www.reliaquest.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Submission: On May 29 via api (May 29th 2024, 4:44:18 pm UTC) from US — Scanned from DE

Summary HTTP 138 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 52 IPs in 6 countries across 35 domains to perform 138 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.reliaquest.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on May 16th 2023. Valid for: a year.

This is the only time www.reliaquest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
6	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:bb1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.67.39.148 172.67.39.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:249... 2600:9000:2491:3200:2:8f43:5780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
2	104.18.186.31 104.18.186.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	2.19.97.58 2.19.97.58	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:4769	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:710... 2a02:26f0:7100::1720:ef23	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	23.58.24.102 23.58.24.102	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	108.138.26.95 108.138.26.95	16509 (AMAZON-02) (AMAZON-02)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	54.209.130.235 54.209.130.235	14618 (AMAZON-AES) (AMAZON-AES)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a02:26f0:210... 2a02:26f0:2100::58dd:c512	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
1 4	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.102.51 18.66.102.51	16509 (AMAZON-02) (AMAZON-02)
1	18.245.86.14 18.245.86.14	16509 (AMAZON-02) (AMAZON-02)
1	18.172.103.101 18.172.103.101	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
1	13.32.27.86 13.32.27.86	16509 (AMAZON-02) (AMAZON-02)
2	52.32.164.86 52.32.164.86	16509 (AMAZON-02) (AMAZON-02)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:206... 2600:9000:206f:4800:5:7a81:86c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
2	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
1	13.32.27.21 13.32.27.21	16509 (AMAZON-02) (AMAZON-02)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
1	100.25.67.163 100.25.67.163	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.185.100 142.250.185.100	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	2620:1ec:bdf::43 2620:1ec:bdf::43	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
2	44.226.187.177 44.226.187.177	16509 (AMAZON-02) (AMAZON-02)
3	52.152.143.207 52.152.143.207	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	172.217.18.14 172.217.18.14	15169 (GOOGLE) (GOOGLE)
1	54.203.236.163 54.203.236.163	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.232 142.250.185.232	15169 (GOOGLE) (GOOGLE)
2	18.245.86.77 18.245.86.77	16509 (AMAZON-02) (AMAZON-02)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
138	52

21 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.reliaquest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bb1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.39.148 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2491:3200:2:8f43:5780:93a1 (United States)

ASN16509 (AMAZON-02, US)

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.186.31 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2.19.97.58 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-97-58.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4769 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100::1720:ef23 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.58.24.102 (Chennai, India)

ASN16625 (AKAMAI-AS, US)
PTR: a23-58-24-102.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.26.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-95.fra56.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.209.130.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-130-235.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:2100::58dd:c512 (Munich, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-51.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-14.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.103.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-103-101.fra60.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-86.fra56.r.cloudfront.net

cdn.heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.32.164.86 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-164-86.us-west-2.compute.amazonaws.com

abm-tracking.demandscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.21 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:4800:5:7a81:86c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f195.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-21.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 100.25.67.163 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-25-67-163.compute-1.amazonaws.com

heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

438-kyk-786.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::43 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.226.187.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-187-177.us-west-2.compute.amazonaws.com

intentstream.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.152.143.207 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

o.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.14 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.203.236.163 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-236-163.us-west-2.compute.amazonaws.com

tracking.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.86.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-77.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	6sc.co j.6sc.co — Cisco Umbrella Rank: 5787 c.6sc.co — Cisco Umbrella Rank: 8716 ipv6.6sc.co — Cisco Umbrella Rank: 5928 b.6sc.co — Cisco Umbrella Rank: 3876	29 KB
21	reliaquest.com www.reliaquest.com	501 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 743 o.clarity.ms — Cisco Umbrella Rank: 475879 c.clarity.ms — Cisco Umbrella Rank: 1385	28 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 338 www.linkedin.com — Cisco Umbrella Rank: 619 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	4 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	288 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 11817 ws.zoominfo.com — Cisco Umbrella Rank: 4715	29 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 345 c.bing.com — Cisco Umbrella Rank: 231	16 KB
4	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4069	29 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 310	63 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 6903	4 KB
3	contanuity.com intentstream.contanuity.com — Cisco Umbrella Rank: 96663 tracking.contanuity.com — Cisco Umbrella Rank: 24926	1 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3095 www.google.com — Cisco Umbrella Rank: 2	364 B
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 482	3 KB
3	driftt.com js.driftt.com — Cisco Umbrella Rank: 5864	62 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	280 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 26104 ibc-flow.techtarget.com — Cisco Umbrella Rank: 23444	2 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 10730 scout.salesloft.com — Cisco Umbrella Rank: 13708	4 KB
3	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 4015	11 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9185	709 B
2	reddit.com pixel-config.reddit.com alb.reddit.com — Cisco Umbrella Rank: 1376	761 B
2	google.de www.google.de — Cisco Umbrella Rank: 7810	126 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 89	407 B
2	demandscience.com abm-tracking.demandscience.com — Cisco Umbrella Rank: 89236	3 KB
2	heapanalytics.com cdn.heapanalytics.com — Cisco Umbrella Rank: 1984 heapanalytics.com — Cisco Umbrella Rank: 1452	38 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1160	13 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1370 insight.adsrvr.org — Cisco Umbrella Rank: 691	5 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 742 script.hotjar.com — Cisco Umbrella Rank: 988	61 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3868	6 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 803	17 KB
1	mktoresp.com 438-kyk-786.mktoresp.com	318 B
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 17338	280 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 15638	283 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 776	30 KB
0	keywee.co Failed kdl.keywee.co Failed
138	35

	Domain	Requested by
21	b.6sc.co	www.reliaquest.com
21	www.reliaquest.com	www.reliaquest.com
6	cdnjs.cloudflare.com	www.reliaquest.com cdnjs.cloudflare.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	static.addtoany.com	www.reliaquest.com static.addtoany.com
4	cdn.jsdelivr.net	www.reliaquest.com abm-tracking.demandscience.com
3	js.zi-scripts.com	www.reliaquest.com js.zi-scripts.com
3	o.clarity.ms	www.clarity.ms
3	secure.adnxs.com	2 redirects j.6sc.co
3	js.driftt.com	www.reliaquest.com js.driftt.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.reliaquest.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.reliaquest.com
3	c.6sc.co	j.6sc.co
3	www.googletagmanager.com	www.reliaquest.com www.googletagmanager.com abm-tracking.demandscience.com
3	j.6sc.co	www.reliaquest.com www.googletagmanager.com j.6sc.co
3	nexus.ensighten.com	www.reliaquest.com nexus.ensighten.com
2	c.clarity.ms	1 redirects
2	intentstream.contanuity.com	abm-tracking.demandscience.com
2	epsilon.6sense.com	j.6sc.co
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	www.google.de	www.reliaquest.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	abm-tracking.demandscience.com	www.reliaquest.com abm-tracking.demandscience.com
2	www.redditstatic.com	www.reliaquest.com www.redditstatic.com
2	ipv6.6sc.co	j.6sc.co
2	ibc-flow.techtarget.com	trk.techtarget.com
2	scout.salesloft.com	scout-cdn.salesloft.com
2	munchkin.marketo.net	www.reliaquest.com munchkin.marketo.net
2	snap.licdn.com	www.reliaquest.com www.googletagmanager.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	insight.adsrvr.org	js.adsrvr.org
1	c.bing.com	1 redirects
1	tracking.contanuity.com	abm-tracking.demandscience.com www.reliaquest.com
1	438-kyk-786.mktoresp.com	munchkin.marketo.net
1	www.google.com	www.reliaquest.com
1	heapanalytics.com	www.reliaquest.com
1	alb.reddit.com	www.reliaquest.com
1	pixel-config.reddit.com	www.redditstatic.com
1	script.hotjar.com	static.hotjar.com
1	attr.ml-api.io	www.reliaquest.com
1	s.ml-attr.com	1 redirects
1	cdn.heapanalytics.com	www.reliaquest.com
1	js.adsrvr.org	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.reliaquest.com
1	www.linkedin.com	1 redirects
1	trk.techtarget.com	www.reliaquest.com
1	scout-cdn.salesloft.com	www.reliaquest.com
1	code.jquery.com	www.reliaquest.com
0	kdl.keywee.co Failed	www.reliaquest.com
138	52

This site contains links to these domains. Also see Links.

Domain
event.on24.com
github.com
www.trendmicro.com
www.linkedin.com
twitter.com
www.youtube.com
www.instagram.com
www.facebook.com
www.addtoany.com

Subject Issuer	Validity	Valid
*.reliaquest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-16` - `2024-06-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
static.addtoany.com E1	`2024-04-23` - `2024-07-22`	3 months	crt.sh
nexus.ensighten.com Amazon RSA 2048 M02	`2023-09-29` - `2024-10-27`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
6sc.co R3	`2024-04-09` - `2024-07-08`	3 months	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-20` - `2025-04-19`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
trk.techtarget.com GTS CA 1P5	`2024-05-24` - `2024-08-22`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2024-05-06` - `2024-08-04`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-05-01` - `2024-06-27`	2 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
cdn.heapanalytics.com Amazon RSA 2048 M02	`2024-05-29` - `2025-06-26`	a year	crt.sh
abm-tracking.demandscience.com R3	`2024-04-15` - `2024-07-14`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google.de WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-15` - `2024-07-13`	6 months	crt.sh
heapanalytics.com Amazon RSA 2048 M02	`2023-11-09` - `2024-12-08`	a year	crt.sh
*.google.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
intentstream.contanuity.com R3	`2024-04-17` - `2024-07-16`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
tracking.contanuity.com R3	`2024-05-14` - `2024-08-12`	3 months	crt.sh
zi-scripts.com GTS CA 1P5	`2024-05-27` - `2024-08-25`	3 months	crt.sh
zoominfo.com E1	`2024-05-20` - `2024-08-18`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Frame ID: 81FDC90CEE64C4A696C90652BFE6F35E
Requests: 129 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: 8F08BCC5C25A504C0572BC61C7E2ED67
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=6d1ec3c0-731e-4cb9-b8c9-38637474c4e8&sessionStarted=1717001054.336&campaignRefreshToken=3c47f4c1-74bb-4903-bba5-ea70eeed6724&hideController=false&pageLoadStartTime=1717001050657&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F
Frame ID: 6CC8442C140DEB2C537BB00297B63519
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1717001050657
Frame ID: 505115AD1A9A0C99E4C185D0564D468F
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=e1vlmxc&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&upid=nzz4w81&upv=1.1.0
Frame ID: 1EE9B6BC6EDECB4995EFD913976E7783
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BlackSuit Attack Analysis - ReliaQuest

