duo.com Open in urlscan Pro
13.225.63.107  Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

• https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1682903334909 HTTP 302
• https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1682903334909

Request Chain 28

• https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1682903335147 HTTP 302
• https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1682903335147&dcc=t

Request Chain 58

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%26time%3D1682903335510%26url%3Dhttps%253A%252F%252Fduo.com%252Fdecipher%252Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookiesTest=true&liSync=true&e_ipv6=AQLLNLlHaH8K2gAAAYfU2wRLgW1I3g_pTZaZf68AJqjgl0sC5nirbaVNHsUQugFjRW9zo-3F

Request Chain 90

• https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjE2MTc5MDQ5ODI2NzI4NTU2NTEyMDk3Njc4MTY1NjQ3ODY1NjQ= HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NjE2MTc5MDQ5ODI2NzI4NTU2NTEyMDk3Njc4MTY1NjQ3ODY1NjQ=&google_tc= HTTP 302
• https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELSyyjbZ1PQidlVzCxVlmfo&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 94

• https://insight.adsrvr.org/track/up?adv=rshxraz&ref=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&upid=hpvhlc2&upv=1.1.0 HTTP 302
• https://match.adsrvr.org/track/upb/?adv=rshxraz&ref=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&upid=hpvhlc2&upv=1.1.0

Request Chain 97

• https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=61617904982672855651209767816564786564&gdpr=0&gdpr_consent= HTTP 302
• https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-MjCLQwJE2pFweJElfcSx7rKFPjYKKStO3Zg-~A

Request Chain 124

• https://usermatch.krxd.net/um/v2?partner=adobe&id=61617904982672855651209767816564786564 HTTP 302
• https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=61617904982672855651209767816564786564

Request Chain 152

• https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=M2Y3Y2QwNTUtMTAwZi00ZmRiLTkzYTktMDkyYzQ0YTE2Y2Q2&gdpr=0&gdpr_consent=&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6 HTTP 302
• https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6&google_gid=CAESECsW1NZmthHuB_likLoVKVI&google_cver=1

Request Chain 153

• https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6 HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D3f7cd055-100f-4fdb-93a9-092c44a16cd6 HTTP 302
• https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1033618079951120501&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6

Request Chain 154

• https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3f7cd055-100f-4fdb-93a9-092c44a16cd6&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
• https://match.adsrvr.org/track/cmf/rubicon?gdpr=0

