darktrace.com Open in urlscan Pro
34.249.200.254 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2#:~:text=What%2...
Effective URL:
https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Submission: On January 09 via manual (January 9th 2024, 11:49:51 am UTC) from GB — Scanned from GB

Summary HTTP 188 Redirects Links 48 Behaviour Indicators

Summary

This website contacted 47 IPs in 5 countries across 37 domains to perform 188 HTTP transactions. The main IP is 34.249.200.254, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is darktrace.com. The Cisco Umbrella rank of the primary domain is 78441.
TLS certificate: Issued by R3 on October 28th 2023. Valid for: 3 months.

This is the only time darktrace.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	34.249.200.254 34.249.200.254	16509 (AMAZON-02) (AMAZON-02)
31	2600:9000:215... 2600:9000:2156:8c00:12:9e5f:cac0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 27	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
11	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:480... 2a02:26f0:480:983::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.65.208.22 172.65.208.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:620	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
2	37.221.223.30 37.221.223.30	51514 (SPOTLER S...) (SPOTLER Spotler Network)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.224.98.99 13.224.98.99	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	104.16.60.2 104.16.60.2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:223... 2600:9000:223f:aa00:11:3b84:d200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	52.18.173.130 52.18.173.130	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:710... 2a02:26f0:7100::1720:ef23	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.65.236.181 172.65.236.181	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.219.229 172.65.219.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.202.201 172.65.202.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.238.60 172.65.238.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.65.192.122 172.65.192.122	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	52.19.115.173 52.19.115.173	16509 (AMAZON-02) (AMAZON-02)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
7	2606:4700::68... 2606:4700::6812:1caa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
11	2.20.143.74 2.20.143.74	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a06:98c1:320... 2a06:98c1:3200::90:2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.198.159 172.65.198.159	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.65.232.43 172.65.232.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:710... 2a02:26f0:7100::210:180	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	18.157.62.148 18.157.62.148	16509 (AMAZON-02) (AMAZON-02)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.240.166 172.65.240.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	63.140.62.22 63.140.62.22	15224 (OMNITURE) (OMNITURE)
9	2606:4700::68... 2606:4700::6810:890f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
188	47

2 34.249.200.254 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-200-254.eu-west-1.compute.amazonaws.com

darktrace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2600:9000:2156:8c00:12:9e5f:cac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets-global.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:480:983::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.208.22 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:620 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.weglot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.221.223.30 (United Kingdom)

ASN51514 (SPOTLER Spotler Network, NL)
PTR: mail30.tgml2.co.uk

t.gatorleads.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.98.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-98-99.zrh50.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.60.2 (None, )

ASN13335 (CLOUDFLARENET, US)

ir.darktrace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:223f:aa00:11:3b84:d200:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.18.173.130 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-173-130.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
darktrace.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::1720:ef23 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.236.181 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.219.229 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.202.201 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.238.60 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.192.122 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-eu1.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.115.173 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-115-173.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

9120626.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:1caa (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-api-weglot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.20.143.74 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-20-143-74.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3200::90:2 (United States)

ASN13335 (CLOUDFLARENET, US)

api-eu1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.198.159 (United States)

ASN13335 (CLOUDFLARENET, US)

cta-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.123 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:180 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.157.62.148 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-62-148.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.240.166 (United States)

ASN13335 (CLOUDFLARENET, US)

track-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.22 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-22.data.adobedc.net

darktrace.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:890f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	website-files.com assets-global.website-files.com — Cisco Umbrella Rank: 11552 assets.website-files.com — Cisco Umbrella Rank: 23948	6 MB
33	gstatic.com www.gstatic.com fonts.gstatic.com	3 MB
28	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 6 adservice.google.com — Cisco Umbrella Rank: 189	208 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 14744 c.6sc.co — Cisco Umbrella Rank: 20790 ipv6.6sc.co — Cisco Umbrella Rank: 15314 b.6sc.co — Cisco Umbrella Rank: 9130	26 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 625	144 KB
9	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 12402 ws-assets.zoominfo.com — Cisco Umbrella Rank: 54315	32 KB
7	cdn-api-weglot.com cdn-api-weglot.com — Cisco Umbrella Rank: 127089	6 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 778 www.linkedin.com — Cisco Umbrella Rank: 944 px4.ads.linkedin.com — Cisco Umbrella Rank: 7294	5 KB
4	doubleclick.net 2 redirects 9120626.fls.doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 68	4 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 23867	3 KB
3	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 2890 adservice.google.co.uk — Cisco Umbrella Rank: 5993	1 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 692	14 KB
3	hubspot.com js-eu1.hubspot.com — Cisco Umbrella Rank: 48482 cta-eu1.hubspot.com — Cisco Umbrella Rank: 47568 track-eu1.hubspot.com — Cisco Umbrella Rank: 27018	26 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 313 darktrace.demdex.net	5 KB
3	jquery.com code.jquery.com — Cisco Umbrella Rank: 1219	105 KB
3	weglot.com cdn.weglot.com — Cisco Umbrella Rank: 22790	47 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 572	61 KB
3	darktrace.com darktrace.com — Cisco Umbrella Rank: 78441 ir.darktrace.com	120 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 23936	607 B
2	hsforms.com forms-eu1.hsforms.com — Cisco Umbrella Rank: 55924 perf-eu1.hsforms.com — Cisco Umbrella Rank: 48837	2 KB
2	hscollectedforms.net js-eu1.hscollectedforms.net — Cisco Umbrella Rank: 48860 forms-eu1.hscollectedforms.net — Cisco Umbrella Rank: 51950	26 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	143 KB
2	gatorleads.co.uk t.gatorleads.co.uk — Cisco Umbrella Rank: 285896	7 KB
1	omtrdc.net darktrace.sc.omtrdc.net	344 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 793	572 B
1	hubapi.com api-eu1.hubapi.com — Cisco Umbrella Rank: 38468	1 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 173	2 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1969	517 B
1	hs-analytics.net js-eu1.hs-analytics.net — Cisco Umbrella Rank: 25843	21 KB
1	hs-banner.com js-eu1.hs-banner.com — Cisco Umbrella Rank: 25371	20 KB
1	hsadspixel.net js-eu1.hsadspixel.net — Cisco Umbrella Rank: 36712	4 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1877	15 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 950	305 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 395	25 KB
1	cloudfront.net d3e54v103j8qbb.cloudfront.net	31 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 438	4 KB
1	hs-scripts.com js-eu1.hs-scripts.com — Cisco Umbrella Rank: 23083	1 KB
188	37

	Domain	Requested by
31	assets-global.website-files.com	darktrace.com assets-global.website-files.com
29	www.gstatic.com	www.google.com www.gstatic.com
27	www.google.com	1 redirects darktrace.com www.gstatic.com www.google.com
11	cdn.cookielaw.org	darktrace.com cdn.cookielaw.org
8	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
8	b.6sc.co	darktrace.com
7	cdn-api-weglot.com	cdn.weglot.com
4	fonts.gstatic.com	www.google.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	assets.website-files.com	assets-global.website-files.com
3	js.zi-scripts.com	darktrace.com js.zi-scripts.com
3	bat.bing.com	darktrace.com bat.bing.com
3	code.jquery.com	darktrace.com
3	cdn.weglot.com	darktrace.com cdn.weglot.com
3	assets.adobedtm.com	darktrace.com assets.adobedtm.com
2	epsilon.6sense.com	j.6sc.co
2	www.google.co.uk	darktrace.com
2	j.6sc.co	assets.adobedtm.com j.6sc.co
2	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
2	9120626.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	www.googletagmanager.com	assets.adobedtm.com
2	dpm.demdex.net	assets.adobedtm.com darktrace.com
2	t.gatorleads.co.uk	darktrace.com t.gatorleads.co.uk
2	darktrace.com	darktrace.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	darktrace.sc.omtrdc.net
1	track-eu1.hubspot.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	perf-eu1.hsforms.com	darktrace.com
1	adservice.google.co.uk	adservice.google.com
1	forms-eu1.hsforms.com	darktrace.com
1	forms-eu1.hscollectedforms.net	js-eu1.hscollectedforms.net
1	cta-eu1.hubspot.com	js-eu1.hubspot.com
1	api-eu1.hubapi.com	js-eu1.hsadspixel.net
1	www.googleadservices.com	www.googletagmanager.com
1	adservice.google.com	9120626.fls.doubleclick.net
1	px4.ads.linkedin.com	darktrace.com
1	www.linkedin.com	1 redirects
1	cm.everesttech.net	1 redirects
1	darktrace.demdex.net	assets.adobedtm.com
1	js-eu1.hscollectedforms.net	js-eu1.hs-scripts.com
1	js-eu1.hs-analytics.net	js-eu1.hs-scripts.com
1	js-eu1.hs-banner.com	js-eu1.hs-scripts.com
1	js-eu1.hsadspixel.net	js-eu1.hs-scripts.com
1	js-eu1.hubspot.com	js-eu1.hs-scripts.com
1	snap.licdn.com	assets.adobedtm.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	ir.darktrace.com	darktrace.com
1	cdnjs.cloudflare.com	darktrace.com
1	d3e54v103j8qbb.cloudfront.net	darktrace.com
1	cdn.jsdelivr.net	darktrace.com
1	js-eu1.hs-scripts.com	darktrace.com
188	54

This site contains links to these domains. Also see Links.

Domain
customerportal.darktrace.com
partners.darktrace.com
ir.darktrace.com
www.microsoft.com
twitter.com
www.esentire.com
www.justice.gov
www.youtube.com
riskybiznews.substack.com
medium.com
blog.avast.com
blog.sekoia.io
www.metabaseq.com
perception-point.io
www.virustotal.com
silent4business.com
www.webdav.org
www.csirt.gob.cl
www.gob.mx
www.bleepingcomputer.com
www.mnemonic.io
www.ivanti.com
forums.ivanti.com
isc.sans.edu
www.linkedin.com
registry.blockmarktech.com
fr.darktrace.com
it.darktrace.com
ko.darktrace.com
ja.darktrace.com
es.darktrace.com
de.darktrace.com
pt-br.darktrace.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
darktrace.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.website-files.com Amazon RSA 2048 M03	`2023-09-11` - `2024-10-08`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
cdn.weglot.com GTS CA 1P5	`2024-01-06` - `2024-04-05`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.gatorleads.co.uk R3	`2023-12-30` - `2024-03-29`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
cdn-api-weglot.com Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
6sc.co R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
www.google.co.uk GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-03-08`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Frame ID: 2E367FC7CD5B5F49C7269108BC4C2E53
Requests: 123 HTTP requests in this frame

Frame: https://darktrace.demdex.net/dest5.html?d_nsid=0
Frame ID: B6A28DC93872C79707106B93F493311F
Requests: 1 HTTP requests in this frame

Frame: https://9120626.fls.doubleclick.net/activityi;dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Frame ID: 409D4A24B195E549E79DF30551B5F201
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=51ow0tceuxhm
Frame ID: 571AE0CF267EAE7A9E2DD74DB76084AE
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=4nbk9fy66e5s
Frame ID: 475A05A0392536D0EE0F0B823630DA9C
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=rlqn2zncxsyj
Frame ID: 259849C3CAEEC13E5A69D5473996F428
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=mfclljqxxxv8
Frame ID: C8517A5849BA2A5F5A6A082BBBF46565
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=g6npt7u7vjf
Frame ID: 211847CBE71712AC8C931E199A44847A
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=e73kmc3v9cwg
Frame ID: D73D46080CDF3AE54C381EC47B901D09
Requests: 9 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Frame ID: A824437488E217595776FF80F79B6649
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.co.uk/ddm/fls/i/dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Frame ID: A33B85FE709822D8C3B8FB125A1DED39
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW
Frame ID: D566AB134C2D6DFC90DBFD445DDE45FA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW
Frame ID: 4F8ADDCEA2C8D895F2EEDF834DD844A6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW
Frame ID: 2721DD3FA06538552D547C36A16A6BB5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW
Frame ID: 3FD93F0D3CAF84C4965B8F847C3ADD18
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW
Frame ID: FB2EFC3B7191132A8E81DBD04310877B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW
Frame ID: 1B8BD1CE07E98FF77301460C43B25380
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The resurgence of the raccoon: Steps of a Raccoon Stealer v2 Infection (Part 2) | Darktrace BlogBack ButtonSearch IconFilter Icon

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

cdn\.weglot\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

188
Requests

98 %
HTTPS

51 %
IPv6

37
Domains

54
Subdomains

47
IPs

5
Countries

9723 kB
Transfer

19684 kB
Size

43
Cookies

48 Outgoing links

These are links going to different origins than the main page.

URL: https://customerportal.darktrace.com/
Title: Customer Portal

Search URL Search Domain Scan URL

URL: https://partners.darktrace.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://partners.darktrace.com/apply
Title: Become a partner

Search URL Search Domain Scan URL

URL: https://ir.darktrace.com/
Title: Investors

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/
Title: https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/

Search URL Search Domain Scan URL

URL: https://twitter.com/3xp0rtblog/status/1507312171914461188
Title: https://twitter.com/3xp0rtblog/status/1507312171914461188

Search URL Search Domain Scan URL

URL: https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-raccoon-stealer-v2-0
Title: https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-raccoon-stealer-v2-0

Search URL Search Domain Scan URL

URL: https://www.justice.gov/usao-wdtx/pr/newly-unsealed-indictment-charges-ukrainian-national-international-cybercrime-operation
Title: https://www.justice.gov/usao-wdtx/pr/newly-unsealed-indictment-charges-ukrainian-national-international-cybercrime-operation

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=Fsz6acw-ZJY
Title: https://www.youtube.com/watch?v=Fsz6acw-ZJ

Search URL Search Domain Scan URL

URL: https://riskybiznews.substack.com/p/raccoon-stealer-dev-didnt-die-in
Title: https://riskybiznews.substack.com/p/raccoon-stealer-dev-didnt-die-in

Search URL Search Domain Scan URL

URL: https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d
Title: https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d

Search URL Search Domain Scan URL

URL: https://blog.avast.com/fakecrack-campaign
Title: https://blog.avast.com/fakecrack-campaign

Search URL Search Domain Scan URL

URL: https://blog.sekoia.io/raccoon-stealer-v2-part-2-in-depth-analysis/
Title: https://blog.sekoia.io/raccoon-stealer-v2-part-2-in-depth-analysis/

Search URL Search Domain Scan URL

URL: https://www.metabaseq.com/fenix-botnet/
Title: https://www.metabaseq.com/fenix-botnet/

Search URL Search Domain Scan URL

URL: https://perception-point.io/blog/manipulated-caiman-the-sophisticated-snare-of-mexicos-banking-predators-technical-edition/
Title: https://perception-point.io/blog/manipulated-caiman-the-sophisticated-snare-of-mexicos-banking-predators-technical-edition/

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/ip-address/104.156.149.33/community
Title: https://www.virustotal.com/gui/ip-address/104.156.149.33/community

Search URL Search Domain Scan URL

URL: https://silent4business.com/tendencias/1
Title: https://silent4business.com/tendencias/1

Search URL Search Domain Scan URL

URL: https://www.metabaseq.com/cybercartel/
Title: https://www.metabaseq.com/cybercartel/

Search URL Search Domain Scan URL

URL: http://www.webdav.org/specs/rfc2518.html#rfc.section.4.1
Title: http://www.webdav.org/specs/rfc2518.html#rfc.section.4.1

Search URL Search Domain Scan URL

URL: https://www.csirt.gob.cl/alertas/8ffr23-01415-01/
Title: https://www.csirt.gob.cl/alertas/8ffr23-01415-01/

Search URL Search Domain Scan URL

URL: https://www.gob.mx/sat/acciones-y-programas/sitios-web-falsos
Title: https://www.gob.mx/sat/acciones-y-programas/sitios-web-falsos

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-in-new-attacks-abusing-webdav-folders/
Title: https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-in-new-attacks-abusing-webdav-folders/

Search URL Search Domain Scan URL

URL: https://www.mnemonic.io/resources/blog/ivanti-endpoint-manager-mobile-epmm-authentication-bypass-vulnerability/
Title: https://www.mnemonic.io/resources/blog/ivanti-endpoint-manager-mobile-epmm-authentication-bypass-vulnerability/‍

Search URL Search Domain Scan URL

URL: https://www.mnemonic.io/resources/blog/threat-advisory-remote-file-write-vulnerability-in-ivanti-epmm/
Title: https://www.mnemonic.io/resources/blog/threat-advisory-remote-file-write-vulnerability-in-ivanti-epmm/‍

Search URL Search Domain Scan URL

URL: https://www.mnemonic.io/resources/blog/threat-advisory-remote-code-execution-vulnerability-in-ivanti-sentry/
Title: https://www.mnemonic.io/resources/blog/threat-advisory-remote-code-execution-vulnerability-in-ivanti-sentry/‍

Search URL Search Domain Scan URL

URL: https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability
Title: https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability‍

Search URL Search Domain Scan URL

URL: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
Title: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US‍

Search URL Search Domain Scan URL

URL: https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078?language=en_US
Title: https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078?language=en_US‍

Search URL Search Domain Scan URL

URL: https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability
Title: https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability‍

Search URL Search Domain Scan URL

URL: https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
Title: https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US‍

Search URL Search Domain Scan URL

URL: https://forums.ivanti.com/s/article/KB-Arbitrary-File-Write-CVE-2023-35081?language=en_US
Title: https://forums.ivanti.com/s/article/KB-Arbitrary-File-Write-CVE-2023-35081?language=en_US‍

Search URL Search Domain Scan URL

URL: https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry
Title: https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry‍

Search URL Search Domain Scan URL

URL: https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
Title: https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US‍

Search URL Search Domain Scan URL

URL: https://forums.ivanti.com/s/article/KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035?language=en_US
Title: https://forums.ivanti.com/s/article/KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035?language=en_US‍

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/diary/Your+Business+Data+and+Machine+Learning+at+Risk+Attacks+Against+Apache+NiFi/29900
Title: https://isc.sans.edu/diary/Your+Business+Data+and+Machine+Learning+at+Risk+Attacks+Against+Apache+NiFi/29900

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/darktrace/

Search URL Search Domain Scan URL

URL: https://twitter.com/Darktrace

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@DarktraceAI/videos

Search URL Search Domain Scan URL

URL: https://registry.blockmarktech.com/certificates/190b07dc-b55f-4db3-b546-7944783efbfa/

