478fd27161799c18a75c2e9a7341996250f696d09d53db336a2962ba06b
5059bfed12587f496894f97319682ccb715e7748ae93dd2cafd6310e914f3870
50b65e8904b4b0452adb190cdcf16f6f0f2b31d1179c1eb5d8429284f135260a
5238692ecf23970cbc3bad3899f5ad4913886cd16f0883d22fda406b3324a253
52997a640c38c5915b6105ad464bf2bf8121f3fe40c72d70791f54c4be95971a
578cda2391db4e4d761ae5c4f05c03614d0ea8fec0b260edc036cc0bbdfcdd93
58332a4cc75a697eafeb1b4d9cb66326d6a29acb2f98afc1de3f1ef2401be056
593f56bb9b00b639f6aadc57954f46080ce233d1bc01ef50f85720df619029f8
5b95cb9d1afbdd93fee9b33d9f2da1b4e0df06ad73b77b8f507005d0ae2089e0
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5efce88ac7228ea159bcf7fd1cc56d73c19428394218706524bac0e9151d4c61
5f3923859a304623f0c5efd3103b04660502b9d2c7410b559d163266363efae8
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
613c27d45e0551e5862b4bbbf3c6f5241f73bc472ff15e84492f9b4f6579c58b
61c5e0ee01b43350fc63d6540019ca4a1a2fec438e09e225b715a442a63115f3
6759e1844268d4ab9f5c8a9c16c245b58c1b5cc8d8361ce751bf8902a0025293
680ffc6fb7452a4d41dcccc5c5dff70c52d39aba45492d33c5413dddbf238c8f
692f218144b18d4f2c28c9d8d69385106263fb3239fd0ae2b42680202941ba0f
699713f69dbd2387b7c3b57204bcdc3d86d3ac350718a7ad65a5293e0d2c53eb
6a09ca406e89e7b1d3172741824df92d81eb000aa3241559c573f1bf17bc4899
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6fdd24bd96b3a482bc058d5c9bcfd6f1c664d91bbd47658d65ac5d852535f7fd
707fa94515d8bb05911ba2599cc33e2ea12338116fdbb426d7bb27745fc854ad
70c9b373b81d6e43a3479f52231ac50d2691fd9232042514159be5866a65e40f
7161c0d59473e4252d49119a51cb9b5e2ee3829684f461bc4be3541d0902d66c
71f918c131027703d4692c7e7cc9d46fc09554fc2b211e60f12e8fea8360deb7
7201c12b0e82cd05a60c412f53f98f37cfec9616ef61f6e34d7d3a5293e440a5
7223c0b2ffaafe54a5aa7784420e711a847bde036b3e8050c319e815a4b1aa33
7727399fe5d8441829176e6a661b540efaac1680120a1d7fb1235e258d70770b
773a8f6755c75e51461fb4809413075f96342df2696625580b407967292d915c
7915f988d90a47aff5003835c6e0255c3cb35247762ff36f005e7f94d5e8fbbc
792cbd24e934bdcb0e62deaaefed93938b59a01223bafe4004eeb8b54baa5808
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79a39793efbf8217efbbc840e1b2041fe995363a5f12f0c01dd4d1462e5eb842
7ab1a5e7c2b115dc7e18cc7715b14ee689e79dcb8ff780d7398991d19a6858f1
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7c142f741438550d5cad8e88b6b2952f8f256efda416f35e5a84dd2f6066144d
7c3c905b1aff3b713b47574d8e1ad8ff8e4ca4ea0afd0f68384ec6afc809492e
81a0af4b719cd7130599920adcdb46c1baee5556a3bdac934cc13acab1da9d30
81dbdd695385ce9e3065e0cf1d8f058169de79244b1d1be4059b527e31d23c77
8207ade6f639887a7838b2903d39de1b3d21a327b031310555676d120e068b47
8271756d5397dd04fee9e7b5e9bb25a40b32102998938539946d9a006a0ec737
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83e7b0edd83ba89635382f425dfdfd4e2dc0f4c43a059c41dce98cdb1048ab86
84decc00a588d65b9c7ae58a79d11fa6eb4a1ae0330a0e78097ef88599482168
852cd8d4d0443f3e12551ea41d1a2fde9e962edabda4afd5c8496f397a8dcbe4
875438cf4486dbc880f1db9771e4fd278245d0ab049cf5791c306d4373ad279f
87ead41c0a6b481b3cc9c1bc9833aa34e2528b09e72516a285c734039ce5f168
98726f9632fa3f6359c2d118f2061241729bcfc9a98563ccb6cf87444d32bd88
9d1a71851b9c575f7a08134336da7769a379f0db481b058bf45a82d60b7e2ddc
a24dc262ca6db1017f88a6f18786dbb088dce4d06f65ed2b4b43cfd8d0cc618b
a3075e2c162e41c4962a4221ae035dd607d895bd424e87aa4065a044c43763e4
a42d7e3e31574f46088f10ef28941abf54233afa6c88e4c1dbdca1e30f7d1d92
a4ca8d1377ccd3f8b6c41a288a2fbf8101a5cb4cf51202747b706269bece8dbd
a7f76c0835d3a337c354d936e4797b1453457ab37dadb9f99cbf75bc792daede
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af0ad47815cfcb0fc8402cf431dd782af68f2ba05752c66d9bb11a4354f65754
b0257060098cdc51166f35b62e7dd8f0c5f8d6cfa319901c0c51a629537e02fd
b66b829dadd04612728f728f6e8bd8fcc42d4ac46e5987cb4d353a4abbe0f9ce
b853433ae9f74d2536d11c7be13f1424d26c9108f97874c68179d53261258f6f