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Heap (Analytics) Expand

Overall confidence: 100%
Detected patterns

heap-\d+\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

138
Requests

95 %
HTTPS

31 %
IPv6

35
Domains

52
Subdomains

52
IPs

6
Countries

1544 kB
Transfer

3938 kB
Size

53
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://event.on24.com/wcc/r/4526721/7553962EEE5D870B2F7359886B3809EF?partnerref=alertbar
Title: Register Now

Search URL Search Domain Scan URL

URL: https://github.com/S3cur3Th1sSh1t/PowerSharpPack
Title: PowerSharpPack

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-royal
Title: external reporting

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/reliaquest/

Search URL Search Domain Scan URL

URL: https://twitter.com/ReliaQuest

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCdPuTyaN5bU3_GmCNFgzl3Q

Search URL Search Domain Scan URL

URL: https://www.instagram.com/reliaquest/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ReliaQuest/

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3664348%26time%3D1717001051396%26url%3Dhttps%253A%252F%252Fwww.reliaquest.com%252Fblog%252Fblacksuit-attack-analysis%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQLob6Pb9xmMkgAAAY_FPOBe-nJI9jEle0vIB5qAhwCTxsQAye3vqi-kCM-9rKsm_iONbZg

Request Chain 63

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.reliaquest.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.reliaquest.com&pId=4854088203679752455

Request Chain 117

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=1de869a3d7012cd0958bc9d05756eb9e_1717001052687 HTTP 303
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=1de869a3d7012cd0958bc9d05756eb9e_1717001052687&_bee_ppp=1 HTTP 303
https://tracking.contanuity.com/usersync?bwcookie=AAFPV07MrrcAABTYNIbiMQ

Request Chain 121

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=52A53D74B1FA49B083568B5C31B856CA&RedC=c.clarity.ms&MXFR=204F21657C7C64A0203435EB787C6A80 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=52A53D74B1FA49B083568B5C31B856CA&MUID=1075F63DFB5C67971B9CE2B3FAD766A7

138 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.reliaquest.com/blog/blacksuit-attack-analysis/ 142 KB
32 KB 489ms
207ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

58836f0cbbffe109f1cd067235305e860f78f78a7ef8fd62ea52211130d33fd6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 88b7f2952cf358de-TXL
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 29 May 2024 16:44:10 GMT
last-modified: Wed, 29 May 2024 09:03:50 GMT
link: <https://www.reliaquest.com/wp-json/>; rel="https://api.w.org/" <https://www.reliaquest.com/wp-json/wp/v2/posts/88930>; rel="alternate"; type="application/json" <https://www.reliaquest.com/?p=88930>; rel=shortlink
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains;
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 6
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-xss-protection: 1; mode=block

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/ 100 KB
19 KB 163ms
97ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://www.reliaquest.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2322173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18778
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64cac444-495a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JMD%2FVAAfj0ttvZlvc0Gxxscw8hl3XEhjpFCkA%2BBr2ktfhQLLNAu%2FNnVUh7bpr9zmFeXahci2TAoRZgZK8TUZ8XHrGOp3OyFGE3szS6ePr2SAYzFktfg5wGImWHPQw96lkPhLbGC4"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f2970f2f5d6f-FRA
expires: Mon, 19 May 2025 16:44:10 GMT

GET
H2 200 select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ 16 KB
3 KB 222ms
95ms Stylesheet
text/css 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2176432
x-jsd-version: 4.1.0-rc.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2162
x-served-by: cache-fra-etou8220046-FRA, cache-lga21924-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FGu5h4tUaq7dMm1D7mN0wlRkD9SXajOwsxL58UNo7pMo2QZY6B0sgEbyXB5dyRK2dpu9HxbmtwJtcfgfB03cZlFzImVabz4Jaovx8I5KIbrJutTTx41CNn7GZkYudpliecPK90O3wJ7KosqOlVU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f2976c032bc6-FRA

GET
H2 200 jquery.min.js Show response
www.reliaquest.com/wp-includes/js/jquery/ 86 KB
31 KB 120ms
100ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reliaquest.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: cloudflare
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f296b89d58de-TXL

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/ 98 KB
17 KB 118ms
58ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://www.reliaquest.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 426590
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 17041
last-modified: Tue, 22 Mar 2022 17:32:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "623a082a-4291"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZ1Kdln2F%2BnDfQCRZ27hSrHhwKGo%2BKhHJWMMGbfcN52gdPY78nCEk0lOwgwzVGJ%2FHIi%2F0r0CKPsjhZp8aZ7qh2U82sCK7bv4a41RmFl2xxAoTm5ElhXK136o3K%2FmCyd5s2U99uvC"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f296ff285d6f-FRA
expires: Mon, 19 May 2025 16:44:10 GMT

GET
H3 200 logo.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/ 6 KB
3 KB 105ms
99ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/logo.svg

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2298d58f76f75135d021b0f1aa558defa9e66a1cc384b3eedde0f0904fa72def

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 03 Feb 2023 19:11:50 GMT
server: cloudflare
etag: W/"63dd5c76-1768"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b3d2681-TXL

GET
H3 200 logo-dark.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/ 6 KB
3 KB 84ms
79ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/logo-dark.svg

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc46e11ef889c4607d9befe335305d246d312cb0cda290d3beb75a722d417979

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Apr 2023 16:56:25 GMT
server: cloudflare
etag: W/"644bfab9-177e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b3f2681-TXL

GET
H2 200 nav-collapse-decor.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/ 2 KB
730 B 94ms
77ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/nav-collapse-decor.svg

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

90cd085fb1b820cab7d04a52702a189d2a3cf9ffbcf1ef3b354283d65d7fa24a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 03 Feb 2023 19:11:50 GMT
server: cloudflare
etag: W/"63dd5c76-760"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f296b8a258de-TXL

GET
H2 200 lazy_placeholder.gif
www.reliaquest.com/wp-content/plugins/a3-lazy-load/assets/images/ 42 B
223 B 87ms
71ms Image
image/gif 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 42
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Fri, 01 Sep 2023 19:24:58 GMT
server: cloudflare
etag: "64f23a8a-2a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 88b7f296b89f58de-TXL

GET
H3 200 decor-cta.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/ 2 KB
959 B 83ms
76ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/decor-cta.svg

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

572f5c7956c6df267d7a9725e35602fb2b414dd5c48e53512468e627f0ef3a3c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 15 Feb 2023 18:20:41 GMT
server: cloudflare
etag: W/"63ed2279-9f8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b402681-TXL

GET
H3 200 facebook.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/ 1 KB
795 B 97ms
91ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/facebook.svg

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

61ea329c09b4cc22cd4391b26ca2b66257eb824e590d4de2a760ccbfccf70bf7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 25 Jul 2023 20:42:44 GMT
server: cloudflare
etag: W/"64c033c4-407"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b442681-TXL

GET
H3 200 twitter.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/ 1 KB
881 B 105ms
99ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/twitter.svg

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

84d1a6377c22f7683a00d101a2a1ff90cf1eaf607128ce45a835a188e1dd10ae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 20 Sep 2023 19:58:43 GMT
server: cloudflare
etag: W/"650b4ef3-50e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b472681-TXL

GET
H3 200 linkedin.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/ 1 KB
865 B 109ms
103ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/linkedin.svg

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f524309c83549cab1b81b931d905888234eecf709e4aa0ade136daa5edbb5246

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 25 Jul 2023 20:42:44 GMT
server: cloudflare
etag: W/"64c033c4-4e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b4a2681-TXL

GET
H3 200 link.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/ 2 KB
1 KB 83ms
77ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/link.svg

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c81c322867056949b4836c5860843392b7da5dcb563ec2e99f8a5c05f7e74106

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 25 Jul 2023 20:42:44 GMT
server: cloudflare
etag: W/"64c033c4-913"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b4b2681-TXL

GET
H3 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ 69 KB
25 KB 111ms
51ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/gsap.min.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 425699
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25150
last-modified: Tue, 04 Oct 2022 19:36:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "633c8b2b-623e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Qngbiq7rFc5EfeiSADDPFE9VL5uNzlkmBJqEGfkG%2B2g3C5%2BYtluJSWeQnGnwzkO6uZ3xitZskkAYJwQCuWbqPSx%2FaNL8gMGfNlEyON52iGyNSW1E9EBs3N5L4ymmQQ5EN9l6Xwt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f2970b18381f-FRA
expires: Mon, 19 May 2025 16:44:10 GMT

GET
H3 200 ScrollTrigger.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ 39 KB
15 KB 60ms
60ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ScrollTrigger.min.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be08df326777a8b33cbcd047765e7dc6b8ddf620dcf64a85402ffc8fa006caab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2324212
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14847
last-modified: Tue, 04 Oct 2022 19:36:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "633c8b2b-39ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xmWxrtKQtoTm6cO5U%2BWyl8uhE8cmKnoGfu0UaRuQGPFnKhYSrRteocImlr%2FkQLGG9CLiSgBDOkmd6fmXpVRmQy9F%2BWUfiSCFrovtbM0aGSRuOtS0hudA3flrmoCqkc8ktvmrynWa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f2973b5b381f-FRA
expires: Mon, 19 May 2025 16:44:10 GMT

GET
H2 200 select2.min.js Show response
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ 71 KB
21 KB 71ms
61ms Script
application/javascript 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2173224
x-jsd-version: 4.1.0-rc.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 21153
x-served-by: cache-fra-etou8220129-FRA, cache-lga21969-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"11dcb-beEOdKmS/KFegD2RDRMPgmYxy4Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xoFJ3YAwRDzvXEwBK9FVp%2FtMtfr72gb4gAtaRF%2FElZEjJeI3eIEWx5NNNN9oVEFSTt76blllTwmIRUtgpaicwe6RpmHf5bHypWBEKEfuBYSc9kNvIGQweFy7zpJkFdafEvBHXVOPVAl7M6EuwZc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f2982cf52bc6-FRA

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 160ms
55ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"e346c2841e4abbb66ee259e9540abb61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pSWuwGEKYp3%2FHrXsJvtDWSMOwSr%2BCVL%2B9Z%2F45gMajqHvRRQZ558MLdalVyC%2F2CY7f0ogoiQrJFoyNs9g8Gxk3AtXGW9nbQwoV6%2BNhjWTQnTaRHZJ9DSfqhOseS6bAXgcc0b9CUCP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 88b7f298cb249150-FRA