Search URL Search Domain Scan URL

URL: https://fr.darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Title: Français

Search URL Search Domain Scan URL

URL: https://it.darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Title: Italiano

Search URL Search Domain Scan URL

URL: https://ko.darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Title: 한국어

Search URL Search Domain Scan URL

URL: https://ja.darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Title: 日本語

Search URL Search Domain Scan URL

URL: https://es.darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Title: Español

Search URL Search Domain Scan URL

URL: https://de.darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://pt-br.darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Title: Português Brasileiro

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 66

https://cm.everesttech.net/cm/dd?d_uuid=57390379367534598152656230931144534206 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZZ0y2AAAANF-awOJ

Request Chain 67

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D67174%26time%3D1704800984629%26url%3Dhttps%253A%252F%252Fdarktrace.com%252Fblog%252Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&cookiesTest=true&liSync=true&e_ipv6=AQJClrlIWL4BygAAAYzuDqGcH9Fs2LoX3HBklhv429Q9KHZilR2I8jki9y_zsX-EyNA29WCp19o

Request Chain 69

https://9120626.fls.doubleclick.net/activityi;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2 HTTP 302
https://9120626.fls.doubleclick.net/activityi;dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Request Chain 118

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/401176436/?random=409238230&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&label=iWNrCOfMzv0DEPTupb8B&hn=www.googleadservices.com&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&auid=1025747073.1704800985&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&ocp_id=2TKdZciZHcSS78EP7PmesAw&sscte=1&crd=&pscrd=Ek9DaEVJZ1ByenJBWVF2TkROd3VmX3NMZVBBUkltQUZMemZ0T19DWkhaY0JyTFZtNFVaNjJqYmJwcS1URGxwZ2JRLVlaRTJoQ0E3UkhxV25RGlhDaEFJZ1ByenJBWVFrZm5Za0xyZjdxQi1FaTRBNk44Yk1iVDRuQ0xCWFdzeW9QcjNwbVN5WC1OdmNLRE1BaVhMelZpOWEzcVVkRHdEaURlYTE0SnZtOURYIhMIiOqbyZ7QgwMVRMk7Ah3svAfG HTTP 302
https://www.google.com/pagead/1p-conversion/401176436/?random=409238230&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&label=iWNrCOfMzv0DEPTupb8B&hn=www.googleadservices.com&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&auid=1025747073.1704800985&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ1ByenJBWVF2TkROd3VmX3NMZVBBUkltQUZMemZ0T19DWkhaY0JyTFZtNFVaNjJqYmJwcS1URGxwZ2JRLVlaRTJoQ0E3UkhxV25RGlhDaEFJZ1ByenJBWVFrZm5Za0xyZjdxQi1FaTRBNk44Yk1iVDRuQ0xCWFdzeW9QcjNwbVN5WC1OdmNLRE1BaVhMelZpOWEzcVVkRHdEaURlYTE0SnZtOURYIhMIiOqbyZ7QgwMVRMk7Ah3svAfG&is_vtc=1&ocp_id=2TKdZciZHcSS78EP7PmesAw&cid=CAQSKQAvHhf_XNArw8rNXc1-BB0NLv5iezRML-WIQQtYqDzQQyQDLUOjurk5&random=438806618 HTTP 302
https://www.google.co.uk/pagead/1p-conversion/401176436/?random=409238230&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&label=iWNrCOfMzv0DEPTupb8B&hn=www.googleadservices.com&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&auid=1025747073.1704800985&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ1ByenJBWVF2TkROd3VmX3NMZVBBUkltQUZMemZ0T19DWkhaY0JyTFZtNFVaNjJqYmJwcS1URGxwZ2JRLVlaRTJoQ0E3UkhxV25RGlhDaEFJZ1ByenJBWVFrZm5Za0xyZjdxQi1FaTRBNk44Yk1iVDRuQ0xCWFdzeW9QcjNwbVN5WC1OdmNLRE1BaVhMelZpOWEzcVVkRHdEaURlYTE0SnZtOURYIhMIiOqbyZ7QgwMVRMk7Ah3svAfG&is_vtc=1&ocp_id=2TKdZciZHcSS78EP7PmesAw&cid=CAQSKQAvHhf_XNArw8rNXc1-BB0NLv5iezRML-WIQQtYqDzQQyQDLUOjurk5&random=438806618&ipr=y

188 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2 Show response
darktrace.com/blog/ 225 KB
57 KB 241ms
51ms Document
text/html 34.249.200.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.249.200.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-200-254.eu-west-1.compute.amazonaws.com

Software

Resource Hash

617a47557a4fa2bbe4450421dd3a1bab569f78b3b937bdab63ae348211960577

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1883
content-encoding: gzip
content-length: 57861
content-security-policy: frame-ancestors 'self'
content-type: text/html
date: Tue, 09 Jan 2024 11:49:43 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-cluster-name: eu-west-1-prod-hosting-red
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-lambda-id: 775213de-d0fc-46b9-968a-b6c21be0a2f2
x-permitted-cross-domain-policies: none
x-served-by: cache-iad-kiad7000165-IAD, cache-dub4359-DUB
x-timer: S1704800984.529808,VS0,VE1
x-xss-protection: 1; mode=block

GET
H2 200 web-phoenix.202e22f84.min.css
assets-global.website-files.com/626ff19cdd07d1258d49238d/css/ 640 KB
117 KB 262ms
57ms Stylesheet
text/css 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/css/web-phoenix.202e22f84.min.css
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e6119ed7e8b147c4fb63f1d4f7da9356ad0212ddcab6ccfc052708b0f9d13e62

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:28:12 GMT
content-encoding: gzip
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
x-amz-version-id: NYpDQ691P3XQC0S2WMwh_awt_RQ4hrFU
age: 76892
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 119506
last-modified: Mon, 08 Jan 2024 14:27:42 GMT
server: AmazonS3
etag: "9f1342406522910074f4f4b89340f71b"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: onZD2fjhE4xAoUk6-zLStKzWvgF-32Goi6h38qB0baX3eHn2G9vqrw==

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 184ms
48ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c0a8f2cd747b6b9cd15d4007388817291906a6b8b1c70b2bc39a64e603809b77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 09 Jan 2024 11:49:43 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 159ms
40ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: FWT01iLvZ++xUAz3aesSug==
age: 30029
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Mon, 08 Jan 2024 21:13:14 GMT
server: cloudflare
etag: 0x8DC108EA045231A
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 2c22ed76-601e-0006-1aa8-420a3c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 842c75641c767731-LHR

GET
H2 200 launch-581b2cfa7858.min.js Show response
assets.adobedtm.com/ea4e25aa0549/f752722fa920/ 154 KB
47 KB 223ms
65ms Script
application/x-javascript 2a02:26f0:480:983::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:983::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5560a2f9b290ae957e4c008304b3b1debcce91b98f0764325c728710eec87083

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
last-modified: Thu, 29 Jun 2023 09:07:47 GMT
server: AkamaiNetStorage
etag: "3bee43625b62167bb7263cde941574cd:1688029667.963463"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://darktrace.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 47722
expires: Tue, 09 Jan 2024 12:49:44 GMT

GET
H2 200 25522132.js Show response
js-eu1.hs-scripts.com/ 2 KB
1 KB 329ms
113ms Script
application/javascript 172.65.208.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hs-scripts.com/25522132.js

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2acda9581ef854bb01a60eacccd515e9c6e50d28615299939e1efd273c9bc913

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: 448adc23-0431-4be2-9a6b-2a5c7e2c263a
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=2524
age: 22
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 448adc23-0431-4be2-9a6b-2a5c7e2c263a
cf-bgj: minify
last-modified: Tue, 09 Jan 2024 11:48:25 GMT
server: cloudflare
x-trace: 2B5B85F8CB91FDB79C2ED7DF90CCA7BCA3F67C3C62000000000000000000
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://darktrace.com
x-evy-trace-served-by-pod: fra04/hubapi-td/envoy-proxy-6f6888945b-52hkg
cache-control: public, max-age=30
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 842c7566ee039567-DUB

GET
H2 200 weglot.min.js Show response
cdn.weglot.com/ 118 KB
41 KB 168ms
47ms Script
application/javascript 2606:4700::6812:620
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.weglot.com/weglot.min.js

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:620 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e178d90d78f6611536dcc71109b0cc9e7b72e440f70f8660c3fa9c4d1ef9dab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:43 GMT
content-encoding: gzip
via: 1.1 eff74d3c4669ba49791c396ee58f3712.cloudfront.net (CloudFront)
x-amz-version-id: null
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-cf-pop: LHR62-C4
age: 1296
x-cache: Hit from cloudfront
last-modified: Tue, 02 Jan 2024 13:41:50 GMT
server: cloudflare
etag: W/"1e5aee4de3743f9b04dd524b29b410f4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
cf-ray: 842c75641f995279-LHR
x-amz-cf-id: jSkbo6vizP94f5j5vcxTKPbrXBRxJVypa2TUkxpXLuqMuucx9Y77LA==
expires: Tue, 09 Jan 2024 12:19:43 GMT

GET
H2 200 jquery-ui.css
code.jquery.com/ui/1.13.2/themes/base/ 35 KB
8 KB 144ms
26ms Stylesheet
text/css 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.13.2/themes/base/jquery-ui.css
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c8c2157918c9fed0bb9dcc56c96b52dc7af70b05ca0228e467eaf91777751ad7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:43 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 10000362
x-cache: HIT, HIT
content-length: 8356
x-served-by: cache-lga21933-LGA, cache-lon420108-LON
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1704800984.692948,VS0,VE0
etag: W/"28feccc0-8d03"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 23, 1894

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 144ms
26ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:43 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 4198367
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-lon420108-LON
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1704800984.692940,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 42, 56078

GET
H2 200 9d4e9aed-5f41-4ac6-9664-348ac7434c4c.js Show response
t.gatorleads.co.uk/Scripts/ssl/ 14 KB
7 KB 206ms
41ms Script
text/javascript 37.221.223.30
SPOTLER Spotler N...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.gatorleads.co.uk/Scripts/ssl/9d4e9aed-5f41-4ac6-9664-348ac7434c4c.js
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 37.221.223.30 , United Kingdom, ASN51514 (SPOTLER Spotler Network, NL),
Reverse DNS: mail30.tgml2.co.uk
Software: Caddy /
Resource Hash: 2640b6bbf6b7cd7844db1890c44b3be228e70ab0e0eb91012405513b599d6abc

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
x-backend: web42
age: 1380
x-cache: HIT 320 spuk-var01
cad-forwarded-for: 194.74.212.124
content-length: 6883
x-client-ip: 10.118.6.11
server: Caddy
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public
access-control-allow-credentials: true
x-client-id: 10.118.6.11
t-caddyhead: 101
accept-ranges: bytes

GET
H2 200 socialshare.js Show response
cdn.jsdelivr.net/npm/@finsweet/attributes-socialshare@1/ 9 KB
4 KB 175ms
69ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@finsweet/attributes-socialshare@1/socialshare.js

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eafd7e17be354753ca120ef03d28aa45a37c423e89e9f2602e8fd5a24400f150

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 27343
x-jsd-version: 1.3.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220106-FRA, cache-lcy-eglc8600031-LCY
x-jsd-version-type: version
server: cloudflare
etag: W/"2385-rwl9CAsmlk954AGumYBzecK5wJE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2BY7qi64aV2Ufq5mLl%2FCz16P%2Bk50MXi3htQyFPCROFzMFYEw2%2F3xCPQZeBG86F3agWxa9A0bkWYrCIOVeW8YZS%2B8Y0rqIj0U13cTzxlh26UPpeHM815e9LMhaJh3rEnWfiuqjpl2MUWmqLpYPR8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 842c75663cde77a0-LHR

GET
H2 200 62c4e22e866dec1fe2712cb3_Darktrace%20Logo%20B%3AO%20-%20Vector.svg
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 8 KB
3 KB 302ms
98ms Image
image/svg+xml 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/62c4e22e866dec1fe2712cb3_Darktrace%20Logo%20B%3AO%20-%20Vector.svg
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ef6b6ed623b9789747d2e491b3ad692793d461be2f27bdf0c531b2d953fa670d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:06:11 GMT
x-amz-version-id: U3NyuUAtCMgfEVbn9mSuYAOoErDsuB9M
content-encoding: gzip
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 11486613
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 06 Jul 2022 01:15:27 GMT
server: AmazonS3
etag: W/"c34059ce90d8a25cb81c8342bac3caad"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: E27GQCXcI1-4SYG-JCJU6MQFnGYelgLX4Qdp3L5LdQ4Zz6K7sHDxhw==

GET
H2 200 62c4e24dc156cb0b0f553f00_Darktrace%20Logo%20W%3AO%20-%20Vector.svg
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 4 KB
2 KB 303ms
99ms Image
image/svg+xml 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/62c4e24dc156cb0b0f553f00_Darktrace%20Logo%20W%3AO%20-%20Vector.svg
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb569f6cb17f458762401b465a42bef12e5d53c5159fe280fdeebce485918f15

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 12:01:51 GMT
x-amz-version-id: atk2MPCHNIcTHrkcjIHBKdHEDkFTRJJf
content-encoding: br
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2936873
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 06 Jul 2022 01:15:59 GMT
server: AmazonS3
etag: W/"5991991ddb298b4d5a41b64e945abc05"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: BDHVS7sEEbhoT3s5z-9P96BDoubr2Ttz5RMXuID_ZkrSHaGcy4eA0A==

GET
H2 200 636a6f9e66ad3177c6607d2b_R2%201.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 59 KB
60 KB 56ms
56ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a6f9e66ad3177c6607d2b_R2%201.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8dcea064f42cc64fdaedef160828d1d67a15445d4c71330e02216cd5e33fbc08

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 06:47:21 GMT
x-amz-version-id: Kwv_PT.cb.y14TU3l7XMWnptfcK3kNSm
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2091743
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 60550
last-modified: Tue, 08 Nov 2022 16:20:57 GMT
server: AmazonS3
etag: "4a6fdc486e5f45301d3a6c0744aef999"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: wF4nXz-oY81EWs6aBFuIExE0Zt036Smtw2Davq2Jzw3d_zyvy_wwCQ==

GET
H2 200 636a6fb1d3363ebdad14d1cf_R2%202.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 67 KB
67 KB 49ms
48ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a6fb1d3363ebdad14d1cf_R2%202.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3aeb80f1a8079225ec23fb8c2146912e0c5388d0fb51835c41c619bc52bf42ca

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 22:38:08 GMT
x-amz-version-id: 52uiL3j0EhO8W4iuY7bo3JuEBqHoL9ZO
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 1775496
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 68112
last-modified: Tue, 08 Nov 2022 16:21:13 GMT
server: AmazonS3
etag: "c1229a6e2bf96bf8277c647d64c34b55"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: PD8XsYZtY_j4QabDtEWz-lmOsvyGKEpXcYs1AkKB13w4_81kXu8W4w==

GET
H2 200 636a6fc291e958f40d858d4f_R2%203.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 71 KB
72 KB 52ms
46ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a6fc291e958f40d858d4f_R2%203.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 858b9641acb71b5463d69f74a7fc85c0183102bd836ca47c76c5e729d8da33d4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 09:23:05 GMT
x-amz-version-id: ydiJj_N0Kb0z5TterPt28mgqzUYqUfEV
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 872799
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 72719
last-modified: Tue, 08 Nov 2022 16:21:28 GMT
server: AmazonS3
etag: "da276450dc4663b058ca5cea8fa6f33d"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: javf06kH3zSi8Jg65GZB9-EOhDTRENyJOUIFwhBVxyKDDNK1zffp7Q==

GET
H2 200 636a82333d7b9730a82babe3_Figure%204.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 231 KB
231 KB 75ms
71ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a82333d7b9730a82babe3_Figure%204.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b8b79e968df0f74cd51d569a2b75ffe7474f91fc221de749e01fe7663c328bce

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 21:02:08 GMT
x-amz-version-id: _UvNZry5Ojvt88.DMR5j6CpxyxHw2PVc
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2126855
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 236269
last-modified: Tue, 08 Nov 2022 16:22:13 GMT
server: AmazonS3
etag: "40f4a75b20bcb8f2a78a58b65ac25aad"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 6R-oFUx2FkxF1i37dhg_QltQYm67C4DB60xuzATGicwADgXGDkawfw==

GET
H2 200 636a8246e251209289da308f_Figure%205.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 33 KB
34 KB 56ms
52ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a8246e251209289da308f_Figure%205.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e8fb1edd4e6ac76dbb05bba77c54c77671bb00143b7dabf92bf3edf996fb595

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 06:47:21 GMT
x-amz-version-id: kuYcWbqxCsX8IMnQ3U7vZTQJyrwDNnco
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2091743
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 34291
last-modified: Tue, 08 Nov 2022 16:22:31 GMT
server: AmazonS3
etag: "b3faf385b6de56eb199739076ce5843f"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: pBvkCtq6IjvBXHskLJnR_cZDUG3HTD6Nv0IjeKu0CJTfLtNqKJT5BA==

GET
H2 200 636a8251a5916fcf7f9dbfe6_Figure%206.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 34 KB
34 KB 54ms
50ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a8251a5916fcf7f9dbfe6_Figure%206.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 868c6354c19c6bf06c6f879f94ba1498579c60b1283d44dfe9c056211494e7ec

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 06:47:22 GMT
x-amz-version-id: ZVrM8AEVhLdrQ9pbPOLjO7s2sbJe4K8O
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2091742
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 34592
last-modified: Tue, 08 Nov 2022 16:22:43 GMT
server: AmazonS3
etag: "abec61d4391dda3d97e8e41fd79a3f98"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: pPW_T-ee0xcQQnV_8XyCpQLcAYSJiROmn6NQ8AH5FPTIQCmiHzF4rw==

GET
H2 200 636a8260cf49e75b67cd4fc4_Figure%207.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 34 KB
35 KB 84ms
80ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a8260cf49e75b67cd4fc4_Figure%207.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 889d1f642f074226934ed8675283fe04bc4aa7810b528f71b6ff9fd93b8f0b0f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 22:38:08 GMT
x-amz-version-id: v8fkKpMwiaOrGdSEZLjm5.pnKN9wmObX
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 1775496
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 35020
last-modified: Tue, 08 Nov 2022 16:22:57 GMT
server: AmazonS3
etag: "0bf1b74bade233e30337172a952a7897"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: dZ9cVUBWPO1SUeaoePYylIHBAqlrzZENVP7kIf3hk8yFZ1fNyZWVvg==