181 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Show response duo.com/decipher/	31 KB 13 KB	1170ms 1111ms	Document text/html	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash dea5072c249e05af0035d6c72942572e82b8d373f82c557ea5a8529a81a3f53c Security Headers Name Value Content-Security-Policy frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers cache-control max-age=300 content-encoding gzip content-security-policy frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; content-type text/html; charset=UTF-8 date Mon, 01 May 2023 01:08:54 GMT expires Mon, 01 May 2023 01:13:54 GMT permissions-policy interest-cohort=() referrer-policy no-referrer-when-downgrade server Duo/1.0 strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-id tIIgxzlf3keRc0a1SgRaZTM2Zi21URRI-HekY6BS2QS3QCGWjv6Izg== x-amz-cf-pop EWR53-C1 x-cache Miss from cloudfront x-content-type-options nosniff x-ua-compatible IE=Edge,chrome=1 x-xss-protection 1; mode=block
GET H2	200	production-2021.css duo.com/css/	512 KB 99 KB	24ms 24ms	Stylesheet text/css	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/css/production-2021.css?v=1682521822 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash cc42aa625d1274a10475e8176510807c4ae645c69e2d4ba44690266e695544d3 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 16:31:00 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 age 203874 x-cache Hit from cloudfront pragma public last-modified Wed, 26 Apr 2023 15:10:22 GMT server Duo/1.0 etag W/"64493ede-8008d" vary Accept-Encoding content-type text/css cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id RdLoqoyFW4CRSplFUUnYSAryhConoolupkCr_epawuQQwLeecJ-Pfg== expires Sat, 27 Apr 2024 16:31:00 GMT
GET H2	200	d-logo--dark.svg duo.com/assets/img/decipher/logos/	4 KB 2 KB	48ms 47ms	Image image/svg+xml	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/assets/img/decipher/logos/d-logo--dark.svg Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash 431a961732e7d25ade3585946346fb7851946a1d8f4f4270b0b988914ba01520 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:17:42 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 age 3072 x-cache Hit from cloudfront pragma public last-modified Tue, 12 Apr 2022 20:00:42 GMT server Duo/1.0 etag W/"6255da6a-ff5" vary Accept-Encoding content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id irutr7Zzk2N9qxZGgYBfx4BGBI_3svqRE3guwUrV54BU_QmUNxHT-A== expires Tue, 30 Apr 2024 00:17:42 GMT
GET H2	200	aW1nL3Nlby1pbWFnZXMvc3VuLWRlY2lwaGVyLmpwZw== duo.com/img/asset/	47 KB 48 KB	664ms 663ms	Image image/jpeg	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/img/asset/aW1nL3Nlby1pbWFnZXMvc3VuLWRlY2lwaGVyLmpwZw==?w=1000&h=470&fit=crop&s=4d5d949531c394abec28084630476821 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash c7d94fd93ceb3e1b0fe91cfd5aad46072f311f02d29c47c991c75ec882810330 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:54 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff content-security-policy frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 x-cache Miss from cloudfront content-length 48370 x-xss-protection 1; mode=block x-ua-compatible IE=Edge,chrome=1 referrer-policy no-referrer-when-downgrade last-modified Mon, 01 May 2023 01:08:54 GMT server Duo/1.0 content-type image/jpeg cache-control max-age=300 permissions-policy interest-cohort=() x-amz-cf-id 17JDEqw2e4cdyDXzSxSwd4-nth9iFzKhTQrNqCY0xXV7FXY9hPxuaA== expires Mon, 01 May 2023 01:13:54 GMT
GET H2	200	d-logo--footer.svg duo.com/assets/img/decipher/logos/	3 KB 2 KB	50ms 50ms	Image image/svg+xml	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/assets/img/decipher/logos/d-logo--footer.svg Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash c33592c7a249c98164b3d533c58fae62ced2b403deab8f2d0cce4c4f1cbb285d Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:17:42 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 age 3072 x-cache Hit from cloudfront pragma public last-modified Tue, 12 Apr 2022 20:00:42 GMT server Duo/1.0 etag W/"6255da6a-b5f" vary Accept-Encoding content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id C071UNUsDG7ljRy_w89IH4GDNwfDi4mkdNYPn-Wr3depnLL720CKtg== expires Tue, 30 Apr 2024 00:17:42 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.1/	88 KB 31 KB	68ms 19ms	Script text/javascript	2607:f8b0:4006:823::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:823::200a New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sat, 29 Apr 2023 07:36:46 GMT content-encoding gzip x-content-type-options nosniff age 149528 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31100 x-xss-protection 0 last-modified Thu, 08 Sep 2022 18:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sun, 28 Apr 2024 07:36:46 GMT
GET H2	200	jquery-migrate-3.4.0.min.js Show response code.jquery.com/	13 KB 5 KB	97ms 26ms	Script application/javascript	2001:4de0:ac18::1:a:3a STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-migrate-3.4.0.min.js Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:54 GMT content-encoding gzip last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx etag W/"28feccc0-3470" vary Accept-Encoding x-hw 1682903334.dop084.dc2.t,1682903334.cds090.dc2.hn,1682903334.cds253.dc2.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 4792
GET H2	200	production-2021.min.js Show response duo.com/js/build/	753 KB 268 KB	38ms 36ms	Script application/javascript	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/js/build/production-2021.min.js?v=1679628612 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash 79b0582374656fb43fefc16cef24f8af26a15b2d7a306334295b66f17847feb9 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 16:31:00 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 age 203874 x-cache Hit from cloudfront pragma public last-modified Fri, 24 Mar 2023 03:30:12 GMT server Duo/1.0 etag W/"641d1944-bc55e" vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id Bl4Ts6CJFnCmT0LM9iAOOJi4ewpTVRJ08GzRLmSzFGeu1La-_iMPRg== expires Sat, 27 Apr 2024 16:31:00 GMT