GET
H3 200 addtoany.min.js Show response
www.reliaquest.com/wp-content/plugins/add-to-any/ 129 B
336 B 107ms
102ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reliaquest.com/wp-content/plugins/add-to-any/addtoany.min.js?m=1713260663

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 16 Apr 2024 09:44:23 GMT
server: cloudflare
etag: W/"661e4877-81"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b4c2681-TXL

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/choozle/15024/ 28 KB
9 KB 223ms
41ms Script
application/javascript 2600:9000:2491:3200:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/15024/Bootstrap.js
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:3200:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 9b9971d96411c9db199cb76e0e3ba2973a1992524321435dacd754e96ac9dace

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 17 Dec 2023 00:28:01 GMT
x-amz-version-id: IJXqJsiAmnn3dYEBr3SaqCBrdkDwMMaF
content-encoding: br
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 14228171
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 28 Oct 2023 15:00:20 GMT
server: CloudFront
etag: W/"acf96a761753df6a9a8c06f5b3165a06"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: IujPmT6lfYLluoTnmNUmK95W4atYy_t0BEku33B-kFbfUE8SDOh-rw==

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 201ms
48ms Script
application/javascript 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Origin: https://www.reliaquest.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2857231
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-mxp6929-MXP
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1717001051.015466,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 5, 937569

GET
H3 200 /
www.reliaquest.com/_jb_static/ 230 KB
43 KB 234ms
227ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reliaquest.com/_jb_static/??-eJylj8uOwjAMRf9mVhi3Fa8uEN9ikkA7ahIrdlv4e0ILK2A0Eis/z/U1jgwmBnVBkbv+3AZBGc4gPXNMikamWoBUyTQ+7y1zb4FvuDEmy8mJAEfuO0o5igqSiMvhLjUyv+DaOO8EtaqKutitik1d1WhbmY97asP/ENFr5z6aE0fJNHnQtYMD+qULzK2nvQkXPKUJtA8ATjF5+Vr1b29kLWgECtd7qjEnSz+/ffD7cluuq/VqV29+zHFf3gC+Yp79

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

f9f9bf9ce4517c2e44a824e9dda21d15cea50ee2f0bf480f4f69bf924ff00efe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
x-cache-group: normal
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
x-cacheable: YES:31536000.000
strict-transport-security: max-age=63072000; includeSubDomains;
content-encoding: br
x-powered-by: WP Engine
x-cache: HIT: 705
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 09 May 2024 11:41:36 GMT
server: cloudflare
x-page-optimize: cached
etag: W/"3741b8a36195e0aa161a35108bf84284"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
cf-ray: 88b7f2982b512681-TXL

GET
H3 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/ 79 KB
23 KB 204ms
107ms Script
application/javascript 104.18.186.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.186.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Origin: https://www.reliaquest.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 482678
x-jsd-version: 5.2.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 23315
x-served-by: cache-fra-eddf8230122-FRA, cache-lga21978-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"13a70-XI9suYM5fetlZzuWGoZXz9YROtk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WgFRGcKItgf8W%2FYJbtplCQEL19vRKaAoiN7eGCw0uPlQjNs%2Bg8E35FzLfHEfHphILheV2eZ1BrgHbz6dh2rEeIqAyc8B7RtJFYgveXNAmIU5wAlq0bfnRRN%2B%2BGM8DHcCdWY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f298ba34bf3d-WAW

GET
H3 200 / Show response
www.reliaquest.com/_jb_static/ 49 KB
18 KB 236ms
231ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reliaquest.com/_jb_static/??-eJx1jMEOgyAQRP+mp+ICkloPpt+y0o1CEYm71X5+Tbj00tvkzcyDoyi/ZqEsIDMtxCDW6l7fnb71tq+wiXyFn2VJ7ylkhoITqRTyi5Ws8AwskOlQguO/BxNufj6LFHZSGPGjKgJkJmGIuCP7LRSpvpqbJeRT+VgG0xnXtaZ1+uLHwXwBvFdD7A==

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

a2a4c14ee1b8f583f11100c088f9d302a97ac02603409992146cd28000c3020b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
x-cache-group: normal
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
x-cacheable: YES:31536000.000
strict-transport-security: max-age=63072000; includeSubDomains;
content-encoding: br
x-powered-by: WP Engine
x-cache: HIT: 724
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 03 May 2024 10:15:40 GMT
server: cloudflare
x-page-optimize: cached
etag: W/"049c5b5b9bd5eb61ca80bc52ae9054df"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
cf-ray: 88b7f2981b3a2681-TXL

GET
H3 200 body-da00d8671e31253499cc18fa0a622103d0754b1c.js Show response
www.reliaquest.com/wp-content/cache/asset-cleanup/js/ 212 KB
63 KB 103ms
96ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/body-da00d8671e31253499cc18fa0a622103d0754b1c.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

435431fd6746f356f026904bb7f2203996bf27dbdf2d8fb45339c312c90a21f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 15 May 2024 19:11:30 GMT
server: cloudflare
etag: W/"664508e2-351fa"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88b7f2981b4e2681-TXL

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 239ms
44ms Script
application/javascript 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 May 2024 06:01:25 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "663c66b5-106b3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18038
expires: Wed, 29 May 2024 16:44:11 GMT

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 186ms
58ms Script
application/javascript 2606:4700::6810:4769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: EZPGEPEQRJ835T56
age: 2590
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vj/H9CfyiKNwtvLJrelCw6CtXo93qB0KDTwbomYs8Kf/kZA94jYHXVgMqek/RNtsa+9eO7BrPxA=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 88b7f29a4b441d9a-FRA
expires: Wed, 29 May 2024 20:44:11 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 167ms
40ms Script
application/javascript 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=45826
accept-ranges: bytes
content-length: 16683

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 585ms
181ms Script
application/x-javascript 23.58.24.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.58.24.102 Chennai, India, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-58-24-102.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 16:44:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/choozle/15024/ 286 B
617 B 88ms
75ms Script
text/javascript 2600:9000:2491:3200:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/15024/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/15024/code/&publishedOn=Sat%20Oct%2028%2015:00:11%20GMT%202023&ClientID=923&PageID=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/15024/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:3200:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 53360205906c05aa5eb2d470b93c4ec221832b5207a222277c052eb1076dd903

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
alt-svc: h3=":443"; ma=86400
content-length: 286
x-amz-cf-id: v-90hOR-uiOMojg8qd3bZnq2pewR9wqx4lBEUaV0l0v9-n_Kijrbxg==
expires: Wed, 29 May 2024 16:44:10 GMT

GET
H3 200 sm.25.html
static.addtoany.com/menu/ Frame 8F08 0
0 119ms
71ms Document
text/html 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.reliaquest.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
age: 22001
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 88b7f29a0c0f4db0-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 29 May 2024 16:44:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zCNMjjTjli1WgYxEyhtrixoL4df0cpXfj3ujNAiBX18FGqbN%2Ffx4XQrqpsosm%2B0q%2BvoWfP%2BOLFo%2F4kFbPkLGxi62FAJxQeQ0R%2BjHEMF%2BmlRy1JMue9V76yMqPL17m2rBSb5HtO3e"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.BRQnzO8v.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 128ms
76ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Origin: https://www.reliaquest.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6791
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"25da5432b1057724b8210f17e9b9db05"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1qSHLJG%2BRsIQA9wJK0BZK0Crg16o3TLIo67l4ETg5tWKguxX8aprk4lRetpIa3%2B4xvZ0o5yvO81wosJBcnoTopDirI6lDca3RbwZ4vvuYzTzmCphsNVdRBmbEfvQ%2F6DR2zaxlKEFoE7bHpEyUg%2BaPVW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 88b7f29a08374d68-FRA

GET _blog_blacksuit-attack-analysis_.js
kdl.keywee.co/www.reliaquest.com/ 0
0

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 219ms
80ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 3260
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 88b7f29abe4c9733-FRA
expires: Wed, 29 May 2024 17:04:11 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 327 KB
109 KB 220ms
81ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

18b0cd68a1c2b982382ce5d3e27bcdfe894ff39bb1c9ee70cca934217eb3ce87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111405
x-xss-protection: 0
last-modified: Wed, 29 May 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 May 2024 16:44:11 GMT

GET
H3 200 icomoon.ttf
www.reliaquest.com/wp-content/themes/t220908406929/dist/fonts/ 4 KB
5 KB 81ms
81ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reliaquest.com/wp-content/themes/t220908406929/dist/fonts/icomoon.ttf?5zkpkv

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/_jb_static/??-eJylj8uOwjAMRf9mVhi3Fa8uEN9ikkA7ahIrdlv4e0ILK2A0Eis/z/U1jgwmBnVBkbv+3AZBGc4gPXNMikamWoBUyTQ+7y1zb4FvuDEmy8mJAEfuO0o5igqSiMvhLjUyv+DaOO8EtaqKutitik1d1WhbmY97asP/ENFr5z6aE0fJNHnQtYMD+qULzK2nvQkXPKUJtA8ATjF5+Vr1b29kLWgECtd7qjEnSz+/ffD7cluuq/VqV29+zHFf3gC+Yp79

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaae1d4db82158aa4b92c4286ed1977ad9c3eb18db96573c6404f681fc93a78d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/_jb_static/??-eJylj8uOwjAMRf9mVhi3Fa8uEN9ikkA7ahIrdlv4e0ILK2A0Eis/z/U1jgwmBnVBkbv+3AZBGc4gPXNMikamWoBUyTQ+7y1zb4FvuDEmy8mJAEfuO0o5igqSiMvhLjUyv+DaOO8EtaqKutitik1d1WhbmY97asP/ENFr5z6aE0fJNHnQtYMD+qULzK2nvQkXPKUJtA8ATjF5+Vr1b29kLWgECtd7qjEnSz+/ffD7cluuq/VqV29+zHFf3gC+Yp79
Origin: https://www.reliaquest.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-length: 4592
x-xss-protection: 1; mode=block
last-modified: Wed, 15 Feb 2023 18:20:41 GMT
server: cloudflare
etag: "63ed2279-11f0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 88b7f29b28212681-TXL

GET
DATA 200
OK truncated
/ 713 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3760892dc66f80b7b377185200f21d8f710fbeac41253683455f6a7206254f99

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/ 103 KB
104 KB 69ms
69ms Font
application/octet-stream 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