GET
H2 200 636a827c61e0e48686f8bcfd_Figure%208.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 327 KB
328 KB 101ms
98ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a827c61e0e48686f8bcfd_Figure%208.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a36db0362a5e9d292bbdf29f863546f2890efb7416068417ca7b11f00fc30b8d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 06:47:22 GMT
x-amz-version-id: uNjXx_duQLpZvFbGf0MRDSHp1W5zxNDF
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2091742
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 335292
last-modified: Tue, 08 Nov 2022 16:23:25 GMT
server: AmazonS3
etag: "fd5b8eb061fa89fc31f0c104ff1e913e"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: HhULSgcADQyVljAYQQ2oJmSbC6FHtjyweEMjKYWOoB2wArzbstPHEg==

GET
H2 200 636a828b56178743e7279944_Figure%209.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 158 KB
158 KB 125ms
122ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a828b56178743e7279944_Figure%209.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4b12db669cf3a559b812931dc1c37d4fc8aa8e33077cc410d22f3fe30a8cd466

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 06:47:22 GMT
x-amz-version-id: IhITCQCRQPXlyHkQmH725qRqUVFQmo4V
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2091742
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 161576
last-modified: Tue, 08 Nov 2022 16:23:41 GMT
server: AmazonS3
etag: "8f0757d9c2d699db316cbc9aa2466cf4"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: d7N4USK2lxguz17t96_od5qXbAfgOkGVVkhO688NJKTm8Qbo17aB_g==

GET
H2 200 636a829939b40c15cfde75c4_Figure%2010.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 204 KB
205 KB 86ms
83ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a829939b40c15cfde75c4_Figure%2010.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 412e086400741907bbf4dd6a656b651ca220ebea9970278930fccfa7328b20c9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:53:11 GMT
x-amz-version-id: PqL5sGE24FS3g6mPRrRTF6jHWk.M_zBK
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 3120993
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 209393
last-modified: Tue, 08 Nov 2022 16:23:54 GMT
server: AmazonS3
etag: "252d315633a286a5b0773f5a14d34f73"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: kcvmCtbFm79gKocJ-7xki7n9uT6v3MclQvckl6w8V0Rk3YVQFWtNog==

GET
H2 200 636a82b4faeb1225f55b2c7a_Figure%2011.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 554 KB
555 KB 124ms
121ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a82b4faeb1225f55b2c7a_Figure%2011.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cf2f96e668062701f4fa1528d8abcf800b14885d56701aa9e4b4cbf01c1215aa

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 06:47:22 GMT
x-amz-version-id: Q50J9w9RjyvTohSsGAuLana2EVlG86Kh
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2091742
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 567475
last-modified: Tue, 08 Nov 2022 16:24:21 GMT
server: AmazonS3
etag: "e914954cc5ec5ebf83a560fb5bb86424"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: juoxc1J2WJhbERQRd1989o-gp-yNiDlfoHLN2KpgsUzgQ9PuwJLgng==

GET
H2 200 636a82c44db971667c4b0e90_Figure%2012.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 272 KB
273 KB 131ms
129ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a82c44db971667c4b0e90_Figure%2012.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 163a54a4c369a3b52b445847e397af3df73583c92f3bc2ed61f3773d729f41a0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 03:23:34 GMT
x-amz-version-id: Ps3CU9AEtjlJ_v.rEGoHppzsGw638oFc
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2363170
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 278920
last-modified: Tue, 08 Nov 2022 16:24:37 GMT
server: AmazonS3
etag: "de5e42606fa9aec4f92ce312c0403d6f"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 3pBaFXnl9chQTfQmEESNn4-o7jlqIvJBEJYcQ_9z-zeOr7sAjSJp1Q==

GET
H2 200 636a82d20901c9302a036cc4_Figure%2013.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 468 KB
469 KB 133ms
130ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a82d20901c9302a036cc4_Figure%2013.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cb68f573a69f12ac22b656de23d0efcb5eb9505eeba1d579112b730151cdc2c5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 18:03:11 GMT
x-amz-version-id: mzEAbpKNmEwQLf3oSPU4K8.XY4yMXbWU
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 927993
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 478867
last-modified: Tue, 08 Nov 2022 16:24:51 GMT
server: AmazonS3
etag: "084df4beb724d480b02dc1a1d4abc2cc"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: zWIxA37NDOb627ccwRNRjlW6ib3xQRbWPmDZ7tk272Lk99Zp1UjpAw==

GET
H2 200 636a82e0bdee08508d202e8e_Figure%2014.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 186 KB
187 KB 132ms
129ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a82e0bdee08508d202e8e_Figure%2014.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 26faad62422049b4c91af4247cb57c76c08edd5283c89aadbfa5f06d41fa90e1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 22:38:08 GMT
x-amz-version-id: 6ntBkcyihakHPZJ2T1Lp9wEYaf5iCa8c
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 1775496
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 190914
last-modified: Tue, 08 Nov 2022 16:25:05 GMT
server: AmazonS3
etag: "2e80ce27f20121bc4c600fe37c460ba1"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: QaGU5f6xFkeZXhfYVz39tzKkfEPuRVeYA7lwmiVbYTLK1cdqkEXgJQ==

GET
H2 200 636a8315a287f5bf948b424e_Figure%2015.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 268 KB
269 KB 132ms
130ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a8315a287f5bf948b424e_Figure%2015.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 43c2b937d200a8e16791e93a6f369388c9c83fba2d238147d73da36cc749f028

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 06:47:22 GMT
x-amz-version-id: uumiKkET9NaGTnvNH1Ed4BmWlg3DMzD8
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2091742
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 274293
last-modified: Tue, 08 Nov 2022 16:25:59 GMT
server: AmazonS3
etag: "403919ec2e1b57ad0eebb31924770e98"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: ZG1lI3GyHkW7auta6dRfd1z27FyLx4ZvPSEmiizBKMbEaoNkFDmTNA==

GET
H2 200 636a832bfaeb123d145b3c61_Figure%2016.png
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 213 KB
214 KB 133ms
131ms Image
image/png 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/636a832bfaeb123d145b3c61_Figure%2016.png
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06433d685c68e0346ea00a414010af610a2a0e865203e2584607dbc0389f8984

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 03:23:34 GMT
x-amz-version-id: JJEp6X.ba4chnYt_0IP1VzcP5n9lgT9P
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2363170
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 217933
last-modified: Tue, 08 Nov 2022 16:26:21 GMT
server: AmazonS3
etag: "7722ea55cf8ed91b21bb88608b04de07"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: _VU1iQ96W4qpjJwmCR8D9J8l2YXmSNa5dt3f59SeC6IE_zXgBCqrXg==

GET
H2 200 6439504aac7642d452f73227_Orrange%20Arrow.svg
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 515 B
973 B 130ms
128ms Image
image/svg+xml 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/6439504aac7642d452f73227_Orrange%20Arrow.svg
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4132d7151489539efda9fcd764f395c17bcf6d28f2b77787ea49d2acaf987c9b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 16:37:08 GMT
x-amz-version-id: EsH5slD6K9c8haLetnad.x967jb3Dp0C
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 1883556
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 515
last-modified: Fri, 14 Apr 2023 13:08:27 GMT
server: AmazonS3
etag: "dbf50e460599d6583e104fddeb06617d"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: QXojwgoJeX3NTbOoz-JMq_fRcXqs7mU2eSiwtgO2H-3LlICzhW6RAQ==

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
31 KB 274ms
84ms Script
application/javascript 13.224.98.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=626ff19cdd07d1258d49238d
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.98.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-98-99.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://darktrace.com/
Origin: https://darktrace.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 07:18:24 GMT
content-encoding: gzip
via: 1.1 af287426c130b47dba79bf825f91ebba.cloudfront.net (CloudFront)
age: 16281
x-amz-cf-pop: ZRH50-C1
x-cache: Hit from cloudfront
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: rhD8_rBHgKvyzomD1bbz6PwrIXERlHONrmbdraLJQoZBkhvbN-_n8w==

GET
H2 200 web-phoenix.a6b03652d.js Show response
assets-global.website-files.com/626ff19cdd07d1258d49238d/js/ 2 MB
259 KB 66ms
61ms Script
text/javascript 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/js/web-phoenix.a6b03652d.js
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8180fd30856b262a1c7adce2393ee4bc49c7f584e332cfe9c7e6816fecc0188c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: n68ISzPYiAtnJHBZAolikcvo8RbOx_jb
content-encoding: gzip
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
date: Mon, 08 Jan 2024 16:29:17 GMT
age: 69627
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 264378
last-modified: Fri, 05 Jan 2024 17:58:07 GMT
server: AmazonS3
etag: "89e8e15ec51ea7f788a6590e73050572"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: cx_HljEDp0ystlqz3wNUa5HcEchkSdTreUXdFdvPi2EW53mqtXAokQ==

GET
H2 200 jquery-ui.min.js Show response
code.jquery.com/ui/1.13.2/ 249 KB
66 KB 29ms
24ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.13.2/jquery-ui.min.js
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:43 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 9998786
x-cache: HIT, HIT
content-length: 67628
x-served-by: cache-lga13623-LGA, cache-lon420108-LON
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1704800984.919434,VS0,VE0
etag: W/"28feccc0-3e46c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 2, 3327

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/ 69 KB
25 KB 205ms
57ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/gsap.min.js

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b36764faf17f2803c4ef3a5ea18b0187dc9ae66b13ec253c71ddb3178d2ccf52

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3661733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25169
last-modified: Thu, 22 Dec 2022 06:00:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63a3f27f-6251"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DgF9BVB2Xo7Q%2B7zc4lB8tPecxevtnBKoAW21FJtStrcSG%2FbAGoRgQLjNjp35Rk85xoU4RO2Rcc4exBe02AAbbXZwQB%2F7mK5hDyYMVSYUNCAez9eVO9Kfc62YeXhKg5OeTMuST9vHSAwahbOMrMMpf7VM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 842c75666e7423bd-LHR
expires: Sun, 29 Dec 2024 11:49:44 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ 503 KB
202 KB 202ms
58ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://darktrace.com/
Origin: https://darktrace.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H2 200 20244352-54bc-40a3-80e3-0daa9d221c87.json Show response
cdn.cookielaw.org/consent/20244352-54bc-40a3-80e3-0daa9d221c87/ 6 KB
3 KB 174ms
75ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/20244352-54bc-40a3-80e3-0daa9d221c87/20244352-54bc-40a3-80e3-0daa9d221c87.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ed951ca234a2aae2ddef8ef3167b9c632c4581f8c44903934c3113507c4c840

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 34395
content-md5: O32+igPEVrnpWERNPp4ZoQ==
content-length: 2032
x-ms-lease-status: unlocked
last-modified: Wed, 17 May 2023 08:45:55 GMT
server: cloudflare
etag: 0x8DB56B321096755
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: aee0ff6b-501e-008b-119a-373dee000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 842c7565f9c352cf-LHR
expires: Wed, 10 Jan 2024 11:49:44 GMT

GET
H2 200 234baeaaccaa2f09e0dc6c004f571bbd6.json Show response
cdn.weglot.com/projects-settings/ 3 KB
1 KB 190ms
87ms Fetch
application/json 2606:4700::6812:620
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.weglot.com/projects-settings/234baeaaccaa2f09e0dc6c004f571bbd6.json

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:620 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc63629e2a3083d80820c26c1b9afdfa736f492272a447303164597d535c1064

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 0c62e8c958eb0d54f812cda141e660b6.cloudfront.net (CloudFront)
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-cf-pop: LHR62-C4
age: 423742
x-cache: Hit from cloudfront
last-modified: Fri, 24 Nov 2023 08:13:41 GMT
server: cloudflare
etag: W/"47e2cba0b42cb26f1f0c94f0558ce684"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cf-ray: 842c75662ddc4889-LHR
x-amz-cf-id: 9IjDePFaynXbz391kwkvcYxItZcv-uIBrwIhnKVgKq2nXPBu1DQdGA==

GET
H2 200 /
ir.darktrace.com/ 0
0 256ms
113ms Other
text/html 104.16.60.2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ir.darktrace.com/
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.60.2 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 resources
darktrace.com/ 0
63 KB 49ms
49ms Other
text/html 34.249.200.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://darktrace.com/resources

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.249.200.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-200-254.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:43 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 1900
x-cache: MISS, HIT
x-cluster-name: eu-west-1-prod-hosting-red
content-length: 63817
x-xss-protection: 1; mode=block
x-served-by: cache-iad-kjyo7100119-IAD, cache-dub4357-DUB
referrer-policy: strict-origin-when-cross-origin
x-timer: S1704800984.934972,VS0,VE0
x-lambda-id: f4b6848a-bfcf-42b1-af2f-dd5e5281e5ec
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,x-wf-forwarded-proto
content-type: text/html
accept-ranges: bytes
x-cache-hits: 0, 8

GET
H2 200 647db7ac0e044a9ddac74279_631f476ebfd2671286096dad_Cullman.jpeg
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 1 MB
1 MB 114ms
112ms Image
image/jpeg 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/647db7ac0e044a9ddac74279_631f476ebfd2671286096dad_Cullman.jpeg
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cbb1fa406c6d27851d47286a24a41cd63c87edefea475cce47b1e717129dd5e4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 03:46:31 GMT
x-amz-version-id: TlH5Yzdiew1RqSnChASwU4HT1snY3F1L
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 28992
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1251975
last-modified: Mon, 05 Jun 2023 10:31:04 GMT
server: AmazonS3
etag: "9dbafcbc028f21a1541c2e4db32c4751"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: kAKSQP3yijYP-N12rQkH2NJAHA2G2Ndc6a4sTpx1pZZQi8tgHb2Tag==

GET
H2 200 647db7b75b4dee56582a4738_64303af4ab67bd208ac93852_Strengthening-Security-Posture.webp
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 164 KB
165 KB 114ms
112ms Image
image/webp 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/647db7b75b4dee56582a4738_64303af4ab67bd208ac93852_Strengthening-Security-Posture.webp
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 75ebb64b00eb8642d1df4c751f904e2e163d6f9a391d5c1482cd54c014689a12

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 03:46:32 GMT
x-amz-version-id: gPfzIOJPkSqs94gUzke_pgw3rfBcqtuL
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 28992
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 168170
last-modified: Mon, 05 Jun 2023 10:31:11 GMT
server: AmazonS3
etag: "602cd34f03217ad72e9c4c3914289dc0"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: IHxK2tNdZEyi4xM-CeWVptl1O-M2JhUovhct2ra04IyIeNtBApAm_Q==

GET
H2 200 64b044fe1d203f8ef196155e_649aad01ebb0b801d4421acc_GettyImages-1213513544.webp
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 78 KB
78 KB 111ms
110ms Image
image/webp 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/64b044fe1d203f8ef196155e_649aad01ebb0b801d4421acc_GettyImages-1213513544.webp
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3cf87e7a34d45f51d3c42c47fa72920336137265aa2b4333f9d270de0ec5fb5c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 23:54:45 GMT
x-amz-version-id: orgwjYvngi_j3J0JN_4.4qMb40MlG9TG
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 42898
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 79422
last-modified: Mon, 08 Jan 2024 23:04:39 GMT
server: AmazonS3
etag: "f282d5ee6896a1201d4c1f0240472753"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: E9pgngHhh1FU3HFN16Ylaq0rAdzCtE-BNRi7FxCtZXgXDSI-M1RWEw==

GET
H2 200 64c95146b37471f8f218a58f_649aadc41cf6bc0827e47b69_GettyImages-1405668707.webp
assets-global.website-files.com/626ff4d25aca2edf4325ff97/ 25 KB
26 KB 112ms
111ms Image
image/webp 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/64c95146b37471f8f218a58f_649aadc41cf6bc0827e47b69_GettyImages-1405668707.webp
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 622b12fb8599c1522c7918e9398fc880e655f9dce65bb344e89031914262a1ef

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 18:28:24 GMT
x-amz-version-id: Jok4GN5PJTLmQRdVyewS67tsNZpGezOq
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2568080
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 25966
last-modified: Tue, 03 Oct 2023 19:16:45 GMT
server: AmazonS3
etag: "735c8aba4463476b21016bc26bfe788e"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: lw0JRTiqciO5szOuoeyCHtnn-tEG3azkwfa1R5rZj_16zaahAnKv6w==

GET
H2 200 6411aa96cb32ec1f5fcb7bac_Primary%20CTA%204.webp
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 82 KB
83 KB 110ms
109ms Image
image/webp 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/6411aa96cb32ec1f5fcb7bac_Primary%20CTA%204.webp
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/css/web-phoenix.202e22f84.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 35554656118ced47368a42899d05e4449d1b7583a8f45851baa58f88debc9bf9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/css/web-phoenix.202e22f84.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: TMsl_ozp.N89vHlK2cE2laBz_RYI9tQt
date: Tue, 09 Jan 2024 04:08:47 GMT
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 35450
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 84336
last-modified: Wed, 15 Mar 2023 11:23:45 GMT
server: AmazonS3
etag: "c163a21b325f21772c0d432ae780ad7a"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: y4an-bIntNAESSMCvoLrnTuKlIDadnporLmhoJNqjuf1w0b9PeUFXQ==

GET
H2 200 653a61805495885dea4c7c26_TypeType%20-%20TT%20Interphases%20Pro%20Variable.ttf
assets.website-files.com/626ff19cdd07d1258d49238d/ 699 KB
282 KB 276ms
87ms Font
application/x-font-ttf 2600:9000:223f:aa00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/626ff19cdd07d1258d49238d/653a61805495885dea4c7c26_TypeType%20-%20TT%20Interphases%20Pro%20Variable.ttf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/css/web-phoenix.202e22f84.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:aa00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8afb99c212f9301fc21a4de17bbe809db4e68f42fcb714d5424348130b134cd0

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://darktrace.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 13:41:52 GMT
x-amz-version-id: dJ.Uhur2TehXFrfw2GueSqrB2cNfjHF5
content-encoding: br
via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
age: 6473273
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 26 Oct 2023 12:54:25 GMT
server: AmazonS3
etag: W/"7c62d05274e726a95062f6431987436f"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: z7wE2A0rEf75r_u8semJA8bUmPvDfcTPEbzQf5k1KHOPm9ISxk72Pw==