ba11b78c71401e77efe041c42fd9d50277c38a01ca9f377adf9f038338d28cc6
bb54e94c545f03932d631cd985aff128d39396abed2de7cbb522b535493d0262
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bd54d3dc95cf10c02ae9f22ec9e0d584284f02c241478074e4caadf5a8f49e6c
c1519dacf01319cb5e0caa709cf1cb40794474a6ca4eb2de3d6fcb86c6157bf5
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef
c23c7b5a64271af443cbff923966e7878bdbe67654ff666c1619e991be666775
c2d8b5ed5baf711d51629607797e32e5ff638637a0091598427eac4908dbae47
c60328c2a2fba270c2fc603e556bb6eb41d10cecac5941dfe54e0c071472cc78
c603c541f94baf65c45293c624e017b584fc0860ce57c2d1385045fe8807939e
c662a9b742f184dc32f391cb1a7e22636157ef73c441024f8bc217a9d76f744f
c84f3c933180c0ed1706f8f1923c12fb57a172ebf24c8836491c475918312ff0
c87e0e31334c6998b90c83d48eff6252a248120d32b376414965e1421203c901
cda9b31d709444e003d3adbfbdec43f093e405b36841fde5c1d187e439585219
d0604167abf2874fdbd5b6d19037baba5d36642b21656c3a6ce6cfef5b6ae8a3
d40a41723def70b4af303c98a8269de407ed39586596106e16c9e0be01942d72
d9576157078dda9a522dad222249eeec6e639a856351b9f09451163cec1828ff
d9d77a3f1c26a593a4d4fa4c7122e85ee25a2c6c0888727f7e2b2f808f4353fa
db2af24bfef6358a1c62eb490dcef92470cfd816b84f7fac5c50ae79b1397f81
db41595d2e0dc3c39109915e8858537bdc06d9bf2b4800082478179af14db26b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e2003c6297eb3b8cbe99aa25e9953a881081149bfc9817d49e13cf63d23fbd84
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e90135befb1cde3a65a625bd4b1947fe8241484d5248194fbb3ab8b3b9912706
eaeb4f0f1808f80c63dfe32e104ca7e0d2f34811e935891f591275d14b1a7826
eb12d13ad02ba7962f843a06b7728b8d136a25182694903a57ff950fed773031
ec3873a49c77ec8a26f8c7a6f60eff1c0a7884459b5f8d2fcef28ef0ce271792
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ed839d9fae4a8e722e9c408c2716a6f1eb789b99ef16722cd39ff4965749d8fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef52ef34f25e761b4c0392f953bdd8d9edda1bc028657df3dd9fdc6438183115
f19b1f14c864b5c91313c4ff558be0405a4912d5f980a75ca55fd9138e2122e2
f20043d6d0a668de0bb60c94ed1acb16cd82d6288de82cb8e6ea181f8e79a8e0
f25666e0933bf72ec6b39d6fc904783fbf5159b3fad915bdccca1a73e2ca273b
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e
f412e2b324d3f4828a4eebd87cbeef91837054dc9cbecee057c2a172ad3287ce
f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed
f4b74d8f3be81034620ed4601bf78517f60b7d85892e7714fdebafbc1d432853
f527f0504570ea0238ac6eff51a33a70834b3ed3123265351526460cbe0d8d88
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f766851b62b6bd1f49906a5aeb2ef2d75d2f022c857a489aaebca788fc410602
f76e86c6a29453f0e15e74069a1e105af353ff07abaf5b7fdbb599e7c3263741
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723
f94ce8666bf003756c16b56edad5a0121b3516222d4f093bdb771afabfb2cc5f
f958b4527bcb3c4da9d038386657b0a8e498e40bb6d5eede4f0a42d4b1503221
f978da291f493e64d4420d2cfab5c2bdc736c53f11c8d61c6da1efdb7df1155d
fa110ac06915e913fea0ad440e557cd75b95101504acc6a865efb5d7f0f34d95
faf835f97585eb330064dc8e8b23593c89ccbaf59ec5dc3fae770ddc6afedbda
fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c
fccfcbc28d8356bdb5cf1c1323928aeb3e837f96cca5d64458d495f21f03e357
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.recordedfuture.com Open in urlscan Pro 104.18.12.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

214 Requests

99 %HTTPS

0 %IPv6

33 Domains

43 Subdomains

38 IPs

5 Countries

4212 kBTransfer

10348 kBSize

49 Cookies

61 Outgoing links

Redirected requests

214 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.recordedfuture.com Open in urlscan Pro
104.18.12.124 Public Scan

Screenshot
Live screenshot

Full Image

214
Requests

99 %
HTTPS

0 %
IPv6

33
Domains

43
Subdomains

38
IPs

5
Countries

4212 kB
Transfer

10348 kB
Size

49
Cookies

214 HTTP transactions
6 data transactions