404c746c8f7e3f9b7611a8f23d908c1a32a5c972236b9d89bb68b05d9bf4b905

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
Origin: https://www.reliaquest.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 420118
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 105536
last-modified: Tue, 22 Mar 2022 17:32:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "623a082a-19c40"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iu56ghnYuAalXW1YTh%2FVvXqKTHCZ0KYCL8HK%2BYjPCYmCgpknvAVz%2BNAkOsQj0IcO%2Bkv7%2FdEFcBLce6UtKI47366EAMKux0iDJbTzIhDcNjhanUIkbxKhvw745mTKoZCM31v3o0Al"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f29b4c2c5d6f-FRA
expires: Mon, 19 May 2025 16:44:11 GMT

GET
H3 200 052824-Blacksuit-blog-header-512x354@2x.png
www.reliaquest.com/wp-content/uploads/2024/05/ 184 KB
184 KB 98ms
98ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/uploads/2024/05/052824-Blacksuit-blog-header-512x354@2x.png

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

747d119fd2c76cfdd5459f147a1e5c1c01b21808cb8f0639626db4b34dc0d02e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
cf-polished: origSize=435298, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 187999
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Tue, 28 May 2024 11:31:02 GMT
server: cloudflare
etag: "6655c076-6a462"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 88b7f29b1fd42681-TXL

GET
H3 200 avatar_user_49_1680192593-80x80.png
www.reliaquest.com/wp-content/uploads/2023/03/ 8 KB
8 KB 218ms
216ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/uploads/2023/03/avatar_user_49_1680192593-80x80.png

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cf6822be42df21c4a253dbaf5814735acf5690ea42578de3009d443f475b527

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: EXPIRED
alt-svc: h3=":443"; ma=86400
content-length: 7852
x-xss-protection: 1; mode=block
last-modified: Fri, 31 Mar 2023 19:48:33 GMT
server: cloudflare
etag: "64273911-1eac"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 88b7f29b1fdb2681-TXL

GET
H3 200 052824-Blacksuit-blog-header-512x354@2x-512x354.png
www.reliaquest.com/wp-content/uploads/2024/05/ 102 KB
102 KB 246ms
245ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/uploads/2024/05/052824-Blacksuit-blog-header-512x354@2x-512x354.png

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ef2b5a94dc1c773f64aa7ce1185515c81542ca881f84eb929fe21daaecba32b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: EXPIRED
alt-svc: h3=":443"; ma=86400
content-length: 104133
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:31:01 GMT
server: cloudflare
etag: "6655c075-196c5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 88b7f29b1fe32681-TXL

GET
H3 200 avatar_user_49_1680192593-60x60.png
www.reliaquest.com/wp-content/uploads/2023/03/ 5 KB
5 KB 244ms
244ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reliaquest.com/wp-content/uploads/2023/03/avatar_user_49_1680192593-60x60.png

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea02b94e06bb17ed0ec54d4cd5731eb009178215258f8471198b591b583d60b8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: EXPIRED
alt-svc: h3=":443"; ma=86400
content-length: 4836
x-xss-protection: 1; mode=block
last-modified: Fri, 31 Mar 2023 19:48:33 GMT
server: cloudflare
etag: "64273911-12e4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 88b7f29b1fe62681-TXL

GET
H3 200 d3d14424fac71699bdbff068d9b1184b.js Show response
nexus.ensighten.com/choozle/15024/code/ 2 KB
802 B 40ms
40ms Script
application/javascript 108.138.26.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/15024/code/d3d14424fac71699bdbff068d9b1184b.js?conditionId0=421905
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/15024/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 108.138.26.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-26-95.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 17 Dec 2023 00:28:03 GMT
x-amz-version-id: xy0TboscelqpDiztVyy6vWffI6grZ0by
content-encoding: br
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
age: 14228169
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 28 Oct 2023 15:00:24 GMT
server: CloudFront
etag: W/"e8e93310d35a9462151b8fdab5b436ce"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: xrSDARwWlBSZnWBC-RAsUEZ_7tv46elV5N4mAtKkpD_-seVbzeF5sw==

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
812 B 335ms
220ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: *
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: gzip
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 681A7F97274E4CDBB40004E1ADA5A655 Ref B: DUS30EDGE0709 Ref C: 2024-05-29T16:44:11Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lor1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYZmnXCwNh0jBCRzJuMRA==
x-fs-uuid: 0006199a75c2c0d8748c1091cc9b8c44

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3664348%26time%3D1717001051396%26url%3Dhttps%253A%252F%252Fwww.reliaquest.com%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQLob6P...

0
265 B

342ms
218ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQLob6Pb9xmMkgAAAY_FPOBe-nJI9jEle0vIB5qAhwCTxsQAye3vqi-kCM-9rKsm_iONbZg
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.reliaquest.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 191361D76E684DC597CB2673DE000E84 Ref B: FRAEDGE2012 Ref C: 2024-05-29T16:44:12Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYZmnXRiBO44vyVjoNjnw==

Redirect headers

date: Wed, 29 May 2024 16:44:11 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B705B76A2E5F49529CE83C01B4862C38 Ref B: FRAEDGE2012 Ref C: 2024-05-29T16:44:12Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717001051396&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQLob6Pb9xmMkgAAAY_FPOBe-nJI9jEle0vIB5qAhwCTxsQAye3vqi-kCM-9rKsm_iONbZg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYZmnXMVOGTmySgQ2a+QQ==

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
359 B 388ms
118ms XHR
application/json 54.209.130.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDExMzd9.jbjhYTjr5EtKJiZNcg3fApVy8OrVLI90V1gxGsVoF9E

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.209.130.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-209-130-235.compute-1.amazonaws.com

Software

Resource Hash

aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.reliaquest.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: fdf3fe8e8617f76cd8a86938e46ca79c

GET
H3 200 de.js Show response
static.addtoany.com/menu/locale/ 750 B
1021 B 55ms
54ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/locale/de.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17247
cf-polished: origSize=902
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"86610d84a116a5704d658324728b063f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Dk50oChM5XKQ6LIJlOkmIg9HD9gV032LmVAdZeibN02rsd1SOcuvLeE%2BGgt%2FVUs%2FosJTQE0znBwKk9xeiwGB%2BmcXw40sxyFiBnWC6je2ANaWYfg18ykGlIQ1A%2BUPPnaUew1rPLCqsxL%2FzYPnNA6LJjL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 88b7f29b7e909150-FRA

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 242ms
140ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=3089143&r=1717001051455&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 May 2024 16:44:11 GMT
expires: Wed, 29 May 2024 16:44:11 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ABPtcPqBtAaTsEJ-9A0z5EuTdtTFidXAMe1WwMLHehcIXUdlppj0aFDCYfF4NihQbkU4iBNYGOU

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 56ms
46ms XHR
text/html 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-97-58.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.reliaquest.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
310 B 199ms
46ms XHR
text/html 2a02:26f0:2100::58dd:c512
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:2100::58dd:c512 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: c829514739663b0fbaa1e5b4da63fecddb091258f1f8cb852c5e54e1b3fce9af

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.reliaquest.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::5
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1717001051531_1490928910_102841068_24_882_45_98_219";dur=1
content-length: 19
expires: Wed, 29 May 2024 16:44:11 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 143ms
133ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A11%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:11 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 143ms
134ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2029%20May%202024%2016%3A44%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22cdfe02635f87832f7fb37442e2a57166%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2029%20May%202024%2016%3A44%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2029%20May%202024%2016%3A44%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:11 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
449 B 154ms
152ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=3089143&r=1717001051455&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 3089143
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPpDVab613dKPOMfb20Z2-so2iCCYq_nAFHvUpVZgqNtALav6IxEJ942_1JPD06G8qIPQss
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Wed, 29 May 2024 17:44:11 GMT

GET
H2 200 9d89db09-be43-47ea-ad23-917183e7e184.js Show response
j.6sc.co/j/ 4 KB
4 KB 482ms
482ms Script
application/javascript 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/9d89db09-be43-47ea-ad23-917183e7e184.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-97-58.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 945063ebf0d8666b48130934c6bfc0653210ae7d836fd985d3966efba08aa1a2

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: sxJBNdZM0KwPO0ekiHjaqh_8uY4ftINC
date: Wed, 29 May 2024 16:44:11 GMT
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 4059
pragma: no-cache
last-modified: Thu, 22 Jun 2023 20:33:18 GMT
server: AmazonS3
etag: "b42798d5bff7ef62660f4db5bb3c6429"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: JkWfQ52pWAzL43cGzNl1trLxQ5VhWUkp10cr-of9kVQrJbc4yj1-EA==
expires: Wed, 29 May 2024 16:44:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 341 KB
108 KB 83ms
81ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6a8100ba153f6bee7f2aaf85da5b6e6b359a4269483d80f49e7fce5b7182654c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 110612
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 29 May 2024 16:44:11 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 160ms
43ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 29 May 2024 16:29:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 903
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 29 May 2024 18:29:08 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 214ms
67ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 29 May 2024 16:44:10 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0FB5779228AC402A8F06DAD1290A6898 Ref B: FRA31EDGE0520 Ref C: 2024-05-29T16:44:11Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
0 1ms
1ms Script
application/javascript 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=45826
accept-ranges: bytes
content-length: 16683

GET
H2 200 hotjar-2441060.js Show response
static.hotjar.com/c/ 15 KB
5 KB 186ms
74ms Script
application/javascript 18.66.102.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2441060.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.51 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-51.fra56.r.cloudfront.net

Software

Resource Hash

8acabd96307d4f928ebba68aa5faef2bb2a7d80896809c4a46aac2d311830adb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 29 May 2024 16:44:11 GMT
via: 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/8ffdf0b32f222d7ef3dc39f36d1151f8
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 0sFO35DVue5_vze7pQRfbHtjElMrZwaKDalAoruu953zJTLD4MWNhA==

GET
H2 200 uvut6nv3vzk9.js Show response
js.driftt.com/include/1717001100000/ 221 KB
62 KB 375ms
266ms Script
application/javascript 18.245.86.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1717001100000/uvut6nv3vzk9.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.14 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-14.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ee507a80e7d618662cd5b3ed0d235a0ba26075f36a6d67ebc1c3dc987d74bb76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
x-amz-version-id: lr3Xca70tapJgjnuv2UFhFNfuSkdRVZl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Tue, 28 May 2024 13:43:18 GMT
server: istio-envoy
etag: W/"65bba957d488e1f8c16ac25653c94ff2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7RfwX5YFn25jQVAYnfBo96HvhINLjCk9slEuMosr8CiUngi2uEG2ow==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 12 KB
5 KB 147ms
40ms Script
application/x-javascript 18.172.103.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-103-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 424ce4e99e7476fca8e9d27d6c15b60466ab7cf1c7d7c896e1c63f7cd6a818c8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 04:46:20 GMT
Content-Encoding: gzip
Via: 1.1 37dd0feed3e180cbd05080c74e7a5a42.cloudfront.net (CloudFront)
Last-Modified: Tue, 28 May 2024 04:42:45 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
Age: 43072
x-amz-server-side-encryption: AES256
ETag: W/"a60a4e2650f94da6f243b9518761b381"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: DfYLfm4Ped7tpdzLx_0xCW0moosHj7zlIfeHW07v-Y5ZUxKp_OTqAQ==