GET
H2 200 65096b03d03a6b0358e8da01_StyreneDTWeb-Medium.ttf
assets.website-files.com/626ff19cdd07d1258d49238d/ 277 KB
70 KB 311ms
125ms Font
application/x-font-ttf 2600:9000:223f:aa00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/626ff19cdd07d1258d49238d/65096b03d03a6b0358e8da01_StyreneDTWeb-Medium.ttf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/css/web-phoenix.202e22f84.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:aa00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c889d861594cdd57090584b2bd3c3b5d8462ca2b445eeac5c0d0a27df119267

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://darktrace.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 06:24:24 GMT
x-amz-version-id: GivM0vfJcmH8N5fK3KVlsfeIBa4RjLmY
content-encoding: br
via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
age: 5203520
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 26 Oct 2023 12:50:39 GMT
server: AmazonS3
etag: W/"babf393833722d9411d447268d573ae9"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: 6ypNmXiqaifZEG-z4IDoZmE05pV6yKgH0mNEWDi7CtFHR5R2FF2_xA==

GET
H2 200 65096b03ea49bfa053e5141f_StyreneDTWeb-Light.ttf
assets.website-files.com/626ff19cdd07d1258d49238d/ 275 KB
68 KB 243ms
57ms Font
application/x-font-ttf 2600:9000:223f:aa00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/626ff19cdd07d1258d49238d/65096b03ea49bfa053e5141f_StyreneDTWeb-Light.ttf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/css/web-phoenix.202e22f84.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:aa00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b5d0e889b75f14e89091dcccc71c42fcf277157ec9d025f0b844bb310089e54

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://darktrace.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 03:39:00 GMT
x-amz-version-id: 6UaLZoIOLmbBP_RM8iD3oNqk1bRmZfbn
content-encoding: br
via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
age: 1757445
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 26 Oct 2023 12:50:39 GMT
server: AmazonS3
etag: W/"39f90c2e582307b6caccac78618ed801"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: 3wdvRZD2xkcKKaZGHO7q27hzRZgQPBpErgwc2ghsgbVnY9llG2I9GA==

GET
H2 200 65096b0385d01b33d733f794_StyreneDTWeb-Bold.ttf
assets.website-files.com/626ff19cdd07d1258d49238d/ 277 KB
69 KB 313ms
127ms Font
application/x-font-ttf 2600:9000:223f:aa00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/626ff19cdd07d1258d49238d/65096b0385d01b33d733f794_StyreneDTWeb-Bold.ttf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/css/web-phoenix.202e22f84.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:aa00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 560945bf1cdf86e11d526e733b7024c831b64eaadba6dcaecc9e3ad41fd0d218

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://darktrace.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 12:02:11 GMT
x-amz-version-id: _DBFqgMlj41c3gV8GQuK703saqLs7X9E
content-encoding: br
via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
age: 2936853
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 26 Oct 2023 12:50:39 GMT
server: AmazonS3
etag: W/"efd59cc0c47afd281c1a1a7f66967f19"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: 8Xxy4XHNstGViA8CxW8QDW68aqvEw4cghVkM64wgyQXRODYtL7RDuw==

GET
H2 200 6454d3090c26dacc6d886840_Blog%20Hero%20Deco.svg
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 475 B
934 B 124ms
122ms Image
image/svg+xml 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/6454d3090c26dacc6d886840_Blog%20Hero%20Deco.svg
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 05580beab81991e3bc00c261992d6579a28696fde9eb6e623988bb74fa2e4e97

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 09:45:17 GMT
x-amz-version-id: RaZnocDTNEsNafZTA0Px2yKrOq5VsKuG
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 8906668
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 475
last-modified: Fri, 05 May 2023 09:57:30 GMT
server: AmazonS3
etag: "225587c38d6374e81434a981f1976960"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: kY3dG0dRmZ9ec52xPLVPQpC37hdROu-ZP18em391WTQmTfh_Lcglyw==

GET
H2 200 6409b2f3f0c862332f902d03_LinkedIn%20Dark.svg
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 670 B
1 KB 122ms
121ms Image
image/svg+xml 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/6409b2f3f0c862332f902d03_LinkedIn%20Dark.svg
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fc6e0c4111cd38963ea6b4a56e332b87f188f6785c45065351a7d7b959c31287

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 12:00:45 GMT
x-amz-version-id: a58NbSzcmrrDM3qq8HMvbNJmXiwWvhO1
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 1122540
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 670
last-modified: Thu, 09 Mar 2023 10:20:37 GMT
server: AmazonS3
etag: "c66a503f70a97b74d80b3598fe5cda47"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: muK4EYu4mqwe81Vz5zwNZBeDS51rsqxYYiowyUNqaKpaD55lmMT1fA==

GET
H2 200 64d65d6b1dd9d70da0ce73c6_X%20Logo.svg
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 561 B
1017 B 123ms
121ms Image
image/svg+xml 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/64d65d6b1dd9d70da0ce73c6_X%20Logo.svg
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 667d18bc97b1072affa375044924419adae01f7e5de46c6acb8fb12ef984a57a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 07:13:58 GMT
x-amz-version-id: 5Sh.IdvkC9Us0aCgO2vCYrWR1muZ5nce
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 2090147
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 561
last-modified: Fri, 11 Aug 2023 16:10:20 GMT
server: AmazonS3
etag: "d023c215c6a9c737580da184db9e5b6f"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: POm3nyOXwARKgPlMsJ4cPHTqgBm1w2dnDi1TYuUydWeHjn3priF__Q==

GET
H2 200 6409b2f376b5be7e02ad8a6f_Facebook%20Dark.svg
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 469 B
930 B 123ms
122ms Image
image/svg+xml 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/6409b2f376b5be7e02ad8a6f_Facebook%20Dark.svg
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5709c24c903fdd841258a235316578adfc91781ea0d4a408a8cc3425441ec5bc

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 05:36:33 GMT
x-amz-version-id: zJxc1Q5jm_uENcuo9vhAmlywHXE_4cT8
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
age: 14278392
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 469
last-modified: Thu, 09 Mar 2023 10:20:36 GMT
server: AmazonS3
etag: "83dc56bf7b08efe89c31c5dfa74f1370"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: qD30_YFJLTdXc12xUJKBjwEH5yrIVUfifAs5bYUUGzZdGUOcQAP8_A==

GET
H2 200 weglot.min.css
cdn.weglot.com/ 28 KB
5 KB 60ms
57ms Stylesheet
text/css 2606:4700::6812:620
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.weglot.com/weglot.min.css?v=4

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:620 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cbf5b3bbfcd2f23a688b189310c36484be77a86a6a59ab11d2666a255d172d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 3311a5c1855379b1fe76a4d8ea996928.cloudfront.net (CloudFront)
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-cf-pop: LHR62-C4
age: 3655144
x-cache: Hit from cloudfront
last-modified: Tue, 21 Nov 2023 14:36:53 GMT
server: cloudflare
etag: W/"396483c84619a8b59a272ec60b4059c4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 842c7566ab4d5279-LHR
x-amz-cf-id: ZyGDimvTWeb-iecHZFqCzyydJOaEUbXvM7OFOe5qI7r0Y87jsde-wg==
expires: Wed, 08 Jan 2025 11:49:44 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
305 B 162ms
46ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26e34b9fbbd2ecafe25af980f19ddc63342ffad01477b0fe851ac8c35bfea847

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://darktrace.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 842c75676ee177b4-LHR
access-control-allow-headers: Content-Type

GET
H2 200 / Show response
t.gatorleads.co.uk/Tracking/TrackUrlGet/ 190 B
331 B 103ms
103ms Script
application/x-javascript 37.221.223.30
SPOTLER Spotler N...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.gatorleads.co.uk/Tracking/TrackUrlGet/?clientid=9d4e9aed-5f41-4ac6-9664-348ac7434c4c&cust1=&cust2=&cust3=&pageUrl=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageTitle=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20&referrerUrl=&trackingdata=&sessionId=&pageType=Page&schedule=&utmvalues=&callback=window.wowCallback0
Requested by: Host: t.gatorleads.co.uk
URL: https://t.gatorleads.co.uk/Scripts/ssl/9d4e9aed-5f41-4ac6-9664-348ac7434c4c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 37.221.223.30 , United Kingdom, ASN51514 (SPOTLER Spotler Network, NL),
Reverse DNS: mail30.tgml2.co.uk
Software: Caddy /
Resource Hash: 698d8b0fcf58997c4c938bedf01f559f39f412634513e8d74196ad43f315a050

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
x-backend: web41
age: 0
x-cache: MISS spuk-var01
cad-forwarded-for: 194.74.212.124
content-length: 245
x-client-ip: 10.118.6.11
server: Caddy
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
x-client-id: 10.118.6.11
t-caddyhead: 101
accept-ranges: bytes

GET
H2 200 id Show response
dpm.demdex.net/ 368 B
914 B 284ms
104ms XHR
application/json 52.18.173.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=4AE530AF633C985D0A495E93%40AdobeOrg&d_nsid=0&ts=1704800984279

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.18.173.130 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-18-173-130.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7868a58dc21bf1010472f79a9988006466a9008173afbbf386ae27aeb9f75208

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://darktrace.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-2-v054-034c53ac2.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 09 Jan 2024 11:49:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: oJuYGDAfQ9Q=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://darktrace.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 310
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 34 KB
12 KB 67ms
66ms Script
application/x-javascript 2a02:26f0:480:983::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:983::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://darktrace.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12384
expires: Tue, 09 Jan 2024 12:49:44 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 3 KB
2 KB 41ms
41ms Script
application/x-javascript 2a02:26f0:480:983::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:983::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "b89fcb8870ac40eecb6d3cc844d35389:1663863409.92483"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://darktrace.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1598
expires: Tue, 09 Jan 2024 12:49:44 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 183 KB
67 KB 209ms
52ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9120626

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0550d938cf2354e3a77c916a083b172a4df5d062bbbc8073a932f3dafc06171a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68196
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jan 2024 11:49:44 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 42 KB
15 KB 206ms
49ms Script
application/javascript 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f0822081c33dc4a9cabd9255d574f89280925c4e1f833eefb49a966243014572

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 07 Jan 2024 16:03:13 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=84361
accept-ranges: bytes
content-length: 15605

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202304.1.0/ 401 KB
97 KB 46ms
34ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1114132a79b42ce8e5064f57a1560a3b3f0e1659afc33e4698bab53e1301fbfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: f9AvZgohx9TU9t078cCRXA==
age: 27907
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99020
x-ms-lease-status: unlocked
last-modified: Thu, 11 May 2023 06:31:14 GMT
server: cloudflare
etag: 0x8DB51E951BA9202
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f3f50414-c01e-006d-731c-128dc8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 842c7568dae87731-LHR

GET
H2 200 web-interactives-embed.js Show response
js-eu1.hubspot.com/ 79 KB
24 KB 232ms
70ms Script
application/javascript 172.65.236.181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hubspot.com/web-interactives-embed.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25522132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0a2315923c48fc1d0652efb581b8db4bae0432b2823ce24ca77a211299cde10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://darktrace.com/
Origin: https://darktrace.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
age: 550
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.779/bundles/project.js&cfRay=84266ed50e48954f-AMS
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"74a7784032d384ab8b680a383dfe7228"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.779/bundles/project.js
date: Tue, 09 Jan 2024 11:49:44 GMT
x-amz-version-id: utFFKfbcz6OI7awXJbpvILQMSF0IJITb
via: 1.1 34f8e9435dea359238debf97e45feb10.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
x-hubspot-correlation-id: ebc5a532-61b2-4a8e-a873-e9cc6d701e20
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
x-request-id: ebc5a532-61b2-4a8e-a873-e9cc6d701e20
last-modified: Wed, 03 Jan 2024 14:19:41 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WwOwFmDN68KiS8i0ia2CPGk7DugIyENPMI7axDqCAkyQ1%2FGZflsXjnX8qZpYdjgLnL2uL1uliYbqIMvI7h3suAeiWhu07d1HhV6R9fl8QBylyIdGIeD5MxSWz1usefEzHkDHgw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-695bcd6f7f-xt7cc
cf-ray: 842c756abea879eb-DUB
x-amz-cf-id: uURWAz62SLZvzC2Rr738O0xpxlmEj3U3DhKHioB-R4Gt1Be0-MOqow==

GET
H2 200 fb.js Show response
js-eu1.hsadspixel.net/ 6 KB
4 KB 235ms
74ms Script
application/javascript 172.65.219.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hsadspixel.net/fb.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25522132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9092cb4fb3eafe925fa67a4dc6b62b7c769cbcb9a1420ecaf4b5d80edeae726

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
x-amz-version-id: 5iFzgPv7W58VCAVxkHMx4QTA.7HcSoUh
via: 1.1 fca814089bc9a82fba87ce0548f9f358.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: FRA60-P6
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: feaff66c-dceb-494d-8dcc-f279595133f6
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.510/bundles/pixels-release.js&cfRay=84259acf1f595714-AMS
x-cache: Hit from cloudfront
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
age: 349
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: feaff66c-dceb-494d-8dcc-f279595133f6
last-modified: Mon, 08 Jan 2024 15:41:49 UTC
server: cloudflare
etag: W/"ef358d7718df65ca620b75c779a3c331"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-695bcd6f7f-9ggpp
cf-ray: 842c756ab9ef56d3-DUB
x-amz-cf-id: aF7yYEPOajNH0YAXpFP5aqEMFaK21impFOJshLV64IV7BeTC8UhwZg==
x-hs-target-asset: adsscriptloaderstatic/static-1.510/bundles/pixels-release.js

GET
H2 200 banner.js Show response
js-eu1.hs-banner.com/v2/25522132/ 62 KB
20 KB 218ms
69ms Script
application/javascript 172.65.202.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hs-banner.com/v2/25522132/banner.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25522132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c84b3cf8d67d4ae3a126a497ec191ea9ac8e3e59cec9277c02f0e413dcf2922b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: aa331e76-278f-4cd9-83d4-48c3022f8bed
age: 230
x-envoy-upstream-service-time: 75
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: aa331e76-278f-4cd9-83d4-48c3022f8bed
last-modified: Tue, 19 Dec 2023 14:35:24 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: fra04/private-hubapi-td/envoy-proxy-7874ccf86d-cxsqt, fra04/analytics-js-proxy-td/envoy-proxy-86f67f8584-x2kjn
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://darktrace.com
access-control-allow-credentials: true
cache-control: max-age=300,public
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 842c756aad0f79e3-DUB
expires: Tue, 09 Jan 2024 11:50:54 GMT

GET
H2 200 25522132.js Show response
js-eu1.hs-analytics.net/analytics/1704800700000/ 66 KB
21 KB 276ms
74ms Script
text/javascript 172.65.238.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-analytics.net/analytics/1704800700000/25522132.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25522132.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eec5c16f99cb6829f384ede7f2ade9b1bdbfbf27c16d29993037fa28790b3d9b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: B4VS4XJYEM30EEW5
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 380c67db-6ccc-4ca0-a570-332ce944b609
age: 261
x-envoy-upstream-service-time: 25
x-amz-id-2: D1/TFQc5goyuN6n4sl7/p115Gaecf27EPgGVtGj7qyWHksl0zbqrKLtP3Cz42cZEW4P7BsNwvQs=
x-evy-trace-listener: listener_https
x-request-id: 380c67db-6ccc-4ca0-a570-332ce944b609
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 03 Jan 2024 16:33:23 GMT
server: cloudflare
etag: W/"5bb77cbde85a2aa57023df7018f4db75"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-86f67f8584-7lprz
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 842c756afc7d955b-DUB
expires: Tue, 09 Jan 2024 11:50:23 GMT

GET
H2 200 collectedforms.js Show response
js-eu1.hscollectedforms.net/ 69 KB
25 KB 220ms
71ms Script
application/javascript 172.65.192.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hscollectedforms.net/collectedforms.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25522132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://darktrace.com/
Origin: https://darktrace.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 550
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.451/bundles/project.js&cfRay=84266db79ed856db-DUB
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"dc52d8d37d1323196ca91b50795df6c4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.451/bundles/project.js
date: Tue, 09 Jan 2024 11:49:44 GMT
x-amz-version-id: JAkD5shSwdxe4gNEROP8R.wQbdFvcCSE
via: 1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: FRA60-P6
x-hubspot-correlation-id: 12749f8e-b6fc-4a63-a415-1de001291c72
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-request-id: 12749f8e-b6fc-4a63-a415-1de001291c72
last-modified: Wed, 03 Jan 2024 09:59:35 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-695bcd6f7f-9ggpp
cf-ray: 842c756aa8bb79d9-DUB
x-amz-cf-id: i5BekHfxncfgcqfsqKiSyrLUGaJiiWFcYAWbBaojEMNETJBTi88Exg==

GET
H2 200 dest5.html Show response
darktrace.demdex.net/ Frame B6A2 7 KB
3 KB 68ms
40ms Document
text/html 52.18.173.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://darktrace.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.18.173.130 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-18-173-130.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Tue, 09 Jan 2024 11:49:44 GMT
dcs: dcs-prod-irl1-1-v054-0dd64a28b.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 20 Nov 2023 15:38:21 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: ISDRkSAtQI0=

GET
H2

200

ibs:dpid=411&dpuuid=ZZ0y2AAAANF-awOJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=57390379367534598152656230931144534206
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZZ0y2AAAANF-awOJ

42 B
718 B

40ms
39ms

Image
image/gif

52.18.173.130
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZZ0y2AAAANF-awOJ

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Server

52.18.173.130 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-18-173-130.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-08a71e00e.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 09 Jan 2024 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: QOa7bthVTME=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZZ0y2AAAANF-awOJ
Date: Tue, 09 Jan 2024 11:49:44 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&coo...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D67174%26time%3D1704800984629%26url%3Dhttps%253A%252F%252Fdarktrace.com%252Fblog%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&coo...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&co...