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 169ms
48ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 5eee7eef8c43d97d6c92ce9000b3f2424647e58f985c2df5711690c8b95f1495

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 22 May 2024 17:01:28 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "16b7761205515ddc0668c12c434e8f00"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 12104

GET
H2 200 heap-2502874633.js Show response
cdn.heapanalytics.com/js/ 116 KB
37 KB 244ms
147ms Script
application/javascript 13.32.27.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.heapanalytics.com/js/heap-2502874633.js

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.86 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-86.fra56.r.cloudfront.net

Software

nginx / Express

Resource Hash

36a3e5bf1e7bfe416f6731a74ab950cf38936425b39854621dc69dc7512fadaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:43:14 GMT
content-encoding: br
via: 1.1 84f381696dd33e92960b92250106e464.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
x-amz-cf-pop: FRA56-C2
age: 57
x-powered-by: Express
etag: W/"1d12a-MLxxDZq4YQH+P6CXtm3FvCi9/d4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=120
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: PF6y2NyN8B07FAMyTcjTTeMG5bAm9XEaQNIFRFYfARTWR1LEWWEa1A==

GET
H/1.1 200
OK tag.js Show response
abm-tracking.demandscience.com/ 2 KB
2 KB 647ms
209ms Script
application/javascript 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/tag.js
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 16:44:12 GMT
Last-Modified: Thu, 09 May 2024 12:00:49 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"82b-18f5d3a3d78"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2091

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.reliaquest.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.reliaquest.com&pId=4854088203679752455

4 B
280 B

606ms
399ms

Image
application/json

2600:9000:206f:4800:5:7a81:86c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.reliaquest.com&pId=4854088203679752455
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: H2
Server: 2600:9000:206f:4800:5:7a81:86c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.reliaquest.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Wed, 29 May 2024 16:44:12 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
content-type: application/json
alt-svc: h3=":443"; ma=86400
content-length: 4
apigw-requestid: Yis2hggHoAMESRw=
x-amz-cf-id: 5I73BOCiY6nNrXujM7OjLtzc41Xa7fGPcpD4o8NdHh_92Rux68_T7Q==

Redirect headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
an-x-request-uuid: c1c4547c-ad03-4b1f-a82d-dc833a3945df
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=www.reliaquest.com&pId=4854088203679752455
x-proxy-origin: 80.255.7.100; 80.255.7.100; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/ 107 KB
108 KB 50ms
50ms Font
application/octet-stream 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
Origin: https://www.reliaquest.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 313165
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 109808
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64cac444-1acf0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hcFHsrD5vE551eI0Qn6ZZv46eGUJoAN%2BUrJkJ3TvFLO37J6BhMZXkdtsL3%2FhGYvNThxU4o%2Bmrn%2FR%2F5rNMfUEGoxfMfpgIQPC%2B8DckD%2BL7%2BdzuuatVxVRxH9OJWmlmfqckC07%2BSQ4"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f29c8d965d6f-FRA
expires: Mon, 19 May 2025 16:44:11 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
623 B 228ms
222ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.reliaquest.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:10 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 95DDABED03AA4A3B92716D6D4E85F748 Ref B: FRAEDGE2012 Ref C: 2024-05-29T16:44:11Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.reliaquest.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYZmnXEG+k8SDslqycyBw==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 138ms
138ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A5%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:11 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 180ms
179ms Script
application/x-javascript 23.58.24.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.58.24.102 Chennai, India, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-58-24-102.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 16:44:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Fri, 06 Sep 2024 16:44:11 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 152ms
47ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-G6184BWDDN&gtm=45je45m0v871663715z872282274za200zb72282274&_p=1717001051145&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1428493327.1717001052&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1717001051&sct=1&seg=0&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&dt=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&en=page_view&_fv=1&_nsi=1&_ss=1&ep.debug_mode=true&tfd=1659
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reliaquest.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 158ms
49ms Ping
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-G6184BWDDN&cid=1428493327.1717001052&gtm=45je45m0v871663715z872282274za200zb72282274&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reliaquest.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 145ms
86ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-G6184BWDDN&cid=1428493327.1717001052&gtm=45je45m0v871663715z872282274za200zb72282274&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=947715450

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f195.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
467 B 119ms
119ms XHR
application/json 54.209.130.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.209.130.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-209-130-235.compute-1.amazonaws.com

Software

Resource Hash

2586023c0e49f41ff6228709fd60b96238261203b2f427d54bddb79335fd7691

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.reliaquest.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: f2c697557426ae8ad3411dcb4ec26152

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 50ms
49ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1503285867&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&ul=de-de&de=UTF-8&dt=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=596671836&gjid=523428810&cid=1428493327.1717001052&tid=UA-10904891-3&_gid=1589364586.1717001052&_r=1&_slc=1&gtm=45He45m0n71NPQTDRv72282274za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=151039059

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reliaquest.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.7b6d7646601d8cd7fb5f.js Show response
script.hotjar.com/ 222 KB
55 KB 158ms
44ms Script
application/javascript 13.32.27.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.7b6d7646601d8cd7fb5f.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2441060.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-21.fra56.r.cloudfront.net

Software

Resource Hash

0f38a63a4786988c8739a89b8ce5e8599ddef3c3d283eff939be3008cbeef0f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 12:31:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 101585
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56114
last-modified: Tue, 28 May 2024 12:30:49 GMT
etag: "ee291f5775291ceb078ff8007ea3aad3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: UYJVb5ihLeCt9_ZCr4mY9rk--xhpV-JOie1R0Dx1TS9zGgSUDy2Nng==

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_vref6ti7/ 3 B
124 B 147ms
41ms XHR
application/json 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_vref6ti7/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
content-encoding: gzip
via: 1.1 varnish
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
content-length: 27

GET
H2 200 t2_vref6ti7_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 159ms
58ms XHR
application/json 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_vref6ti7_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:12 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 98

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 133ms
40ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1717001051867&id=t2_vref6ti7&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=a4fa57d9-a726-4b9e-8b7d-b2105eb0b8a8&aaid=0000000000000000000000000000000000000000000000000000000000000001&em=0000000000000000000000000000000000000000000000000000000000000001&external_id=0000000000000000000000000000000000000000000000000000000000000001&idfa=0000000000000000000000000000000000000000000000000000000000000001&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_8d515a58&dpm=&dpcc=&dprc=
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:11 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 134470029.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 67ms
65ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/134470029.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

04cebe711703810d543514fe8c16916db39d4036d60c25a8c21e0a90c9103a49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Wed, 29 May 2024 16:44:10 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A11CAE3755F84FFCB4D0C57BAB8DBCF6 Ref B: FRA31EDGE0520 Ref C: 2024-05-29T16:44:11Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 204 0
bat.bing.com/action/ 0
287 B 97ms
96ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=134470029&tm=gtm002&Ver=2&mid=fd6bb199-f009-4597-b547-1ddb61da7e60&sid=ad4629c01dda11efbd52bd493eae9598&vid=ad466bc01dda11ef9862bd459619f26d&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&p=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&r=&lt=1118&evt=pageLoad&sv=1&rn=612658

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 29 May 2024 16:44:11 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3B029F88EC0043D49397965214FAAF13 Ref B: FRA31EDGE0520 Ref C: 2024-05-29T16:44:11Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 48ms
47ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-10904891-3&cid=1428493327.1717001052&jid=596671836&gjid=523428810&_gid=1589364586.1717001052&npa=1&_u=YADAAEAAAAAAACAAI~&z=1248715245

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 29 May 2024 16:44:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reliaquest.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 3d48d036-c537-4984-9685-c48b70a4dce2
https://www.reliaquest.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.reliaquest.com/3d48d036-c537-4984-9685-c48b70a4dce2
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 h
heapanalytics.com/ 37 B
261 B 383ms
117ms Image
image/gif 100.25.67.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/h?a=2502874633&u=3916347102203265&v=846733820396942&s=7105388237658793&b=web&tv=4.0&z=0&h=%2Fblog%2Fblacksuit-attack-analysis%2F&d=www.reliaquest.com&t=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&ts=1717001051931&ubv=125.0.6422.112&upv=10.0.0&st=1717001051936

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

100.25.67.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-100-25-67-163.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
etag: W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 37

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 148ms
63ms Image
image/gif 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-10904891-3&cid=1428493327.1717001052&jid=596671836&npa=1&_u=YADAAEAAAAAAACAAI~&z=879280834

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 116ms
115ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-10904891-3&cid=1428493327.1717001052&jid=596671836&npa=1&_u=YADAAEAAAAAAACAAI~&z=879280834

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f195.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK visitWebPage
438-kyk-786.mktoresp.com/webevents/ 2 B
318 B 797ms
123ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://438-kyk-786.mktoresp.com/webevents/visitWebPage?_mchNc=1717001051956&_mchCn=&_mchId=438-KYK-786&_mchTk=_mch-reliaquest.com-1717001051955-78711&_mchHo=www.reliaquest.com&_mchPo=&_mchRu=%2Fblog%2Fblacksuit-attack-analysis%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 16:44:12 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 3e5aa53f-802c-42d4-be5c-78e6d2cdae97