0
266 B

235ms
121ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&cookiesTest=true&liSync=true&e_ipv6=AQJClrlIWL4BygAAAYzuDqGcH9Fs2LoX3HBklhv429Q9KHZilR2I8jki9y_zsX-EyNA29WCp19o
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: AC960E69A98A4B589B5936D2CDBBA946 Ref B: LON04EDGE0813 Ref C: 2024-01-09T11:49:45Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOgekqxiGobEdehN7RNA==

Redirect headers

date: Tue, 09 Jan 2024 11:49:44 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: FD5AF5B7A91543CCB2FECB66475C598C Ref B: LTSEDGE2021 Ref C: 2024-01-09T11:49:45Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=67174&time=1704800984629&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&cookiesTest=true&liSync=true&e_ipv6=AQJClrlIWL4BygAAAYzuDqGcH9Fs2LoX3HBklhv429Q9KHZilR2I8jki9y_zsX-EyNA29WCp19o
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOgeknL2tPqCkfBX00wQ==

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/20244352-54bc-40a3-80e3-0daa9d221c87/06f4eea1-8b01-4e79-8fb6-068228f39f7f/ 48 KB
10 KB 51ms
50ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/20244352-54bc-40a3-80e3-0daa9d221c87/06f4eea1-8b01-4e79-8fb6-068228f39f7f/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df5e020a0b03feb2fb9b4dc60259ebc8dd850a0e51140d84ff03c3b6080ada95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 78224
content-md5: fo5ttQJOfm7lxkr/yDsZGQ==
content-length: 10369
x-ms-lease-status: unlocked
last-modified: Wed, 17 May 2023 08:45:58 GMT
server: cloudflare
etag: 0x8DB56B322B32F42
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 39a1410b-001e-004d-69f1-1df66f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 842c756a0e4e52cf-LHR
expires: Wed, 10 Jan 2024 11:49:44 GMT

GET
H2

200

activityi;dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-... Show response
9120626.fls.doubleclick.net/ Frame 409D
Redirect Chain

https://9120626.fls.doubleclick.net/activityi;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoo...
https://9120626.fls.doubleclick.net/activityi;dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fb...

710 B
509 B

76ms
75ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9120626.fls.doubleclick.net/activityi;dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9120626

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

2ade11cacba5dd6d5e1116fa17771776084418a7c79d65dc210f823c6618c531

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 333
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:44 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9120626.fls.doubleclick.net/activityi;dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 211 KB
76 KB 64ms
63ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-401176436

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c932a28729a3db2a3e5776e52e18e23d8e4e7bc87ae398f7f3caf0029a19d95d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77391
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jan 2024 11:49:44 GMT

GET
DATA 200
OK truncated
/ 255 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9948ae846979246ddfe993e604739594ce0e7cdfa77657412b9b0090009dcf23

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 571A 42 KB
27 KB 63ms
62ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=51ow0tceuxhm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0ddc2c20433d5888f43cd87ce4b756b18b55c372a95b66e90a3536fa04e4ff79

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rzkuYETgWrDhGtVolWGymg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-rzkuYETgWrDhGtVolWGymg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 475A 42 KB
26 KB 77ms
76ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=4nbk9fy66e5s

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eff10462a087ca9404ba60423b627967e45c4d9d84c5511e54051fd8529dc7ee

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uvdrLQ2ZGuhp_91Z-TGb4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-uvdrLQ2ZGuhp_91Z-TGb4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 2598 42 KB
26 KB 79ms
73ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=rlqn2zncxsyj

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ffbb7792087f8b0afcf6e098a600539d76d28dea4e02d3a1aced38b5383b09e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gZiR-oajaDUEeXhhNF5nWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-gZiR-oajaDUEeXhhNF5nWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame C851 42 KB
27 KB 72ms
70ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=mfclljqxxxv8

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ec5fad0a130ee84240f611cae8f393bc11875dbaca9a78993949779dfd854526

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2ZT7DKM0qAb5LGGbgUJyIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-2ZT7DKM0qAb5LGGbgUJyIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 2118 42 KB
26 KB 89ms
81ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=g6npt7u7vjf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3bfce4fa7837405942835dc8ffee7c6706c1b7602477a62282760df4fcc6f200

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-C_RPPAT5lX4R7w-fhNpBKg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-C_RPPAT5lX4R7w-fhNpBKg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame D73D 42 KB
26 KB 93ms
89ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=e73kmc3v9cwg

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

47b867f313154fc5dd17ddafa82b64293c5c5cf733230cf09587c1f9f8e5d5b1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wlsU3Dkwayi4fNZFvHzhzw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-wlsU3Dkwayi4fNZFvHzhzw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 62cb281b38027f507517f419_Gradient%20Button%20Rotate2.json Show response
assets-global.website-files.com/626ff19cdd07d1258d49238d/ 2 KB
1 KB 192ms
57ms XHR
application/json 2600:9000:2156:8c00:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/62cb281b38027f507517f419_Gradient%20Button%20Rotate2.json
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/626ff19cdd07d1258d49238d/js/web-phoenix.a6b03652d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8c00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea3931de93ca6940e75c6da8d126fccd812f1cf590cbf7844136d5c6c0685bf0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 10:14:22 GMT
x-amz-version-id: _JWgRDHLwVrMn2Yku2SFY3Ftq6u4Ip1i
content-encoding: br
via: 1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
age: 10460123
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 10 Jul 2022 19:27:26 GMT
server: AmazonS3
etag: W/"bde15e8c08bdae257ac118c5e638a3e5"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: DzIo3oQfCZI4jWQXBdDpTTQSav-81y-CJLNFCPbOd2TaENxPoOqc5Q==

GET
H2 200 slugs Show response
cdn-api-weglot.com/translations/ 533 B
815 B 165ms
42ms Fetch
application/json 2606:4700::6812:1caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-api-weglot.com/translations/slugs?api_key=wg_234baeaaccaa2f09e0dc6c004f571bbd6&language_to=fr&v=1658845381

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9270bbe635cc7cf73fcdaa51e5e9ea0ad367a2ca4eeec9b837c5779ceb45cd40

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-c3f1957861cecc9997148b99f3b24c73' dashboard.weglot.com .weglot.com .stripe.com .announcekit.app .nolt.io .jsdelivr.net .firstpromoter.com beacon-v2.helpscout.net .google.com .google-analytics.com .googletagmanager.com .googleadservices.com .gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com .snap.licdn.com .redditstatic.com connect.facebook.net .hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'nonce-c3f1957861cecc9997148b99f3b24c73' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: HIT
age: 5044933
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 01 Nov 2023 08:39:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,PUT,PATCH
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
cf-ray: 842c756dfa41638b-LHR
access-control-allow-headers: Content-Type
expires: Wed, 08 Jan 2025 11:49:45 GMT

GET
H2 200 slugs Show response
cdn-api-weglot.com/translations/ 2 B
1 KB 166ms
43ms Fetch
application/json 2606:4700::6812:1caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-api-weglot.com/translations/slugs?api_key=wg_234baeaaccaa2f09e0dc6c004f571bbd6&language_to=it&v=1658845381

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-9ab6adaa4befc68ad6496ae2cb701e05' dashboard.weglot.com .weglot.com .stripe.com .announcekit.app .nolt.io .jsdelivr.net .firstpromoter.com beacon-v2.helpscout.net .google.com .google-analytics.com .googletagmanager.com .googleadservices.com .gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com .snap.licdn.com .redditstatic.com connect.facebook.net .hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'nonce-9ab6adaa4befc68ad6496ae2cb701e05' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 6074667
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 20 Sep 2023 15:44:25 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,PUT,PATCH
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
cf-ray: 842c756dfa44638b-LHR
access-control-allow-headers: Content-Type
x-amz-cf-id: LOYl92O88YW-CW9WPvBdULPD3KtRsCZU8q1J5TZWvEViBYgmeyvLMA==
expires: Wed, 08 Jan 2025 11:49:45 GMT

GET
H2 200 slugs Show response
cdn-api-weglot.com/translations/ 2 B
536 B 167ms
44ms Fetch
application/json 2606:4700::6812:1caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-api-weglot.com/translations/slugs?api_key=wg_234baeaaccaa2f09e0dc6c004f571bbd6&language_to=ko&v=1658845381

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-19995a247ef0672680189fb90840ce76' dashboard.weglot.com .weglot.com .stripe.com .announcekit.app .nolt.io .jsdelivr.net .firstpromoter.com beacon-v2.helpscout.net .google.com .google-analytics.com .googletagmanager.com .googleadservices.com .gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com .snap.licdn.com .redditstatic.com connect.facebook.net .hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'nonce-19995a247ef0672680189fb90840ce76' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: HIT
age: 2792552
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 08 Nov 2023 01:48:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,PUT,PATCH
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
cf-ray: 842c756dfa47638b-LHR
access-control-allow-headers: Content-Type
expires: Wed, 08 Jan 2025 11:49:45 GMT

GET
H2 200 slugs Show response
cdn-api-weglot.com/translations/ 2 B
537 B 165ms
43ms Fetch
application/json 2606:4700::6812:1caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-api-weglot.com/translations/slugs?api_key=wg_234baeaaccaa2f09e0dc6c004f571bbd6&language_to=ja&v=1658845381

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-9b2f8eb016122ccc2670d1b1342dc6c8' dashboard.weglot.com .weglot.com .stripe.com .announcekit.app .nolt.io .jsdelivr.net .firstpromoter.com beacon-v2.helpscout.net .google.com .google-analytics.com .googletagmanager.com .googleadservices.com .gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com .snap.licdn.com .redditstatic.com connect.facebook.net .hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'nonce-9b2f8eb016122ccc2670d1b1342dc6c8' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: HIT
age: 4952564
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 12 Nov 2023 02:27:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,PUT,PATCH
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
cf-ray: 842c756dfa4b638b-LHR
access-control-allow-headers: Content-Type
expires: Wed, 08 Jan 2025 11:49:45 GMT

GET
H2 200 slugs Show response
cdn-api-weglot.com/translations/ 2 B
1 KB 163ms
40ms Fetch
application/json 2606:4700::6812:1caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-api-weglot.com/translations/slugs?api_key=wg_234baeaaccaa2f09e0dc6c004f571bbd6&language_to=es&v=1658845381

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-696ec0e95b0b6e43ccdbed736afa9029' dashboard.weglot.com .weglot.com .stripe.com .announcekit.app .nolt.io .jsdelivr.net .firstpromoter.com beacon-v2.helpscout.net .google.com .google-analytics.com .googletagmanager.com .googleadservices.com .gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com .snap.licdn.com .redditstatic.com connect.facebook.net .hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'nonce-696ec0e95b0b6e43ccdbed736afa9029' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: HIT
age: 4594470
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 01 Nov 2023 02:46:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,PUT,PATCH
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
cf-ray: 842c756dfa3d638b-LHR
access-control-allow-headers: Content-Type
expires: Wed, 08 Jan 2025 11:49:45 GMT

GET
H2 200 slugs Show response
cdn-api-weglot.com/translations/ 2 B
537 B 163ms
41ms Fetch
application/json 2606:4700::6812:1caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-api-weglot.com/translations/slugs?api_key=wg_234baeaaccaa2f09e0dc6c004f571bbd6&language_to=de&v=1658845381

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-54d162ebfb6a012d8f7b9eed820d84ad' dashboard.weglot.com .weglot.com .stripe.com .announcekit.app .nolt.io .jsdelivr.net .firstpromoter.com beacon-v2.helpscout.net .google.com .google-analytics.com .googletagmanager.com .googleadservices.com .gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com .snap.licdn.com .redditstatic.com connect.facebook.net .hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'nonce-54d162ebfb6a012d8f7b9eed820d84ad' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: HIT
age: 3633579
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 Nov 2023 03:41:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,PUT,PATCH
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
cf-ray: 842c756dfa3f638b-LHR
access-control-allow-headers: Content-Type
expires: Wed, 08 Jan 2025 11:49:45 GMT

GET
H2 200 slugs Show response
cdn-api-weglot.com/translations/ 79 B
676 B 177ms
55ms Fetch
application/json 2606:4700::6812:1caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-api-weglot.com/translations/slugs?api_key=wg_234baeaaccaa2f09e0dc6c004f571bbd6&language_to=br&v=1658845381

Requested by

Host: cdn.weglot.com
URL: https://cdn.weglot.com/weglot.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e52ba320502e2cd491874b86e0e3fbffbd189d8913f5f46c6092056ecfa24104

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-b1c21473d5fd2a576ef9c78ecbad6f21' dashboard.weglot.com .weglot.com .stripe.com .announcekit.app .nolt.io .jsdelivr.net .firstpromoter.com beacon-v2.helpscout.net .google.com .google-analytics.com .googletagmanager.com .googleadservices.com .gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com .snap.licdn.com .redditstatic.com connect.facebook.net .hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'nonce-b1c21473d5fd2a576ef9c78ecbad6f21' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 5994740
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 20 Sep 2023 15:44:25 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST,PUT,PATCH
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
cf-ray: 842c756dfa3b638b-LHR
access-control-allow-headers: Content-Type
x-amz-cf-id: mGb-U-YNnAjswBlNUOccm7lGZg5gyJYIPJUzHplIfBAoToFdqtDyjg==
expires: Wed, 08 Jan 2025 11:49:45 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 571A 55 KB
24 KB 264ms
124ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=51ow0tceuxhm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 571A 503 KB
201 KB 175ms
37ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 475A 55 KB
24 KB 235ms
97ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 475A 503 KB
201 KB 305ms
167ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame C851 55 KB
24 KB 204ms
68ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame C851 503 KB
201 KB 296ms
161ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 2598 55 KB
24 KB 216ms
83ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 2598 503 KB
201 KB 291ms
157ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 2118 55 KB
24 KB 185ms
53ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 2118 503 KB
201 KB 263ms
132ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame D73D 55 KB
24 KB 168ms
39ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame D73D 503 KB
201 KB 267ms
138ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/ 13 KB
3 KB 35ms
35ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: VwzPf/atFGVLVHgPLKsA5g==
age: 4535
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3019
x-ms-lease-status: unlocked
last-modified: Thu, 11 May 2023 06:31:08 GMT
server: cloudflare
etag: 0x8DB51E94E2F9DF3
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: fa8f1b60-b01e-0005-63ca-21eb58000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 842c756db9ba52cf-LHR

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/v2/ 61 KB
12 KB 42ms
42ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: U0I+ien3T2GIYJcFxPdemQ==
age: 4535
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12544
x-ms-lease-status: unlocked
last-modified: Thu, 11 May 2023 06:31:10 GMT
server: cloudflare
etag: 0x8DB51E94F811CDE
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 02a68625-601e-0016-5e90-22cf54000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 842c756db9bc52cf-LHR

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/ 21 KB
4 KB 38ms
37ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 13214
x-ms-lease-status: unlocked
last-modified: Thu, 11 May 2023 06:31:18 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 13d95642-d01e-002c-341b-15d52c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 842c756db9bd52cf-LHR

GET
H2 200 dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a... Show response
adservice.google.com/ddm/fls/i/ Frame A824 712 B
710 B 241ms
114ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Requested by

Host: 9120626.fls.doubleclick.net
URL: https://9120626.fls.doubleclick.net/activityi;dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

904d4d120f4afbbc39a9346f71d5ba21d3eb1a78b7b91dd9e9c1677c18889bef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9120626.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 335
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/401176436/ 3 KB
2 KB 236ms
77ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/401176436/?random=1704800985269&cv=11&fst=1704800985269&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&hn=www.googleadservices.com&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&auid=1025747073.1704800985&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-401176436

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a4a06cee7bb6f756c0e4ace9d874d65e5b26b632bf3f8029444de1a1f73f1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1375
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/401176436/ 3 KB
2 KB 235ms
81ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/401176436/?random=1704800985282&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&label=iWNrCOfMzv0DEPTupb8B&hn=www.googleadservices.com&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&auid=1025747073.1704800985&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-401176436

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

80139d0dd1906af8a45be3ea2b5cc19068fd8797b6af42919f6621c1c1e16870

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1656
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 190ms
37ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 09 Jan 2024 11:49:45 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 25370EAE73344A9CA557FB641D07272C Ref B: LTSEDGE1612 Ref C: 2024-01-09T11:49:45Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 b474d74a-fc48-497d-b3dd-02eddc4b51ac.js Show response
j.6sc.co/j/ 4 KB
4 KB 360ms
60ms Script
application/javascript 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/b474d74a-fc48-497d-b3dd-02eddc4b51ac.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ea4e25aa0549/f752722fa920/launch-581b2cfa7858.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-20-143-74.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fd86fe420268206f681edfdde283a00ce6f15dbd6bb7e09de5e8fd02cb88d463

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 7Mw1NroldPLZ5O4d9EdaVphfP5jkyP9k
date: Tue, 09 Jan 2024 11:49:45 GMT
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 4059
pragma: no-cache
last-modified: Thu, 29 Jun 2023 08:52:59 GMT
server: AmazonS3
etag: "3aa2cc199385c20dfc4ccbd07cc6556f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: _q3ZFHv5J6zv9DlQAUvRQy8jRc5FCKb_xuN1VJ680ZYweLwSCDRVGA==
expires: Tue, 09 Jan 2024 11:49:45 GMT

GET
H2 200 json Show response
api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 112 B
1 KB 399ms
114ms XHR
application/json 2a06:98c1:3200::90:2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=25522132

Requested by

Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3200::90:2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b831be8e0edc00c9adb30dfb341f236a3da1b10ab114778a05cb50537a35d1c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 08b702f5-e6f5-4d5c-aaf2-4f4c7b6a54d9
content-encoding: br
x-envoy-upstream-service-time: 13
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 08b702f5-e6f5-4d5c-aaf2-4f4c7b6a54d9
server: cloudflare
x-trace: 2B136A8158FFC3EC904127CC507E696609B3324415000000000000000000
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://darktrace.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-served-by-pod: fra04/hubapi-td/envoy-proxy-6f6888945b-nhd2b
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zxxXpOnt0Ur2mtsrkNX55xXoaH8DXPbc9vXo6o3ur8y8QxdXvT%2F5%2Fm1fKJzFHqhFK7ikUXZyOUbI4IO4ZQIAOA%2FbYZzoxqb5VapyZ9jbRo48er2L0EuHBR0F%2BR8%2BwSeirwO8Z1oPWO8PnHAMZF%2FEdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 842c757008f1570d-DUB
access-control-allow-headers: *

GET
H2 200 combinedConfigs Show response
cta-eu1.hubspot.com/web-interactives/public/v1/embed/ 369 B
1 KB 372ms
112ms Fetch
application/json 172.65.198.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=25522132&currentUrl=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Requested by

Host: js-eu1.hubspot.com
URL: https://js-eu1.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14103b64df9857f9f7ad1f02efaafba97ce4772e8d8b448857de69c3537c338d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 99aaeb57-71ec-4208-9fe7-5566fc91c1b8
content-encoding: br
x-envoy-upstream-service-time: 16
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 99aaeb57-71ec-4208-9fe7-5566fc91c1b8
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://darktrace.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F1Kb7BwVB62lUD8F6DxKvPGT%2F2heqyQN7O34xKlb3EcP9PlabqZNwiG1Bhlv7abfWiReLeF3bYvD8mR%2FzE9uNpmSM1G7OQ9oqq1eK3oKDEFXC2WtAbcjLl5I4pQQPbPJYd0nB0E%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 842c757018be1b88-DUB
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-749c979cdb-h6dfx

GET
H2 200 json Show response
forms-eu1.hscollectedforms.net/collected-forms/v1/config/ 116 B
422 B 96ms
78ms XHR
application/json 172.65.192.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=25522132&utk=

Requested by

Host: js-eu1.hscollectedforms.net
URL: https://js-eu1.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6f67012173d003d1310c16e0e38a778b787655bdc8b4205e7b5b58e821c73de

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://darktrace.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4b0826d6-d03e-49d0-aefc-ec971477e517
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4b0826d6-d03e-49d0-aefc-ec971477e517
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://darktrace.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-695bcd6f7f-9ggpp
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 842c756e983079d9-DUB

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
623 B 35ms
35ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 27909
x-ms-lease-status: unlocked
last-modified: Mon, 08 Jan 2024 03:16:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 3cdb1d09-901e-0094-7aee-418eea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 842c756e998a7731-LHR

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
494 B 37ms
37ms Fetch
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 11905
x-ms-lease-status: unlocked
last-modified: Tue, 09 Jan 2024 07:10:15 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: cebd9889-c01e-0089-71d6-428356000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 842c756ecab252cf-LHR

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 51ms
32ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 35639
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Mon, 08 Jan 2024 03:16:06 GMT
server: cloudflare
etag: 0x8DC0FF8270FF924
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: d1d9a19a-401e-0011-240a-42a337000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 842c756f0a027731-LHR

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 57ms
38ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jan 2024 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 28340
x-ms-lease-status: unlocked
last-modified: Tue, 09 Jan 2024 03:40:29 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 1bacc9ac-f01e-003b-0baf-427c27000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 842c756f0a037731-LHR

GET
H2 204 211011833.js Show response
bat.bing.com/p/action/ 0
117 B 37ms
36ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/211011833.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 09 Jan 2024 11:49:45 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E4F79A644ED442F0AF238C3E7FE0B639 Ref B: LTSEDGE1612 Ref C: 2024-01-09T11:49:45Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 99ms
99ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=211011833&Ver=2&mid=1ba0fc11-fd86-4b56-b728-232f8a0a6400&sid=2f079900aee511ee888c27a2780c198e&vid=2f07df00aee511eea5b2bda2597a2511&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&p=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&r=&lt=1442&evt=pageLoad&sv=1&rn=382059

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 09 Jan 2024 11:49:45 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 01C15F56921746DEB8859E36641D0D54 Ref B: LTSEDGE1612 Ref C: 2024-01-09T11:49:45Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
1016 B 278ms
119ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=6

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Tue, 09 Jan 2024 11:49:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 48b1a98d-c511-4bc7-b6ed-7081fd31761d
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 48b1a98d-c511-4bc7-b6ed-7081fd31761d
Server: cloudflare
X-Trace: 2B20DF20C3289161E4D693F6FD6DA61CE09DE22B64000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-749c979cdb-hkwfc
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 842c7570a86d9570-DUB

GET
H3 200 /
www.google.com/pagead/1p-user-list/401176436/ 42 B
64 B 65ms
65ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/401176436/?random=1704800985269&cv=11&fst=1704798000000&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_cSmn75RXoVwaESUyx6neZ6_df3bIFPnoxEw2LqGc89HBih1i&random=4136364384&rmt_tld=0&ipr=y

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/401176436/ 42 B
455 B 214ms
76ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/401176436/?random=1704800985269&cv=11&fst=1704798000000&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_cSmn75RXoVwaESUyx6neZ6_df3bIFPnoxEw2LqGc89HBih1i&random=4136364384&rmt_tld=1&ipr=y

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.co.uk/pagead/1p-conversion/401176436/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/401176436/?random=409238230&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u...
https://www.google.com/pagead/1p-conversion/401176436/?random=409238230&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%...
https://www.google.co.uk/pagead/1p-conversion/401176436/?random=409238230&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3...

42 B
108 B

58ms
58ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-conversion/401176436/?random=409238230&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&label=iWNrCOfMzv0DEPTupb8B&hn=www.googleadservices.com&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&auid=1025747073.1704800985&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ1ByenJBWVF2TkROd3VmX3NMZVBBUkltQUZMemZ0T19DWkhaY0JyTFZtNFVaNjJqYmJwcS1URGxwZ2JRLVlaRTJoQ0E3UkhxV25RGlhDaEFJZ1ByenJBWVFrZm5Za0xyZjdxQi1FaTRBNk44Yk1iVDRuQ0xCWFdzeW9QcjNwbVN5WC1OdmNLRE1BaVhMelZpOWEzcVVkRHdEaURlYTE0SnZtOURYIhMIiOqbyZ7QgwMVRMk7Ah3svAfG&is_vtc=1&ocp_id=2TKdZciZHcSS78EP7PmesAw&cid=CAQSKQAvHhf_XNArw8rNXc1-BB0NLv5iezRML-WIQQtYqDzQQyQDLUOjurk5&random=438806618&ipr=y

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.co.uk/pagead/1p-conversion/401176436/?random=409238230&cv=11&fst=1704800985282&bg=ffffff&guid=ON&async=1&gtm=45be4130v892185516&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&label=iWNrCOfMzv0DEPTupb8B&hn=www.googleadservices.com&frm=0&tiba=The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog&auid=1025747073.1704800985&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ1ByenJBWVF2TkROd3VmX3NMZVBBUkltQUZMemZ0T19DWkhaY0JyTFZtNFVaNjJqYmJwcS1URGxwZ2JRLVlaRTJoQ0E3UkhxV25RGlhDaEFJZ1ByenJBWVFrZm5Za0xyZjdxQi1FaTRBNk44Yk1iVDRuQ0xCWFdzeW9QcjNwbVN5WC1OdmNLRE1BaVhMelZpOWEzcVVkRHdEaURlYTE0SnZtOURYIhMIiOqbyZ7QgwMVRMk7Ah3svAfG&is_vtc=1&ocp_id=2TKdZciZHcSS78EP7PmesAw&cid=CAQSKQAvHhf_XNArw8rNXc1-BB0NLv5iezRML-WIQQtYqDzQQyQDLUOjurk5&random=438806618&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a... Show response
adservice.google.co.uk/ddm/fls/i/ Frame A33B 194 B
515 B 627ms
115ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/ddm/fls/i/dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKuO-Mie0IMDFfBGkQUdJRwINA;src=9120626;type=unive0;cat=darkt00;ord=2618014040989;auiddc=1025747073.1704800985;u1=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2;gtm=45fe4130;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:46 GMT
expires: Tue, 09 Jan 2024 11:49:46 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js Show response
www.google.com/js/bg/ Frame 475A 17 KB
7 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

487524122a6142e66a5f22f30cd0352dc3a3218e4ff77a126c8d0e28c2a5b586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=4nbk9fy66e5s
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 05:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6849
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 05:44:40 GMT

GET
DATA 200
OK truncated
/ Frame C851 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C851 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame C851 2 KB
2 KB 38ms
37ms Image
image/png 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:09:58 GMT
x-content-type-options: nosniff
age: 52787
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 15 Jan 2024 21:09:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C851 15 KB
16 KB 466ms
57ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:26:56 GMT
x-content-type-options: nosniff
age: 390170
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jan 2025 23:26:56 GMT

GET
H3 200 SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js Show response
www.google.com/js/bg/ Frame C851 17 KB
7 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

487524122a6142e66a5f22f30cd0352dc3a3218e4ff77a126c8d0e28c2a5b586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=mfclljqxxxv8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 05:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6849
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 05:44:40 GMT

GET
DATA 200
OK truncated
/ Frame 2598 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2598 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 2598 2 KB
2 KB 37ms
37ms Image
image/png 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:09:58 GMT
x-content-type-options: nosniff
age: 52787
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 15 Jan 2024 21:09:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2598 15 KB
15 KB 431ms
63ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:26:56 GMT
x-content-type-options: nosniff
age: 390170
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jan 2025 23:26:56 GMT

GET
H3 200 SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js Show response
www.google.com/js/bg/ Frame 2598 17 KB
7 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

487524122a6142e66a5f22f30cd0352dc3a3218e4ff77a126c8d0e28c2a5b586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=rlqn2zncxsyj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 05:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6849
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 05:44:40 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 475A 102 B
135 B 48ms
47ms Other
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=4nbk9fy66e5s
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 09 Jan 2024 11:49:45 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame C851 102 B
135 B 48ms
48ms Other
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=mfclljqxxxv8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 09 Jan 2024 11:49:45 GMT

GET
H3 200 SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js Show response
www.google.com/js/bg/ Frame 571A 17 KB
7 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

487524122a6142e66a5f22f30cd0352dc3a3218e4ff77a126c8d0e28c2a5b586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=51ow0tceuxhm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 05:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6849
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 05:44:40 GMT

GET
DATA 200
OK truncated
/ Frame 2118 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2118 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 2118 2 KB
2 KB 37ms
37ms Image
image/png 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:09:58 GMT
x-content-type-options: nosniff
age: 52787
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 15 Jan 2024 21:09:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2118 15 KB
15 KB 347ms
73ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:26:56 GMT
x-content-type-options: nosniff
age: 390170
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jan 2025 23:26:56 GMT

GET
H3 200 SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js Show response
www.google.com/js/bg/ Frame 2118 17 KB
7 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

487524122a6142e66a5f22f30cd0352dc3a3218e4ff77a126c8d0e28c2a5b586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=g6npt7u7vjf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 05:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6849
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 05:44:40 GMT

GET
DATA 200
OK truncated
/ Frame D73D 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D73D 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame D73D 2 KB
2 KB 37ms
36ms Image
image/png 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:09:58 GMT
x-content-type-options: nosniff
age: 52787
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 15 Jan 2024 21:09:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D73D 15 KB
15 KB 322ms
79ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:26:56 GMT
x-content-type-options: nosniff
age: 390170
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jan 2025 23:26:56 GMT

GET
H3 200 SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js Show response
www.google.com/js/bg/ Frame D73D 17 KB
7 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/SHUkEiphQuZqXyLzDNA1LcOjIY5P93oSbI0OKMKltYY.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

487524122a6142e66a5f22f30cd0352dc3a3218e4ff77a126c8d0e28c2a5b586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=e73kmc3v9cwg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 05:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6849
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 05:44:40 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
192 B 115ms
115ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://darktrace.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 09 Jan 2024 11:49:45 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: A323706C4EC946DCA15F05A763FC65ED Ref B: LTSEDGE2021 Ref C: 2024-01-09T11:49:45Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://darktrace.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYOgekuHmXy/n7K2JM4uA==

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
17 KB 48ms
48ms Script
application/javascript 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/b474d74a-fc48-497d-b3dd-02eddc4b51ac.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 20 Dec 2023 22:26:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65836a29-fee9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17567
expires: Tue, 09 Jan 2024 11:49:45 GMT

GET
H/1.1 200
OK counters.gif
perf-eu1.hsforms.com/embed/v3/ 35 B
1 KB 329ms
159ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Tue, 09 Jan 2024 11:49:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 891eda14-0e7d-401e-b9aa-fc0127e707bd
x-envoy-upstream-service-time: 6
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 891eda14-0e7d-401e-b9aa-fc0127e707bd
Last-Modified: Tue, 09 Jan 2024 11:49:46 GMT
Server: cloudflare
X-Trace: 2BFCD47D080959CA643D5AA1F4BCE30015197A227A000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-749c979cdb-xbd86
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 842c75737c0a1b7a-DUB

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 2598 102 B
135 B 48ms
48ms Other
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=rlqn2zncxsyj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 09 Jan 2024 11:49:46 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 571A 102 B
135 B 49ms
48ms Other
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=51ow0tceuxhm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 09 Jan 2024 11:49:46 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 2118 102 B
135 B 48ms
47ms Other
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=g6npt7u7vjf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 09 Jan 2024 11:49:46 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame D73D 102 B
135 B 49ms
48ms Other
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW&co=aHR0cHM6Ly9kYXJrdHJhY2UuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=e73kmc3v9cwg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 09 Jan 2024 11:49:46 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame D566 7 KB
1 KB 48ms
48ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

40d92c870f306ca6db8d8f3d99fef1d125abb1db213ca65025c8059adfc96af5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7Lj0lh8GqsQIxjALgaw7Jg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-7Lj0lh8GqsQIxjALgaw7Jg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 4F8A 7 KB
1 KB 48ms
48ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c42e16cd93dee54bd96ad9aff3bd0cf2c3f1823e320548e05796c43c35aca034

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1qlzvYvE3PnBQTG-Tm4mJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-1qlzvYvE3PnBQTG-Tm4mJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame D566 55 KB
24 KB 47ms
46ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame D566 503 KB
201 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 4F8A 55 KB
24 KB 48ms
47ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 4F8A 503 KB
201 KB 95ms
94ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
572 B 232ms
82ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:46 GMT
an-x-request-uuid: 06312f71-aa38-446f-a8c8-959c90761043
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://darktrace.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 194.74.212.124; 194.74.212.124; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
191 B 68ms
57ms XHR
text/html 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-20-143-74.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://darktrace.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 22 B
311 B 267ms
99ms XHR
text/html 2a02:26f0:7100::210:180
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:180 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 79ea354abfd68d935725654feb68fcf9ecccc34e5cfc154a0e4b5d5dd01a9cea

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:46 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://darktrace.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a00:2381:5374:1d::124
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1704800986440_34603388_1981791749_18_721_27_55_219";dur=1
content-length: 22
expires: Tue, 09 Jan 2024 11:49:46 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 640 B
607 B 207ms
69ms XHR
application/json 18.157.62.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.62.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-62-148.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4781ab5d9c703a26387c6c495b94051862a80fbae98043e4683df41b1ac6315a

Request headers

Referer: https://darktrace.com/
accept-language: en-GB,en;q=0.9
Authorization: Token bfc303872745c57fc21c407e92980bd51b495b1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-6s-CustomID: WebTag b474d74a-fc48-497d-b3dd-02eddc4b51ac

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://darktrace.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 325

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 233ms
66ms Preflight 18.157.62.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.62.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-62-148.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://darktrace.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://darktrace.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Tue, 09 Jan 2024 11:49:46 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 241ms
229ms Image
image/gif 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=58e1d7a8a68ff8537d596ebcbffc4824&svisitor=null&visitor=be80c233-f70d-496f-856b-60d27c60086b&session=16569b80-f95a-4864-8e98-fe54ac9b15a6&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Since%20the%20release%20of%20version%202%20of%20Raccoon%20Stealer%20in%20May%202022%2C%20Darktrace%E2%80%99s%20SOC%20has%20observed%20a%20continuous%20surge%20in%20Raccoon%20Stealer%20v2%20activity.%20In%20this%20blog%2C%20we%20will%20outline%20the%20typical%20steps%20of%20a%20Raccoon%20Stealer%20v2%20infection%2C%20paying%20close%20attention%20to%20the%20info-stealer%E2%80%99s%20network-based%20behaviors.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageViewId=8c1582e6-3acb-40f0-8bc8-ee52c8fb5156&webTagId=b474d74a-fc48-497d-b3dd-02eddc4b51ac&v=1.1.14

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 253ms
243ms Image
image/gif 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=58e1d7a8a68ff8537d596ebcbffc4824&svisitor=null&visitor=be80c233-f70d-496f-856b-60d27c60086b&session=16569b80-f95a-4864-8e98-fe54ac9b15a6&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2258e1d7a8a68ff8537d596ebcbffc4824%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22bfc303872745c57fc21c407e92980bd51b495b1e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22b474d74a-fc48-497d-b3dd-02eddc4b51ac%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Since%20the%20release%20of%20version%202%20of%20Raccoon%20Stealer%20in%20May%202022%2C%20Darktrace%E2%80%99s%20SOC%20has%20observed%20a%20continuous%20surge%20in%20Raccoon%20Stealer%20v2%20activity.%20In%20this%20blog%2C%20we%20will%20outline%20the%20typical%20steps%20of%20a%20Raccoon%20Stealer%20v2%20infection%2C%20paying%20close%20attention%20to%20the%20info-stealer%E2%80%99s%20network-based%20behaviors.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageViewId=8c1582e6-3acb-40f0-8bc8-ee52c8fb5156&webTagId=b474d74a-fc48-497d-b3dd-02eddc4b51ac&v=1.1.14

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 256ms
256ms Image
image/gif 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=58e1d7a8a68ff8537d596ebcbffc4824&svisitor=null&visitor=be80c233-f70d-496f-856b-60d27c60086b&session=16569b80-f95a-4864-8e98-fe54ac9b15a6&event=ipv6&q=%7B%22address%22%3A%222a00%3A2381%3A5374%3A1d%3A%3A124%22%7D&isIframe=false&m=%7B%22description%22%3A%22Since%20the%20release%20of%20version%202%20of%20Raccoon%20Stealer%20in%20May%202022%2C%20Darktrace%E2%80%99s%20SOC%20has%20observed%20a%20continuous%20surge%20in%20Raccoon%20Stealer%20v2%20activity.%20In%20this%20blog%2C%20we%20will%20outline%20the%20typical%20steps%20of%20a%20Raccoon%20Stealer%20v2%20infection%2C%20paying%20close%20attention%20to%20the%20info-stealer%E2%80%99s%20network-based%20behaviors.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageViewId=8c1582e6-3acb-40f0-8bc8-ee52c8fb5156&an_uid=0&webTagId=b474d74a-fc48-497d-b3dd-02eddc4b51ac&v=1.1.14