GET
H2 200 134470029 Show response
www.clarity.ms/tag/uet/ 828 B
1 KB 319ms
144ms Script
application/x-javascript 2620:1ec:bdf::43
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/134470029?insights=1
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/134470029.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::43 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3a18865fbc7bad81bb2f66f715167a6cf1aadf388f16d80a93f7087074beb1f8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: -1
date: Wed, 29 May 2024 16:44:12 GMT
x-azure-ref: 20240529T164412Z-164d49668c6kqst2bnkz6eqhnn0000000g7g00000000t103
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 828
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
700 B 146ms
41ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
an-x-request-uuid: 6202800d-cebe-44e2-b07b-7870a0af83bf
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.reliaquest.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.100; 80.255.7.100; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 43ms
43ms XHR
text/html 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-97-58.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:12 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.reliaquest.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
153 B 45ms
43ms Script
application/javascript 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/9d89db09-be43-47ea-ad23-917183e7e184.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 May 2024 06:01:25 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "663c66b5-106b3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18038
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 134ms
133ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 133ms
132ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 134ms
134ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 135ms
134ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 133ms
132ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 133ms
132ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 135ms
133ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 133ms
133ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 133ms
133ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%229d89db09-be43-47ea-ad23-917183e7e184%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2029%20May%202024%2016%3A44%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22593%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 135ms
134ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2029%20May%202024%2016%3A44%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22593%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 133ms
133ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2029%20May%202024%2016%3A44%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22593%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 134ms
134ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2029%20May%202024%2016%3A44%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22594%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 44ms
43ms XHR
text/html 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-97-58.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:12 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.reliaquest.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
310 B 47ms
47ms XHR
text/html 2a02:26f0:2100::58dd:c512
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:2100::58dd:c512 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: c829514739663b0fbaa1e5b4da63fecddb091258f1f8cb852c5e54e1b3fce9af

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.reliaquest.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::5
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1717001052168_1490928910_102841428_24_1062_45_0_219";dur=1
content-length: 19
expires: Wed, 29 May 2024 16:44:12 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 725 B
709 B 114ms
44ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 5f27aa2807b5216b6b87511c46db116091ad7f0c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
X-6s-CustomID: WebTag 9d89db09-be43-47ea-ad23-917183e7e184
Referer: https://www.reliaquest.com/
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 6132568762639219417
date: Wed, 29 May 2024 16:44:12 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.reliaquest.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 387

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 309ms
43ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.reliaquest.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Wed, 29 May 2024 16:44:12 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 6721688865618233134

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.32/ 61 KB
26 KB 78ms
78ms Script
application/javascript 2620:1ec:bdf::43
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/134470029?insights=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::43 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:12 GMT
content-encoding: br
last-modified: Fri, 10 May 2024 17:30:20 GMT
etag: W/"0x8DC7116DE09E645"
vary: Accept-Encoding
x-azure-ref: 20240529T164412Z-164d49668c6kqst2bnkz6eqhnn0000000g7g00000000t10m
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: c75ddf5e-101e-0065-750a-aa809f000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H3 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
15 KB 59ms
58ms Script
application/javascript 104.18.186.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.186.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 28558
x-jsd-version: 3.4.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15023
x-served-by: cache-fra-etou8220049-FRA, cache-lga21944-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xDGchlqRRUtnWHO1aIFfYpYHoF47%2F%2FYoqQo%2BoUED%2F0o2aHX2PAOwScVZlUz%2BE5ILl7k4h3l%2B1qw437Dya83lVoD6iXq38cyrwmZ6Vz%2Bug3jzEDsdjLBKKx5ceFtklIM4Rdk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b7f2a13b57348c-WAW

GET
H2 200 site-visitors Show response
intentstream.contanuity.com/api/ 137 B
397 B 214ms
214ms Fetch
application/json 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-reliaquest

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

d8ea8f7424c4697ddc460bcb19dd53425fdfde2560dc12edc9fe25aa7a1f4cc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
x-pixel-auth: true
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:43:20 GMT
strict-transport-security: max-age=15724800; includeSubdomains
server: nginx
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.reliaquest.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
accept-ranges: bytes
content-length: 137

OPTIONS
H2 200 site-visitors
intentstream.contanuity.com/api/ Frame 0
0 639ms
209ms Preflight 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-reliaquest

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-pixel-auth
Access-Control-Request-Method: GET
Origin: https://www.reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods: GET
access-control-allow-origin: https://www.reliaquest.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Wed, 29 May 2024 16:43:20 GMT
server: nginx
strict-transport-security: max-age=15724800; includeSubdomains

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 133ms
133ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A11%20GMT%22%2C%22timeSpent%22%3A%221064%22%2C%22totalTimeSpent%22%3A%221064%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:12 GMT

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
298 B 425ms
149ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/x-clarity-gzip
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.reliaquest.com
Date: Wed, 29 May 2024 16:44:12 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 42ms
41ms Image
image/gif 172.217.18.14
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1503285867&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&ul=de-de&de=UTF-8&dt=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABAAAAACAAI~&jid=&gjid=&cid=1428493327.1717001052&tid=UA-10904891-3&_gid=1589364586.1717001052&gtm=45He45m0n71NPQTDRv72282274za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&cd1=&cd2=&cd3=Germany&cd5=&cd7=&npa=1&z=328668545

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.14 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 15:24:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4781
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F Show response
abm-tracking.demandscience.com/page-tracking/demandscience-reliaquest/ 2 B
665 B 213ms
213ms Script
application/json 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/page-tracking/demandscience-reliaquest/https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F?visitorId=1de869a3d7012cd0958bc9d05756eb9e_1717001052687&&clientId=DS&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Wed, 29 May 2024 16:44:12 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H/1.1 200
OK tracking Show response
tracking.contanuity.com/ 2 B
762 B 641ms
205ms Script
application/json 54.203.236.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.contanuity.com/tracking?visitorId=1de869a3d7012cd0958bc9d05756eb9e_1717001052687&&clientId=DS&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Wed, 29 May 2024 16:44:13 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 174 KB
63 KB 77ms
76ms Script
application/javascript 142.250.185.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KFM7P3KL

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

8a02efa4c411663acab56f5bd5b8bb5cd90bb0fccc694a24b06376f4dff40d4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64536
x-xss-protection: 0
last-modified: Wed, 29 May 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 May 2024 16:44:13 GMT

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
298 B 371ms
367ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/x-clarity-gzip
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.reliaquest.com
Date: Wed, 29 May 2024 16:44:13 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 139ms
138ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A12%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222064%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Requested by

Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:13 GMT

GET

usersync
tracking.contanuity.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=1de869a3d7012cd0958bc9d05756eb9e_1717001052687
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=1de869a3d7012cd0958bc9d05756eb9e_1717001052687&_bee_ppp=1
https://tracking.contanuity.com/usersync?bwcookie=AAFPV07MrrcAABTYNIbiMQ

0
0

GET
H2 200 core
js.driftt.com/ Frame 6CC8 0
0 233ms
153ms Document
text/html 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=6d1ec3c0-731e-4cb9-b8c9-38637474c4e8&sessionStarted=1717001054.336&campaignRefreshToken=3c47f4c1-74bb-4903-bba5-ea70eeed6724&hideController=false&pageLoadStartTime=1717001050657&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1717001100000/uvut6nv3vzk9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.reliaquest.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 29 May 2024 16:44:14 GMT
etag: W/"f2bf0bf9df23e696cf900342501cd378"
last-modified: Tue, 28 May 2024 13:42:44 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-id: SpPlPr5NAgYMpKtrSc5zZwGt5lhgJ_DcifKQk-XXKJJR9WIOR834GQ==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: O3g8iWc1rn.vvkd0upkfEKEIbtEDTzmA
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 21

GET
H2 200 chat
js.driftt.com/core/ Frame 5051 0
0 228ms
152ms Document
text/html 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1717001050657

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1717001100000/uvut6nv3vzk9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.reliaquest.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 29 May 2024 16:44:14 GMT
etag: W/"f2bf0bf9df23e696cf900342501cd378"
last-modified: Tue, 28 May 2024 13:42:44 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-id: AzAuoeI9i9al1KagvKt3k0A3eT79OLHBnCakAaXkHwkNYwrHineNIw==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: O3g8iWc1rn.vvkd0upkfEKEIbtEDTzmA
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 18

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 213ms
106ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3ea3a972768896d2a84d6eb36d3f5919478ad9c091477c22a5362eb6d53aee4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:14 GMT
x-amz-version-id: 4TVPkf0eH3kVl0Vjj3KPZI_FUiecs6et
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 b5531ef792e817bdf665b09adf99ef4a.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P5
age: 8529
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 15 May 2024 06:37:27 GMT
server: cloudflare
etag: W/"5c7228fc2640a4dfce48217428980fe3"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 88b7f2aefc5134bc-WAW
x-amz-cf-id: 9NX2oYF0mBD1AhimTSgtdzDmZkbPshzVH_IA8ecxxcMJ-BSvsX7bTQ==

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=52A53D74B1FA49B083568B5C31B856CA&RedC=c.clarity.ms&MXFR=204F21657C7C64A0203435EB787C6A80
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=52A53D74B1FA49B083568B5C31B856CA&MUID=1075F63DFB5C67971B9CE2B3FAD766A7

42 B
443 B

59ms
59ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=52A53D74B1FA49B083568B5C31B856CA&MUID=1075F63DFB5C67971B9CE2B3FAD766A7
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.reliaquest.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:14 GMT
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
server: Microsoft-IIS/10.0
etag: "3e26b762b6cda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DB6E7152F73C4AFC8D64AA39A9487D50 Ref B: FRA31EDGE0520 Ref C: 2024-05-29T16:44:14Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=52A53D74B1FA49B083568B5C31B856CA&MUID=1075F63DFB5C67971B9CE2B3FAD766A7
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 up
insight.adsrvr.org/track/ Frame 1EE9 0
0 169ms
54ms Document
text/html 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=e1vlmxc&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&upid=nzz4w81&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.reliaquest.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-length: 0
content-type: text/html
date: Wed, 29 May 2024 16:44:14 GMT
server: Kestrel

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 133ms
132ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A13%20GMT%22%2C%22timeSpent%22%3A%221083%22%2C%22totalTimeSpent%22%3A%223147%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:14 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:14 GMT

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 952ms
911ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: Yis28hzkPHcESSA=
cf-cache-status: DYNAMIC
cf-ray: 88b7f2afdffe44fe-TXL
date: Wed, 29 May 2024 16:44:15 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 042ecc89a1780cbeac8044aa867f1880.cloudfront.net (CloudFront)
x-amz-cf-id: egj4j_D24PLTCinlvRqupd-gFRMfyGirbY_0Iz5fyy-hF-kjqLh_TA==
x-amz-cf-pop: BAH53-C1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 199 B
554 B 450ms
450ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 632b8662486367303747deb9dedb874bb8ea31dcf6d0f657385a9d722bc29d12

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer 28bfd1c1ea1670271003
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.reliaquest.com/
visited_url: https://www.reliaquest.com/blog/blacksuit-attack-analysis/