Requested by

Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:46 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 2721 7 KB
1 KB 50ms
49ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

caa27ff1c77c523354a92ee93252f3ff5e21259e2358d072708d88236b6f8b47

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-o6vPK-6dsj5EfG50OFBznA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-o6vPK-6dsj5EfG50OFBznA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 3FD9 7 KB
1 KB 49ms
48ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7185bc83562762f761a8692f57fc9291a3d2889a6fd291e263531e7d2628f6f6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-n5_dbMnjywmJgxr929CYBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-n5_dbMnjywmJgxr929CYBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame FB2E 7 KB
1 KB 52ms
51ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6cdf5519d373481640abd4701ae1209724472fab213c388392b1cf8ea3857e2e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yyIgUxmASHpHo6SjrYSIlA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-yyIgUxmASHpHo6SjrYSIlA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 1B8B 7 KB
1 KB 50ms
49ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

87d45c53a63a13d725c0e19cbf370ec0c4d9352484b1b08a7e552e6403988b29

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vr95arHNo1ySfkzPVc1MsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://darktrace.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-vr95arHNo1ySfkzPVc1MsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jan 2024 11:49:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 2721 55 KB
24 KB 37ms
37ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 2721 503 KB
201 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 3FD9 55 KB
24 KB 37ms
36ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 3FD9 503 KB
201 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 1B8B 55 KB
24 KB 52ms
51ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 1B8B 503 KB
201 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame FB2E 55 KB
24 KB 57ms
57ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 21:08:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 21:08:32 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame FB2E 503 KB
201 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Lf3_gwhAAAAACaFnlMKksutGOG2QvB1pTDsiDmW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 00:07:14 GMT

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 163ms
41ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: darktrace.com
URL: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:47 GMT
x-amz-version-id: lFoq_FZJwJ3rDVe9.7kNMZjc5YKK6r5L
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 11 Dec 2023 12:17:02 GMT
server: cloudflare
via: 1.1 a0f4468818f72f22dc199419b0ebbcc6.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C2
etag: W/"15c02cdee0df6c26ba3d8c62d912c66c"
age: 36298
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cf-ray: 842c75790a8371fa-LHR
x-amz-cf-id: y6PJ-ItTigFlyS8PsjnopR5F0aZ4_bYLm4KZv-v1b2Xgy_C86KIjbg==

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 271ms
114ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2942230154&v=1.1&a=25522132&rcu=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pu=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&t=The+resurgence+of+the+raccoon%3A+Steps+of+a+Raccoon+Stealer+v2+Infection+(Part+2)+%7C+Darktrace+Blog&cts=1704800986918&vi=a83d5b7a8faddf3d747187b37444df12&nc=true&u=21031588.a83d5b7a8faddf3d747187b37444df12.1704800986915.1704800986915.1704800986915.1&b=21031588.1.1704800986915&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4f6a1f57-a65b-442c-95c4-258f9d8ff8a1
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 3
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4f6a1f57-a65b-442c-95c4-258f9d8ff8a1
last-modified: Tue, 09 Jan 2024 11:49:47 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQ3ixmIEK%2FVKPYS%2BVr1D0xGUOZavHFIsLPwJDTFW%2Bhz9MfwpVkH5zKv4RABWapSKYLdJl0spAxWvMtXBrd%2B3Cktwit7%2FbSntAF57MEGCP%2BY%2B4HA0kxVwrbtH8hZ7hKgUy5J72%2FA0eg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-5b4646bd79-m6dsc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 842c757968529591-DUB
x-robots-tag: none

GET
H2 200 s14554399141229
darktrace.sc.omtrdc.net/b/ss/darktraceprod/1/JS-2.23.0-LDQM/ 43 B
344 B 193ms
55ms Image
image/gif 63.140.62.22
OMNITURE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://darktrace.sc.omtrdc.net/b/ss/darktraceprod/1/JS-2.23.0-LDQM/s14554399141229?AQB=1&ndh=1&pf=1&t=9%2F0%2F2024%2011%3A49%3A47%202%200&mid=47406238518132534063077065938889776071&aamlh=6&ce=UTF-8&cdp=1&fpCookieDomainPeriods=1&pageName=%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&g=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&c.&apl=4.0&getPreviousValue=3.0&.c&cc=GBP&ch=blog&events=event17%2Cevent1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&v3=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&v4=the%20resurgence%20of%20the%20raccoon%3A%20steps%20of%20a%20raccoon%20stealer%20v2%20infection%20%28part%202%29%20%7C%20darktrace%20blog&v5=darktrace.com&v11=47406238518132534063077065938889776071&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=4AE530AF633C985D0A495E93%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.22 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-22.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jan 2024 11:49:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jan 2024 11:49:47 GMT
server: jag
etag: 3661032244316471296-4617931740578984588
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 08 Jan 2024 11:49:47 GMT

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 199 B
451 B 171ms
170ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2e92e5de4067cfbe82a57ce8d5a4eb3b6258ac9a2a4ae7f722f268be913bb228

Request headers

visited_url: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Referer: https://darktrace.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer 7a7b0f38131678294923
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jan 2024 11:49:47 GMT
via: 1.1 dd9044f778a0203632be1c1b84d73ba8.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-amz-cf-pop: LHR62-C2
x-powered-by: Express
etag: W/"c7-Gr258OW7lOKPGiCM6CW9aLkzwCE"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 842c757b0b2479c7-LHR
x-amz-cf-id: 0ePNgiEoW6PcfxSkXGL9BBYRt2wFISopJuLnke4BaovH9qx5seSKNQ==
apigw-requestid: RRTiVj9TvHcESww=

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 279ms
180ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://darktrace.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: RRTiTgX5PHcESxg=
cf-cache-status: DYNAMIC
cf-ray: 842c7579f8a679c7-LHR
date: Tue, 09 Jan 2024 11:49:47 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 31ecca9d03747c8d9dd416e81e50a378.cloudfront.net (CloudFront)
x-amz-cf-id: St4vqzxsHn9DWMlmKpRbT0Sln-ywqMLhGYRQTRWhNqVBnusEPy_6aw==
x-amz-cf-pop: LHR62-C2
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 225ms
225ms Image
image/gif 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=58e1d7a8a68ff8537d596ebcbffc4824&svisitor=null&visitor=be80c233-f70d-496f-856b-60d27c60086b&session=16569b80-f95a-4864-8e98-fe54ac9b15a6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A46%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Since%20the%20release%20of%20version%202%20of%20Raccoon%20Stealer%20in%20May%202022%2C%20Darktrace%E2%80%99s%20SOC%20has%20observed%20a%20continuous%20surge%20in%20Raccoon%20Stealer%20v2%20activity.%20In%20this%20blog%2C%20we%20will%20outline%20the%20typical%20steps%20of%20a%20Raccoon%20Stealer%20v2%20infection%2C%20paying%20close%20attention%20to%20the%20info-stealer%E2%80%99s%20network-based%20behaviors.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageViewId=8c1582e6-3acb-40f0-8bc8-ee52c8fb5156&an_uid=0&webTagId=b474d74a-fc48-497d-b3dd-02eddc4b51ac&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:47 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/4ccDSNZP4XJCgNG1HArJ/ Frame 0
0 278ms
167ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/4ccDSNZP4XJCgNG1HArJ/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://darktrace.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://darktrace.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 842c757d282c23f6-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jan 2024 11:49:47 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 86 KB
27 KB 181ms
60ms Script
application/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe92edba1f5990d76e1817f250ee4aae144f4efa95b676733bdd4391f2b74cf1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:47 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 2663
x-guploader-uploadid: ABPtcPrlzzZbhnzDBkAlWLTfMSiQYqsVYFza02yWUrfWPmV-zDVyL2mfAz5Y5P_XPylNl5WRYPA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 02 Nov 2023 11:05:05 GMT
server: cloudflare
etag: W/"bbabfd4493e8cf8aafea99a2f70825c0"
x-goog-hash: crc32c=4scEgA==, md5=u6v9RJPoz4qv6pmi9wglwA==
x-goog-generation: 1698923105172059
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 87554
cf-ray: 842c757d3fca6557-LHR
expires: Tue, 09 Jan 2024 12:05:24 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/4ccDSNZP4XJCgNG1HArJ/ 3 KB
2 KB 342ms
251ms Fetch
text/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/4ccDSNZP4XJCgNG1HArJ/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

2931aee28b9b1fafcfc6fc7a76479fdd7fc5dc1746f6da693ecc16a2bd6e185c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
Referer: https://darktrace.com/blog/the-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
_vtok: MTk0Ljc0LjIxMi4xMjQ=
_zitok: 3bbdf9e786de3edb5a9a1704800987
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/javascript

Response headers

date: Tue, 09 Jan 2024 11:49:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://darktrace.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 842c757ecaf78885-LHR

OPTIONS
H2 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 150ms
150ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://darktrace.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://darktrace.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 842c757db90023f6-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jan 2024 11:49:47 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 15 KB
2 KB 192ms
175ms Fetch
application/json 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e347d753898fbf277776ef2e16df50f79979ba35f5d58afc46415ad7725676b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://darktrace.com/
accept-language: en-GB,en;q=0.9
Authorization: bearer bed4e10d0e2408d5fb89f6b5194434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jan 2024 11:49:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"3da9-LxFI5lt2QRe1OukataE5v/V0NpU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://darktrace.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 842c757ecaf48885-LHR

OPTIONS
H2 200 getMapping
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 154ms
153ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/getMapping?formId=c94fb229-4f72-40fb-9861-df7013cc23c5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _zitok,visitorid
Access-Control-Request-Method: GET
Origin: https://darktrace.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://darktrace.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 842c757febba23f6-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jan 2024 11:49:48 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

OPTIONS
H2 200 getMapping
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 167ms
167ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/getMapping?formId=e31bf96d-deeb-46c6-8726-47e1ac469cbd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _zitok,visitorid
Access-Control-Request-Method: GET
Origin: https://darktrace.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://darktrace.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 842c757febc923f6-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jan 2024 11:49:48 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 getMapping Show response
ws.zoominfo.com/formcomplete-v2/ 2 KB
1 KB 152ms
152ms XHR
application/json 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/getMapping?formId=c94fb229-4f72-40fb-9861-df7013cc23c5

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

8720454fef7cade856581da1733b4d149236b0ac46003bbf76df943fb428cece

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://darktrace.com/
_zitok: 3bbdf9e786de3edb5a9a1704800987
visitorId
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"919-Sbx7Kd9y9QsysISpBZS2uUr6KNA"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://darktrace.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 842c7580de338885-LHR

GET
H3 200 getMapping Show response
ws.zoominfo.com/formcomplete-v2/ 2 KB
1 KB 149ms
148ms XHR
application/json 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/getMapping?formId=e31bf96d-deeb-46c6-8726-47e1ac469cbd

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6e3033b50dd7b93124658c52f73bd374ffbec312524009ffb4be712f0ae22908

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://darktrace.com/
_zitok: 3bbdf9e786de3edb5a9a1704800987
visitorId
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"702-v5A75NHDwlXjbGatYOiVRXUKDMU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://darktrace.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 842c7580fe508885-LHR

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 244ms
243ms Image
image/gif 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=58e1d7a8a68ff8537d596ebcbffc4824&svisitor=null&visitor=be80c233-f70d-496f-856b-60d27c60086b&session=16569b80-f95a-4864-8e98-fe54ac9b15a6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Since%20the%20release%20of%20version%202%20of%20Raccoon%20Stealer%20in%20May%202022%2C%20Darktrace%E2%80%99s%20SOC%20has%20observed%20a%20continuous%20surge%20in%20Raccoon%20Stealer%20v2%20activity.%20In%20this%20blog%2C%20we%20will%20outline%20the%20typical%20steps%20of%20a%20Raccoon%20Stealer%20v2%20infection%2C%20paying%20close%20attention%20to%20the%20info-stealer%E2%80%99s%20network-based%20behaviors.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageViewId=8c1582e6-3acb-40f0-8bc8-ee52c8fb5156&an_uid=0&webTagId=b474d74a-fc48-497d-b3dd-02eddc4b51ac&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:48 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 395ms
394ms Image
image/gif 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=58e1d7a8a68ff8537d596ebcbffc4824&svisitor=null&visitor=be80c233-f70d-496f-856b-60d27c60086b&session=16569b80-f95a-4864-8e98-fe54ac9b15a6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A48%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Since%20the%20release%20of%20version%202%20of%20Raccoon%20Stealer%20in%20May%202022%2C%20Darktrace%E2%80%99s%20SOC%20has%20observed%20a%20continuous%20surge%20in%20Raccoon%20Stealer%20v2%20activity.%20In%20this%20blog%2C%20we%20will%20outline%20the%20typical%20steps%20of%20a%20Raccoon%20Stealer%20v2%20infection%2C%20paying%20close%20attention%20to%20the%20info-stealer%E2%80%99s%20network-based%20behaviors.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageViewId=8c1582e6-3acb-40f0-8bc8-ee52c8fb5156&an_uid=0&webTagId=b474d74a-fc48-497d-b3dd-02eddc4b51ac&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:49 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 226ms
225ms Image
image/gif 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=58e1d7a8a68ff8537d596ebcbffc4824&svisitor=null&visitor=be80c233-f70d-496f-856b-60d27c60086b&session=16569b80-f95a-4864-8e98-fe54ac9b15a6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Since%20the%20release%20of%20version%202%20of%20Raccoon%20Stealer%20in%20May%202022%2C%20Darktrace%E2%80%99s%20SOC%20has%20observed%20a%20continuous%20surge%20in%20Raccoon%20Stealer%20v2%20activity.%20In%20this%20blog%2C%20we%20will%20outline%20the%20typical%20steps%20of%20a%20Raccoon%20Stealer%20v2%20infection%2C%20paying%20close%20attention%20to%20the%20info-stealer%E2%80%99s%20network-based%20behaviors.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageViewId=8c1582e6-3acb-40f0-8bc8-ee52c8fb5156&an_uid=0&webTagId=b474d74a-fc48-497d-b3dd-02eddc4b51ac&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 230ms
229ms Image
image/gif 2.20.143.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=58e1d7a8a68ff8537d596ebcbffc4824&svisitor=null&visitor=be80c233-f70d-496f-856b-60d27c60086b&session=16569b80-f95a-4864-8e98-fe54ac9b15a6&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jan%202024%2011%3A49%3A50%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Since%20the%20release%20of%20version%202%20of%20Raccoon%20Stealer%20in%20May%202022%2C%20Darktrace%E2%80%99s%20SOC%20has%20observed%20a%20continuous%20surge%20in%20Raccoon%20Stealer%20v2%20activity.%20In%20this%20blog%2C%20we%20will%20outline%20the%20typical%20steps%20of%20a%20Raccoon%20Stealer%20v2%20infection%2C%20paying%20close%20attention%20to%20the%20info-stealer%E2%80%99s%20network-based%20behaviors.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20resurgence%20of%20the%20raccoon%3A%20Steps%20of%20a%20Raccoon%20Stealer%20v2%20Infection%20(Part%202)%20%7C%20Darktrace%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&pageViewId=8c1582e6-3acb-40f0-8bc8-ee52c8fb5156&an_uid=0&webTagId=b474d74a-fc48-497d-b3dd-02eddc4b51ac&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-143-74.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://darktrace.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 11:49:51 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