Response headers

date: Wed, 29 May 2024 16:44:16 GMT
via: 1.1 406d9579ac200a99bde21028b64d638c.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: BAH53-C1
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: Yis3Bjy7PHcESxA=
server: cloudflare
etag: W/"c7-vmzz0R4rIDvRFe7uni+D9pyp4Vo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 88b7f2b58b0444fe-TXL
x-amz-cf-id: CCc0OHQx6w9CuAnz3c9kxPmZrqRThf2hY6OD_ubQsDwKoIJGk93QEg==

GET
H3 200 favicon-RGB-50x50.png
www.reliaquest.com/wp-content/uploads/ 516 B
826 B 92ms
73ms Other
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reliaquest.com/wp-content/uploads/favicon-RGB-50x50.png

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f4fb1d5e60d18895bc5b6a9e0bb163c3db19a85cdc9c6c30cf7c72e1474cb0c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:15 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains;
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=653
content-disposition: inline; filename="favicon-RGB-50x50.webp"
alt-svc: h3=":443"; ma=86400
content-length: 516
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Tue, 22 Aug 2023 20:52:20 GMT
server: cloudflare
etag: "64e52004-28d"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 88b7f2b42b992681-TXL

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 134ms
133ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A14%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224148%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:15 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:15 GMT

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 220ms
137ms Script
application/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:16 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 1606
x-guploader-uploadid: ABPtcPoiSuXQ8udaqq9DqZWGDs9QVOSRI8bKB8cL4S_FyRPh5mAxYfjO2u8cHtVBavKCpnME_cQOPQutUg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 88b7f2b8fedfbfc1-WAW
expires: Wed, 29 May 2024 17:17:30 GMT

GET
H3 404 / Show response
ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/ 47 B
396 B 277ms
225ms Fetch 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

1901a8ea3a7bbfbaed9368147df59683e7001afe30fc4c08261fb14a2ea2bad0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
Referer: https://www.reliaquest.com/blog/blacksuit-attack-analysis/
_vtok: ODAuMjU1LjcuMTAw
_zitok: 5aa329698b6c6099e6c81717001055
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:16 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
access-control-allow-origin: https://www.reliaquest.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
content-length: 47
cf-ray: 88b7f2baee0a34ce-WAW
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/ Frame 0
0 331ms
250ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.reliaquest.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 88b7f2b8f976bfda-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 29 May 2024 16:44:16 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 226ms
226ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.reliaquest.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.reliaquest.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 88b7f2ba3b55bfda-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 29 May 2024 16:44:16 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 1 KB
861 B 206ms
205ms Fetch
application/json 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

44cc05657b3b4d888ed0c123999fa4e1eb40c8c90a18657abfbe8581c2512bb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: bearer 8ad2d798eb60be1b73f09dfc94ae0d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.reliaquest.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 16:44:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"4d8-AANf4JqcOkI6V97LV45UwzPmND4"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.reliaquest.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 88b7f2bbaf8934ce-WAW

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
298 B 122ms
122ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/x-clarity-gzip
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.reliaquest.com
Date: Wed, 29 May 2024 16:44:16 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 140ms
139ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A15%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225148%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:16 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:16 GMT

GET
BLOB 200
OK f18d5985-45fd-4034-8339-6bb32964641a Show response
https://www.reliaquest.com/ 47 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.reliaquest.com/f18d5985-45fd-4034-8339-6bb32964641a
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1901a8ea3a7bbfbaed9368147df59683e7001afe30fc4c08261fb14a2ea2bad0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length: 47
Content-Type: text/javascript

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 133ms
132ms Image
image/gif 2.19.97.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=1dfa77d9-a2b8-4ed5-88d1-61308ad66031&session=1909681c-1c92-4d5a-8e65-1341c31edfca&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2029%20May%202024%2016%3A44%3A16%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226148%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=25f293fe-e3a8-4cc1-868c-7690bcfeca96&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.97.58 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-97-58.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:17 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 29 May 2024 16:44:17 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 48ms
47ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-G6184BWDDN&gtm=45je45m0v871663715z872282274za200zb72282274&_p=1717001051145&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1428493327.1717001052&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=2&sid=1717001051&sct=1&seg=0&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&dt=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&en=six_sense_event&ep.debug_mode=true&ep.domain=&ep.country=Germany&ep.revenue_range=&ep.segments=&_et=849&up.hjuid=896bb3a7&tfd=7512
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.reliaquest.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 29 May 2024 16:44:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reliaquest.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: kdl.keywee.co
URL: https://kdl.keywee.co/www.reliaquest.com/_blog_blacksuit-attack-analysis_.js

Domain: tracking.contanuity.com
URL: https://tracking.contanuity.com/usersync?bwcookie=AAFPV07MrrcAABTYNIbiMQ

Verdicts & Comments Add Verdict or Comment

188 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.reliaquest.com/	1970-01-20 20:56:42	Name: __cf_bm Value: u.tqexSnrniaRZnnv2oBDjc_di31GcPpoSiqwMNfmNQ-1717001050-1.0.1.1-pQLO7jrSs.KdgHYzq6FpESU0Yomvpq9dIK.WAZanDTZRVNzwUVwzLuvio9gju5yO21JArq06Xtth2z1c2zsgLQ
.techtarget.com/	1970-01-20 20:56:42	Name: __cf_bm Value: NupzIX0WYSS8JRmjS08XQTkd0vmj4.PRbBXndmkc1lg-1717001051-1.0.1.1-aCg552URFFtrWte0n6rD5RriRpu48qxZz1lkIkU7LgC4hLcqAUuMcrCbxkSHuHB2DncWMjGjtGTcfvrcFs3w1g
www.reliaquest.com/	1970-01-21 06:32:41	Name: _gd_visitor Value: 1dfa77d9-a2b8-4ed5-88d1-61308ad66031
www.reliaquest.com/	1970-01-20 20:56:55	Name: _gd_session Value: 1909681c-1c92-4d5a-8e65-1341c31edfca
.reliaquest.com/	1970-01-20 23:06:17	Name: _gcl_au Value: 1.1.229536437.1717001052
.linkedin.com/	1970-01-20 23:06:17	Name: li_sugr Value: 2cbeeb54-2dcd-448c-b131-9f175136e082
www.reliaquest.com/	1970-01-20 21:06:45	Name: slireg Value: https://scout.us2.salesloft.com
.linkedin.com/	1970-01-20 20:58:07	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2829:u=1:x=1:i=1717001051:t=1717087451:v=2:sig=AQE7aQgch74cSqo5IzUhl4x1f4Y9sGA8"
.reliaquest.com/	1970-01-21 06:32:41	Name: _ga Value: GA1.2.1428493327.1717001052
.reliaquest.com/	1970-01-20 20:58:07	Name: _gid Value: GA1.2.1589364586.1717001052
.reliaquest.com/	1970-01-20 20:56:41	Name: _gat_UA-10904891-3 Value: 1
.reliaquest.com/	1970-01-20 23:06:17	Name: _rdt_uuid Value: 1717001051850.a4fa57d9-a726-4b9e-8b7d-b2105eb0b8a8
.reliaquest.com/	1970-01-20 23:06:17	Name: _rdt_em Value: 0000000000000000000000000000000000000000000000000000000000000001
.reliaquest.com/	1970-01-20 20:58:07	Name: _uetsid Value: ad4629c01dda11efbd52bd493eae9598
.reliaquest.com/	1970-01-21 06:18:17	Name: _uetvid Value: ad466bc01dda11ef9862bd459619f26d
.linkedin.com/	1970-01-20 21:39:53	Name: UserMatchHistory Value: AQKkI4BoeqbRNgAAAY_FPN6RkVoqtda3kqa_9GqrQgJw_QidGq0_ft4dXjk4-rjMZtWqSxTKtbLUwQ
.linkedin.com/	1970-01-20 21:39:53	Name: AnalyticsSyncHistory Value: AQIQAaYq0k2zjAAAAY_FPN6R2FJvXjKLnfG4521fNSFqmu190Mbvajdfsm-l2pvpxZ7vnepfRvfvQ1iJBXYhjg
.linkedin.com/	1970-01-21 05:42:17	Name: bcookie Value: "v=2&27773140-07b7-41b5-88df-9897716be695"
.reliaquest.com/	1970-01-21 06:24:38	Name: _hp2_id.2502874633 Value: %7B%22userId%22%3A%223916347102203265%22%2C%22pageviewId%22%3A%22846733820396942%22%2C%22sessionId%22%3A%227105388237658793%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
www.reliaquest.com/	1970-01-21 05:42:17	Name: sliguid Value: ddf329e1-41cf-4aa9-b3a2-f69f9077bf5f
www.reliaquest.com/	1970-01-21 05:42:17	Name: slirequested Value: true
.reliaquest.com/	1970-01-21 06:32:41	Name: _mkto_trk Value: id:438-KYK-786&token:_mch-reliaquest.com-1717001051955-78711
.bing.com/	1970-01-21 06:18:17	Name: MUID Value: 1075F63DFB5C67971B9CE2B3FAD766A7
.reliaquest.com/	1970-01-21 05:42:17	Name: _hjSessionUser_2441060 Value: eyJpZCI6Ijg5NmJiM2E3LTZkMDQtNWYxOC05OTQ0LTU5Mjc0MWMyZWYxMyIsImNyZWF0ZWQiOjE3MTcwMDEwNTIxMTAsImV4aXN0aW5nIjp0cnVlfQ==
.reliaquest.com/	1970-01-20 20:56:42	Name: _hjSession_2441060 Value: eyJpZCI6IjFhODYxNWVmLTI3YjMtNDI5MS1hMjEwLTcwYzY4NTMyZDk0MCIsImMiOjE3MTcwMDEwNTIxMTEsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.www.linkedin.com/	1970-01-21 05:42:17	Name: bscookie Value: "v=1&2024052916441214f0177f-8851-47ff-87cd-ef467a8d7dccAQE2t8YZJ0Yz0b50Ozyo5wXfeHiGMALi"
.linkedin.com/	1970-01-21 01:15:53	Name: li_gc Value: MTswOzE3MTcwMDEwNTI7MjswMjF7r4sbVf8gXuXEp04yHxP4tigTgM3qqwMVOgZjIownXA==
.adnxs.com/	1970-01-20 23:06:17	Name: XANDR_PANID Value: l7-IYuLoW-tHyCBpsiLa0akd2ujHRGrjmFT-rki19hE5MDavsOnmldx2lVIndS9nRJKqZlfGBslS9NjUvt73H-6C1-wTOgUr6vkbRf1Zzpw.
.adnxs.com/	1970-01-21 06:32:41	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 23:06:17	Name: uuid2 Value: 4854088203679752455
www.reliaquest.com/	1970-01-20 21:06:45	Name: _an_uid Value: 0
www.clarity.ms/	1970-01-21 05:42:17	Name: CLID Value: 5cf48d2cd0d0442d8f6016f17a31a5de.20240529.20250529
.reliaquest.com/	1970-01-20 20:56:42	Name: _hp2_ses_props.2502874633 Value: %7B%22ts%22%3A1717001051931%2C%22d%22%3A%22www.reliaquest.com%22%2C%22h%22%3A%22%2Fblog%2Fblacksuit-attack-analysis%2F%22%7D
.reliaquest.com/	1970-01-21 05:42:17	Name: _clck Value: 14sfkn2%7C2%7Cfm6%7C0%7C1610
.reliaquest.com/	1970-01-21 06:32:41	Name: _ga_G6184BWDDN Value: GS1.1.1717001051.1.0.1717001052.59.0.0
abm-tracking.demandscience.com/	1970-01-21 06:32:41	Name: userId Value: 1de869a3d7012cd0958bc9d05756eb9e_1717001052687
.reliaquest.com/	1970-01-20 20:58:07	Name: _clsk Value: 1cndiy8%7C1717001053005%7C1%7C1%7Co.clarity.ms%2Fcollect
tracking.contanuity.com/	1970-01-21 06:32:41	Name: userId Value: 1de869a3d7012cd0958bc9d05756eb9e_1717001052687
tracking.contanuity.com/	1970-01-21 06:32:41	Name: clientId Value: DS
.bidr.io/	1970-01-21 06:25:14	Name: bito Value: AAFPV07MrrcAABTYNIbiMQ
.bidr.io/	1970-01-21 06:25:14	Name: bitoIsSecure Value: ok
www.reliaquest.com/	1970-01-20 20:56:42	Name: drift_campaign_refresh Value: 3c47f4c1-74bb-4903-bba5-ea70eeed6724
.c.bing.com/	1970-01-20 21:06:45	Name: MR Value: 0
.c.bing.com/	1970-01-21 06:18:17	Name: SRM_B Value: 1075F63DFB5C67971B9CE2B3FAD766A7
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 06:18:17	Name: MUID Value: 1075F63DFB5C67971B9CE2B3FAD766A7
.c.clarity.ms/	1970-01-20 21:06:45	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 20:56:41	Name: ANONCHK Value: 0
www.reliaquest.com/	1970-01-21 06:32:41	Name: drift_aid Value: 3af54d07-ad07-41c6-94b9-92ba6df09486
www.reliaquest.com/	1970-01-21 06:32:41	Name: driftt_aid Value: 3af54d07-ad07-41c6-94b9-92ba6df09486
.www.reliaquest.com/	1970-01-21 05:42:17	Name: _zitok Value: 5aa329698b6c6099e6c81717001055
.zoominfo.com/	1970-01-20 20:56:42	Name: __cf_bm Value: UBOx3Fq79yg2jsRuIQbkpILw38FFzmWYdDeVWym6iNA-1717001056-1.0.1.1-ei3eW10C0G1yFWhBBOf3bQwUNQ4anK6g_Fn5tojZ8rIm954EvMmfrLwJc_HpFxXnT9J31dogVT40ePMFCM9GOQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Tq663VV3gSNy4dj.3ubUQGGK8ukDCCFgiuWk9zsWlQ8-1717001056248-0.0.1.1-604800000