43 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ir.darktrace.com/	1969-12-31 23:59:59	Name: ir-session Value: 8b7efcd3f20a75bb16c370b74d539023YLz8UdjBKswvODAicY5UJEUh9LgUa%2Bxqx0ehZmD%2BpJiyDW9s33RTmN33F3JIjBisotaMO3zJaP2nG8TKJWqMU5AlX2QfDzKtyXVFWK%2F%2B33bZdFue5SliZQwWCVeBFavU
ir.darktrace.com/	1970-01-20 17:33:28	Name: XSRF-TOKEN Value: 3ae238c2c180050a2ed2176a5ae78494SQvzwWEBHN0oh1LlH%2FsvKVZ5Bi2O1nNK8sxhVJ2Uf86UDQcxXukxC3Ez4OxWeyEySrzEX3ztQlstLv3anoDSFku60d5nsuK0a39PGQ46LZ5ZGgBeT2EExgwDsvRzeDLt
ir.darktrace.com/	1969-12-31 23:59:59	Name: ir-session-values Value: 3e92b8df7f6fcd3c13adc2a28b2fbe95nMCIN9TtKeeJth%2BwZ44myVYcbQK%2FNsI3C1l7FTXfBeEWr9lOLHa%2Btt9JcWpdYxOeHVFkTuPNrmrHZP7BvqrvrJffC9DuNk6JbgreGX6JJM2SVdLczXwJRw8XiZlOQyg%2BfEWdOa48nzrl7tYbg8z2eNi%2F3GgJvCX4et6c889akF3K%2Fozn2ruqGzfUicDINymGE0Tz32iA2XtDFcvpJJWCHejepl%2Bfr0r00XaH9LDAFoQpOsflEj%2BZ0suMp%2BTsqJ%2BLSv1KNhXU%2FLyYnYFOKV8A6Kikfi39kHqARwoWMMHQMNg9Db7VGg7mJVq3bntXEew6
.demdex.net/	1970-01-20 21:52:32	Name: demdex Value: 57390379367534598152656230931144534206
darktrace.com/	1970-01-21 03:09:20	Name: wow.anonymousId Value: cdd59cd4-b097-4bc5-a3f1-078da7b80a30
darktrace.com/	1970-01-20 17:33:22	Name: wow.schedule Value: wowTracking_B
darktrace.com/	1970-01-20 17:33:22	Name: wow.session Value: cdd59cd4-b097-4bc5-a3f1-078da7b80a30
darktrace.com/	1970-01-20 17:33:22	Name: wow.utmvalues Value:
.darktrace.com/	1969-12-31 23:59:59	Name: AMCVS_4AE530AF633C985D0A495E93%40AdobeOrg Value: 1
.darktrace.com/	1970-01-20 19:42:56	Name: _gcl_au Value: 1.1.1025747073.1704800985
.everesttech.net/	1970-01-21 02:18:56	Name: everest_g_v2 Value: g_surferid~ZZ0y2AAAANF-awOJ
.linkedin.com/	1970-01-20 19:42:56	Name: li_sugr Value: b33e6fb1-5e05-4a0b-abb8-db17b86e26eb
.linkedin.com/	1970-01-21 02:18:56	Name: bcookie Value: "v=2&5553533c-99b8-4302-83cf-cdbef9d23544"
.linkedin.com/	1970-01-20 17:34:47	Name: lidc Value: "b=VGST08:s=V:r=V:a=V:p=V:g=2775:u=1:x=1:i=1704800984:t=1704887384:v=2:sig=AQEuJcgDBARPz0re2tQyabbJ0enNkAEe"
.dpm.demdex.net/	1970-01-20 21:52:32	Name: dpm Value: 57390379367534598152656230931144534206
.darktrace.com/	1970-01-21 03:09:20	Name: AMCV_4AE530AF633C985D0A495E93%40AdobeOrg Value: 179643557%7CMCIDTS%7C19732%7CMCMID%7C47406238518132534063077065938889776071%7CMCAAMLH-1705405784%7C6%7CMCAAMB-1705405784%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1704808184s%7CNONE%7CMCSYNCSOP%7C411-19739%7CvVersion%7C5.5.0
.linkedin.com/	1970-01-20 18:16:32	Name: UserMatchHistory Value: AQIvdm8JAPusAgAAAYzuDqBpIKV6faAhbH6dLMvkgN5LsQer2idWNHIdAhMf6rA8bq6KIFcE-1C_xw
.linkedin.com/	1970-01-20 18:16:32	Name: AnalyticsSyncHistory Value: AQIcpESP0Hf7rAAAAYzuDqBpOKxetuN2pYkHC8d7SZLrMovpgT485vlF8c8mJLTHpdpyVmGnIT1ZRMmnULEzCw
.www.linkedin.com/	1970-01-21 02:18:56	Name: bscookie Value: "v=1&202401091149455c515235-b0f5-46a8-86ed-e44314fb7266AQECS0ncKyiH5d8Q5GIMrVq3nqOTnsMu"
.linkedin.com/	1970-01-20 21:52:32	Name: li_gc Value: MTswOzE3MDQ4MDA5ODU7MjswMjHl8VXHGfteTuF4plbEjvfpDk250gBlXUqfM2fUwCkM9w==
.darktrace.com/	1970-01-21 02:18:56	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Tue+Jan+09+2024+11%3A49%3A45+GMT%2B0000+(Greenwich+Mean+Time)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2&groups=C0001%3A1%2CC0004%3A0%2CC0003%3A0%2CC0002%3A0
.darktrace.com/	1970-01-20 17:34:47	Name: _uetsid Value: 2f079900aee511ee888c27a2780c198e
.darktrace.com/	1970-01-21 02:54:56	Name: _uetvid Value: 2f07df00aee511eea5b2bda2597a2511
.doubleclick.net/	1970-01-21 02:54:56	Name: IDE Value: AHWqTUkg6ToZGuUO6WhgwoZJ6cLGLsQdRXhp3MvMXPPZnx7PZ9h4Tlb4hMmC_dSv
.bing.com/	1970-01-21 02:54:56	Name: MUID Value: 338B19675C3E6B8906090D665D066A5B
darktrace.com/	1970-01-21 03:09:20	Name: _gd_visitor Value: be80c233-f70d-496f-856b-60d27c60086b
darktrace.com/	1970-01-20 17:33:35	Name: _gd_session Value: 16569b80-f95a-4864-8e98-fe54ac9b15a6
darktrace.com/	1970-01-20 17:43:25	Name: _an_uid Value: 0
.6sc.co/	1970-01-21 03:09:20	Name: 6suuid Value: 468f14029e522800da329d657803000072ef1600
.darktrace.com/	1970-01-20 21:52:32	Name: __hstc Value: 21031588.a83d5b7a8faddf3d747187b37444df12.1704800986915.1704800986915.1704800986915.1
.darktrace.com/	1970-01-20 21:52:32	Name: hubspotutk Value: a83d5b7a8faddf3d747187b37444df12
.darktrace.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.darktrace.com/	1970-01-20 17:33:22	Name: __hssc Value: 21031588.1.1704800986915
.darktrace.com/	1970-01-20 17:33:22	Name: gpv_pageName Value: %2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
.darktrace.com/	1970-01-20 17:33:22	Name: gpv_path Value: %2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
.darktrace.com/	1970-01-20 17:33:22	Name: gpv_URL Value: https%3A%2F%2Fdarktrace.com%2Fblog%2Fthe-resurgence-of-the-raccoon-steps-of-a-raccoon-stealer-v2-infection-part-2
.darktrace.com/	1970-01-20 17:33:22	Name: gpv_title Value: the%20resurgence%20of%20the%20raccoon%3A%20steps%20of%20a%20raccoon%20stealer%20v2%20infection%20(part%202)%20%7C%20darktrace%20blog
.darktrace.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.hubspot.com/	1970-01-20 17:33:22	Name: __cf_bm Value: Gut5s8_uFeInPFymV_0lLqVvKqUEmt3rS1a6II.1gbg-1704800987-1-AdnUcW21Od4Fy+IuUWn9o3qr91MDk9vYao79U8e8mPUJtGPGtTvD8vsWXz41VBFdWEjevYiEvlkALT6O2ya6PfQ=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: s7LWFi8wmsxYIaluijGUzAvv0wL_0WgUoNzaSmQqIGU-1704800987173-0-604800000
.darktrace.com/	1970-01-21 02:18:56	Name: _zitok Value: 3bbdf9e786de3edb5a9a1704800987
.zoominfo.com/	1970-01-20 17:33:22	Name: __cf_bm Value: ypQqd4_.8k6P1ZGef9lbw2BFcGTAEIxLERCRtW16aoo-1704800987-1-AayQQ4SZRSOclmOtnJjLgoloDYVvLJ4olFvjcfYCF5jt7BuEGooFpIx6RexVrsY42XRTLqFDmPxBPtd1gDo+GxU=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: BuYoFpjhMfVVfdw7ta_amngCurFpVBqhjcWYIACUn68-1704800987748-0-604800000

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9120626.fls.doubleclick.net
adservice.google.co.uk
adservice.google.com
api-eu1.hubapi.com
assets-global.website-files.com
assets.adobedtm.com
assets.website-files.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn-api-weglot.com
cdn.cookielaw.org
cdn.jsdelivr.net
cdn.weglot.com
cdnjs.cloudflare.com
cm.everesttech.net
code.jquery.com
cta-eu1.hubspot.com
d3e54v103j8qbb.cloudfront.net
darktrace.com
darktrace.demdex.net
darktrace.sc.omtrdc.net
dpm.demdex.net
epsilon.6sense.com
fonts.gstatic.com
forms-eu1.hscollectedforms.net
forms-eu1.hsforms.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ipv6.6sc.co
ir.darktrace.com
j.6sc.co
js-eu1.hs-analytics.net
js-eu1.hs-banner.com
js-eu1.hs-scripts.com
js-eu1.hsadspixel.net
js-eu1.hscollectedforms.net
js-eu1.hubspot.com
js.zi-scripts.com
perf-eu1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
secure.adnxs.com
snap.licdn.com
t.gatorleads.co.uk
track-eu1.hubspot.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.google.co.uk
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
104.16.60.2
104.18.37.212
13.107.42.14
13.224.98.99
142.250.185.198
172.217.18.2
172.65.192.122
172.65.198.159
172.65.202.201
172.65.208.22
172.65.219.229
172.65.232.43
172.65.236.181
172.65.238.60
172.65.240.166
18.157.62.148
2.20.143.74
2600:9000:2156:8c00:12:9e5f:cac0:93a1
2600:9000:223f:aa00:11:3b84:d200:93a1
2606:4700:4400::6812:2089
2606:4700::6810:5514
2606:4700::6810:890f
2606:4700::6811:180e
2606:4700::6812:1caa
2606:4700::6812:620
2606:4700::6812:83ec
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2002
2a00:1450:4001:810::2004
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::2008
2a00:1450:4001:82b::2002
2a02:26f0:480:983::1e80
2a02:26f0:7100::1720:ef23
2a02:26f0:7100::210:180
2a04:4e42:200::649
2a06:98c1:3200::90:2
34.249.200.254
37.221.223.30
37.252.172.123
52.18.173.130
52.19.115.173
63.140.62.22
0550d938cf2354e3a77c916a083b172a4df5d062bbbc8073a932f3dafc06171a
05580beab81991e3bc00c261992d6579a28696fde9eb6e623988bb74fa2e4e97
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
06433d685c68e0346ea00a414010af610a2a0e865203e2584607dbc0389f8984
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0ddc2c20433d5888f43cd87ce4b756b18b55c372a95b66e90a3536fa04e4ff79
1114132a79b42ce8e5064f57a1560a3b3f0e1659afc33e4698bab53e1301fbfd
14103b64df9857f9f7ad1f02efaafba97ce4772e8d8b448857de69c3537c338d
163a54a4c369a3b52b445847e397af3df73583c92f3bc2ed61f3773d729f41a0
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
2640b6bbf6b7cd7844db1890c44b3be228e70ab0e0eb91012405513b599d6abc
26e34b9fbbd2ecafe25af980f19ddc63342ffad01477b0fe851ac8c35bfea847
26faad62422049b4c91af4247cb57c76c08edd5283c89aadbfa5f06d41fa90e1
2931aee28b9b1fafcfc6fc7a76479fdd7fc5dc1746f6da693ecc16a2bd6e185c
2a4a06cee7bb6f756c0e4ace9d874d65e5b26b632bf3f8029444de1a1f73f1b1
2acda9581ef854bb01a60eacccd515e9c6e50d28615299939e1efd273c9bc913
2ade11cacba5dd6d5e1116fa17771776084418a7c79d65dc210f823c6618c531
2c889d861594cdd57090584b2bd3c3b5d8462ca2b445eeac5c0d0a27df119267
2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf
2e92e5de4067cfbe82a57ce8d5a4eb3b6258ac9a2a4ae7f722f268be913bb228
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
35554656118ced47368a42899d05e4449d1b7583a8f45851baa58f88debc9bf9
3aeb80f1a8079225ec23fb8c2146912e0c5388d0fb51835c41c619bc52bf42ca
3bfce4fa7837405942835dc8ffee7c6706c1b7602477a62282760df4fcc6f200
3cf87e7a34d45f51d3c42c47fa72920336137265aa2b4333f9d270de0ec5fb5c
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e8fb1edd4e6ac76dbb05bba77c54c77671bb00143b7dabf92bf3edf996fb595
3ed951ca234a2aae2ddef8ef3167b9c632c4581f8c44903934c3113507c4c840
40d92c870f306ca6db8d8f3d99fef1d125abb1db213ca65025c8059adfc96af5
412e086400741907bbf4dd6a656b651ca220ebea9970278930fccfa7328b20c9
4132d7151489539efda9fcd764f395c17bcf6d28f2b77787ea49d2acaf987c9b
43c2b937d200a8e16791e93a6f369388c9c83fba2d238147d73da36cc749f028
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
4781ab5d9c703a26387c6c495b94051862a80fbae98043e4683df41b1ac6315a
47b867f313154fc5dd17ddafa82b64293c5c5cf733230cf09587c1f9f8e5d5b1
487524122a6142e66a5f22f30cd0352dc3a3218e4ff77a126c8d0e28c2a5b586
4b12db669cf3a559b812931dc1c37d4fc8aa8e33077cc410d22f3fe30a8cd466
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab
5560a2f9b290ae957e4c008304b3b1debcce91b98f0764325c728710eec87083
560945bf1cdf86e11d526e733b7024c831b64eaadba6dcaecc9e3ad41fd0d218
5709c24c903fdd841258a235316578adfc91781ea0d4a408a8cc3425441ec5bc
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
617a47557a4fa2bbe4450421dd3a1bab569f78b3b937bdab63ae348211960577
622b12fb8599c1522c7918e9398fc880e655f9dce65bb344e89031914262a1ef
667d18bc97b1072affa375044924419adae01f7e5de46c6acb8fb12ef984a57a
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
698d8b0fcf58997c4c938bedf01f559f39f412634513e8d74196ad43f315a050
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cbf5b3bbfcd2f23a688b189310c36484be77a86a6a59ab11d2666a255d172d0
6cdf5519d373481640abd4701ae1209724472fab213c388392b1cf8ea3857e2e
6e3033b50dd7b93124658c52f73bd374ffbec312524009ffb4be712f0ae22908
7185bc83562762f761a8692f57fc9291a3d2889a6fd291e263531e7d2628f6f6
75ebb64b00eb8642d1df4c751f904e2e163d6f9a391d5c1482cd54c014689a12
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
7868a58dc21bf1010472f79a9988006466a9008173afbbf386ae27aeb9f75208
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
79ea354abfd68d935725654feb68fcf9ecccc34e5cfc154a0e4b5d5dd01a9cea
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d
80139d0dd1906af8a45be3ea2b5cc19068fd8797b6af42919f6621c1c1e16870
8180fd30856b262a1c7adce2393ee4bc49c7f584e332cfe9c7e6816fecc0188c
858b9641acb71b5463d69f74a7fc85c0183102bd836ca47c76c5e729d8da33d4
868c6354c19c6bf06c6f879f94ba1498579c60b1283d44dfe9c056211494e7ec
8720454fef7cade856581da1733b4d149236b0ac46003bbf76df943fb428cece
87d45c53a63a13d725c0e19cbf370ec0c4d9352484b1b08a7e552e6403988b29
889d1f642f074226934ed8675283fe04bc4aa7810b528f71b6ff9fd93b8f0b0f
8afb99c212f9301fc21a4de17bbe809db4e68f42fcb714d5424348130b134cd0
8b5d0e889b75f14e89091dcccc71c42fcf277157ec9d025f0b844bb310089e54
8dcea064f42cc64fdaedef160828d1d67a15445d4c71330e02216cd5e33fbc08
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
904d4d120f4afbbc39a9346f71d5ba21d3eb1a78b7b91dd9e9c1677c18889bef
9270bbe635cc7cf73fcdaa51e5e9ea0ad367a2ca4eeec9b837c5779ceb45cd40
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2
9948ae846979246ddfe993e604739594ce0e7cdfa77657412b9b0090009dcf23
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a36db0362a5e9d292bbdf29f863546f2890efb7416068417ca7b11f00fc30b8d
aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1
b0a2315923c48fc1d0652efb581b8db4bae0432b2823ce24ca77a211299cde10
b36764faf17f2803c4ef3a5ea18b0187dc9ae66b13ec253c71ddb3178d2ccf52
b6f67012173d003d1310c16e0e38a778b787655bdc8b4205e7b5b58e821c73de
b831be8e0edc00c9adb30dfb341f236a3da1b10ab114778a05cb50537a35d1c4
b8b79e968df0f74cd51d569a2b75ffe7474f91fc221de749e01fe7663c328bce
bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01
c0a8f2cd747b6b9cd15d4007388817291906a6b8b1c70b2bc39a64e603809b77
c42e16cd93dee54bd96ad9aff3bd0cf2c3f1823e320548e05796c43c35aca034
c84b3cf8d67d4ae3a126a497ec191ea9ac8e3e59cec9277c02f0e413dcf2922b
c8c2157918c9fed0bb9dcc56c96b52dc7af70b05ca0228e467eaf91777751ad7
c932a28729a3db2a3e5776e52e18e23d8e4e7bc87ae398f7f3caf0029a19d95d
caa27ff1c77c523354a92ee93252f3ff5e21259e2358d072708d88236b6f8b47
cb68f573a69f12ac22b656de23d0efcb5eb9505eeba1d579112b730151cdc2c5
cbb1fa406c6d27851d47286a24a41cd63c87edefea475cce47b1e717129dd5e4
cf2f96e668062701f4fa1528d8abcf800b14885d56701aa9e4b4cbf01c1215aa
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d9092cb4fb3eafe925fa67a4dc6b62b7c769cbcb9a1420ecaf4b5d80edeae726
daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc63629e2a3083d80820c26c1b9afdfa736f492272a447303164597d535c1064
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df5e020a0b03feb2fb9b4dc60259ebc8dd850a0e51140d84ff03c3b6080ada95
e178d90d78f6611536dcc71109b0cc9e7b72e440f70f8660c3fa9c4d1ef9dab3
e347d753898fbf277776ef2e16df50f79979ba35f5d58afc46415ad7725676b1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52ba320502e2cd491874b86e0e3fbffbd189d8913f5f46c6092056ecfa24104
e6119ed7e8b147c4fb63f1d4f7da9356ad0212ddcab6ccfc052708b0f9d13e62
ea3931de93ca6940e75c6da8d126fccd812f1cf590cbf7844136d5c6c0685bf0
eafd7e17be354753ca120ef03d28aa45a37c423e89e9f2602e8fd5a24400f150
ec5fad0a130ee84240f611cae8f393bc11875dbaca9a78993949779dfd854526
eec5c16f99cb6829f384ede7f2ade9b1bdbfbf27c16d29993037fa28790b3d9b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6b6ed623b9789747d2e491b3ad692793d461be2f27bdf0c531b2d953fa670d
eff10462a087ca9404ba60423b627967e45c4d9d84c5511e54051fd8529dc7ee
f0822081c33dc4a9cabd9255d574f89280925c4e1f833eefb49a966243014572
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fb569f6cb17f458762401b465a42bef12e5d53c5159fe280fdeebce485918f15
fc6e0c4111cd38963ea6b4a56e332b87f188f6785c45065351a7d7b959c31287
fd86fe420268206f681edfdde283a00ce6f15dbd6bb7e09de5e8fd02cb88d463
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe92edba1f5990d76e1817f250ee4aae144f4efa95b676733bdd4391f2b74cf1
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffbb7792087f8b0afcf6e098a600539d76d28dea4e02d3a1aced38b5383b09e8

darktrace.com Open in urlscan Pro 34.249.200.254 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

188 Requests

98 %HTTPS

51 %IPv6

37 Domains

54 Subdomains

47 IPs

5 Countries

9723 kBTransfer

19684 kBSize

43 Cookies

48 Outgoing links

Redirected requests

188 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

darktrace.com Open in urlscan Pro
34.249.200.254 Public Scan

Screenshot
Live screenshot

Full Image

188
Requests

98 %
HTTPS

51 %
IPv6

37
Domains

54
Subdomains

47
IPs

5
Countries

9723 kB
Transfer

19684 kB
Size

43
Cookies

188 HTTP transactions
9 data transactions