71 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://js.driftt.com/include/1717001100000/uvut6nv3vzk9.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

438-kyk-786.mktoresp.com
abm-tracking.demandscience.com
alb.reddit.com
attr.ml-api.io
b.6sc.co
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.heapanalytics.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
epsilon.6sense.com
heapanalytics.com
ibc-flow.techtarget.com
insight.adsrvr.org
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.driftt.com
js.zi-scripts.com
kdl.keywee.co
munchkin.marketo.net
nexus.ensighten.com
o.clarity.ms
pixel-config.reddit.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.ml-attr.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.addtoany.com
static.hotjar.com
stats.g.doubleclick.net
tracking.contanuity.com
trk.techtarget.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.reliaquest.com
kdl.keywee.co
tracking.contanuity.com
100.25.67.163
104.16.117.43
104.16.118.43
104.17.24.14
104.18.186.31
108.138.26.95
13.107.42.14
13.248.142.121
13.32.27.21
13.32.27.86
141.193.213.21
142.250.185.100
142.250.185.232
151.101.129.140
151.101.65.140
172.217.16.195
172.217.18.14
172.64.150.44
172.67.39.148
18.172.103.101
18.245.86.14
18.245.86.77
18.66.102.51
192.28.144.124
2.19.97.58
2001:4860:4802:32::36
23.58.24.102
2600:9000:206f:4800:5:7a81:86c0:93a1
2600:9000:2491:3200:2:8f43:5780:93a1
2606:4700:4400::ac40:973c
2606:4700::6810:4769
2606:4700::6812:bb1f
2620:1ec:21::14
2620:1ec:bdf::43
2620:1ec:c11::237
2a00:1450:4001:80b::200e
2a00:1450:4001:811::2008
2a00:1450:400c:c06::9b
2a02:26f0:2100::58dd:c512
2a02:26f0:7100::1720:ef23
2a04:4e42:400::396
2a04:4e42::649
34.111.208.231
37.252.171.21
44.226.187.177
52.152.143.207
52.223.40.198
52.32.164.86
54.203.236.163
54.209.130.235
68.219.88.97
68.67.153.60
04cebe711703810d543514fe8c16916db39d4036d60c25a8c21e0a90c9103a49
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed
0f38a63a4786988c8739a89b8ce5e8599ddef3c3d283eff939be3008cbeef0f8
18b0cd68a1c2b982382ce5d3e27bcdfe894ff39bb1c9ee70cca934217eb3ce87
1901a8ea3a7bbfbaed9368147df59683e7001afe30fc4c08261fb14a2ea2bad0
2298d58f76f75135d021b0f1aa558defa9e66a1cc384b3eedde0f0904fa72def
2586023c0e49f41ff6228709fd60b96238261203b2f427d54bddb79335fd7691
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
36a3e5bf1e7bfe416f6731a74ab950cf38936425b39854621dc69dc7512fadaf
3760892dc66f80b7b377185200f21d8f710fbeac41253683455f6a7206254f99
386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a
3a18865fbc7bad81bb2f66f715167a6cf1aadf388f16d80a93f7087074beb1f8
404c746c8f7e3f9b7611a8f23d908c1a32a5c972236b9d89bb68b05d9bf4b905
424ce4e99e7476fca8e9d27d6c15b60466ab7cf1c7d7c896e1c63f7cd6a818c8
435431fd6746f356f026904bb7f2203996bf27dbdf2d8fb45339c312c90a21f1
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44cc05657b3b4d888ed0c123999fa4e1eb40c8c90a18657abfbe8581c2512bb0
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4ef2b5a94dc1c773f64aa7ce1185515c81542ca881f84eb929fe21daaecba32b
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
53360205906c05aa5eb2d470b93c4ec221832b5207a222277c052eb1076dd903
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
572f5c7956c6df267d7a9725e35602fb2b414dd5c48e53512468e627f0ef3a3c
58836f0cbbffe109f1cd067235305e860f78f78a7ef8fd62ea52211130d33fd6
5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e
5eee7eef8c43d97d6c92ce9000b3f2424647e58f985c2df5711690c8b95f1495
61ea329c09b4cc22cd4391b26ca2b66257eb824e590d4de2a760ccbfccf70bf7
632b8662486367303747deb9dedb874bb8ea31dcf6d0f657385a9d722bc29d12
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6a8100ba153f6bee7f2aaf85da5b6e6b359a4269483d80f49e7fce5b7182654c
6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3
6f4fb1d5e60d18895bc5b6a9e0bb163c3db19a85cdc9c6c30cf7c72e1474cb0c
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
747d119fd2c76cfdd5459f147a1e5c1c01b21808cb8f0639626db4b34dc0d02e
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84d1a6377c22f7683a00d101a2a1ff90cf1eaf607128ce45a835a188e1dd10ae
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
8a02efa4c411663acab56f5bd5b8bb5cd90bb0fccc694a24b06376f4dff40d4c
8acabd96307d4f928ebba68aa5faef2bb2a7d80896809c4a46aac2d311830adb
8cf6822be42df21c4a253dbaf5814735acf5690ea42578de3009d443f475b527
90cd085fb1b820cab7d04a52702a189d2a3cf9ffbcf1ef3b354283d65d7fa24a
91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805
945063ebf0d8666b48130934c6bfc0653210ae7d836fd985d3966efba08aa1a2
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9b9971d96411c9db199cb76e0e3ba2973a1992524321435dacd754e96ac9dace
a2a4c14ee1b8f583f11100c088f9d302a97ac02603409992146cd28000c3020b
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc46e11ef889c4607d9befe335305d246d312cb0cda290d3beb75a722d417979
be08df326777a8b33cbcd047765e7dc6b8ddf620dcf64a85402ffc8fa006caab
c3ea3a972768896d2a84d6eb36d3f5919478ad9c091477c22a5362eb6d53aee4
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00
c81c322867056949b4836c5860843392b7da5dcb563ec2e99f8a5c05f7e74106
c829514739663b0fbaa1e5b4da63fecddb091258f1f8cb852c5e54e1b3fce9af
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98
d8ea8f7424c4697ddc460bcb19dd53425fdfde2560dc12edc9fe25aa7a1f4cc5
dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2
ea02b94e06bb17ed0ec54d4cd5731eb009178215258f8471198b591b583d60b8
eaae1d4db82158aa4b92c4286ed1977ad9c3eb18db96573c6404f681fc93a78d
ee507a80e7d618662cd5b3ed0d235a0ba26075f36a6d67ebc1c3dc987d74bb76
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f524309c83549cab1b81b931d905888234eecf709e4aa0ade136daa5edbb5246
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
f9f9bf9ce4517c2e44a824e9dda21d15cea50ee2f0bf480f4f69bf924ff00efe
faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.reliaquest.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

138 Requests

95 %HTTPS

31 %IPv6

35 Domains

52 Subdomains

52 IPs

6 Countries

1544 kBTransfer

3938 kBSize

53 Cookies

9 Outgoing links

Redirected requests

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.reliaquest.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

138
Requests

95 %
HTTPS

31 %
IPv6

35
Domains

52
Subdomains

52
IPs

6
Countries

1544 kB
Transfer

3938 kB
Size

53
Cookies

138 HTTP transactions
1 data transactions