GET H2	200	ctm.js Show response www.cisco.com/c/dam/cdc/t/	134 KB 31 KB	273ms 26ms	Script application/x-javascript	2600:1400:d:481::b33 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.cisco.com/c/dam/cdc/t/ctm.js Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:481::b33 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Apache / Resource Hash 7e405db9bf16d70cdb523e5f6ab4da606f50890198437a23cd461de508a09b2a Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com https://community.cisco.com/; Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-edgeconnect-origin-mex-latency 57, 57 date Mon, 01 May 2023 01:08:54 GMT content-encoding gzip x-content-type-options nosniff content-security-policy upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com https://community.cisco.com/; strict-transport-security max-age=31536000 x-edgeconnect-midmile-rtt 0, 0 x-test-debug nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1 x-xss-protection 1; mode=block content-length 30965 pragma no-cache cdchost wemxweb-publish-prod2-01 server Apache etag "21706-5f992595ebbc3-gzip" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/x-javascript cache-control max-age=0, no-cache, no-store accept-ranges bytes expires Mon, 01 May 2023 01:08:54 GMT
GET H2	200	din1451alt-webfont.woff2 duo.com/fonts/din1451alt/	17 KB 18 KB	220ms 220ms	Font application/octet-stream	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/fonts/din1451alt/din1451alt-webfont.woff2 Requested by Host: duo.com URL: https://duo.com/css/production-2021.css?v=1682521822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash e9f76eabead93f85fc4dc190dca4b1419dcd76b57b1c22649856b01d3ac2536e Security Headers Name Value Content-Security-Policy frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://duo.com/css/production-2021.css?v=1682521822 Origin https://duo.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; x-content-type-options nosniff date Mon, 01 May 2023 01:08:54 GMT via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 x-cache RefreshHit from cloudfront content-length 17424 x-xss-protection 1; mode=block x-ua-compatible IE=Edge,chrome=1 referrer-policy no-referrer-when-downgrade last-modified Tue, 12 Apr 2022 20:01:08 GMT server Duo/1.0 etag "6255da84-4410" vary Accept-Encoding content-type application/octet-stream cache-control max-age=300 accept-ranges bytes x-amz-cf-id V5H5fQfE4-tKqvMe4Vw-Ci_rEz_-aZEWklkKrmQmZs1Ja9NEf0GWVw== expires Mon, 01 May 2023 01:13:54 GMT
GET H2	200	din1451alt_g-webfont.woff2 duo.com/fonts/din1451alt/	22 KB 23 KB	98ms 98ms	Font application/octet-stream	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/fonts/din1451alt/din1451alt_g-webfont.woff2 Requested by Host: duo.com URL: https://duo.com/css/production-2021.css?v=1682521822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash ede067783c02098828dfe0bda385a9913ff79006eb2cd1a406bcc18e66cd7bad Security Headers Name Value Content-Security-Policy frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://duo.com/css/production-2021.css?v=1682521822 Origin https://duo.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; x-content-type-options nosniff date Mon, 01 May 2023 01:08:54 GMT via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 x-cache RefreshHit from cloudfront content-length 22668 x-xss-protection 1; mode=block x-ua-compatible IE=Edge,chrome=1 referrer-policy no-referrer-when-downgrade last-modified Tue, 12 Apr 2022 20:01:08 GMT server Duo/1.0 etag "6255da84-588c" vary Accept-Encoding content-type application/octet-stream cache-control max-age=300 accept-ranges bytes x-amz-cf-id JKSNVOA50jFggH2gqiy4EJajXw3bfLwS-URmUlY0NXHCFhzFK_FPug== expires Mon, 01 May 2023 01:13:54 GMT
GET H2	200	d-shape--blockquote.svg duo.com/assets/img/decipher/svg/	239 B 727 B	29ms 28ms	Image image/svg+xml	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/assets/img/decipher/svg/d-shape--blockquote.svg Requested by Host: duo.com URL: https://duo.com/css/production-2021.css?v=1682521822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash e2b5ac6297e5e12b9122d79ee4d3da217fd76f6631d2dc0c764442a7d05464b2 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/css/production-2021.css?v=1682521822 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:17:42 GMT strict-transport-security max-age=63072000; includeSubDomains; preload via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 age 3072 x-cache Hit from cloudfront content-length 239 pragma public last-modified Tue, 12 Apr 2022 20:00:42 GMT server Duo/1.0 etag "6255da6a-ef" content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 accept-ranges bytes x-amz-cf-id _yKSi58QK4cRlHpJG0Oh1FkjlbSPoApiqXYdDwQw2ONSITMFWtiLKw== expires Tue, 30 Apr 2024 00:17:42 GMT
GET H2	200	diamond.svg duo.com/assets/img/decipher/svg/	187 B 674 B	30ms 29ms	Image image/svg+xml	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/assets/img/decipher/svg/diamond.svg Requested by Host: duo.com URL: https://duo.com/css/production-2021.css?v=1682521822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash 45f9c9efb71fae4c333607520017c544fb9dc13100dd260f6148eb179b919d68 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/css/production-2021.css?v=1682521822 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:17:42 GMT strict-transport-security max-age=63072000; includeSubDomains; preload via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 age 3072 x-cache Hit from cloudfront content-length 187 pragma public last-modified Tue, 12 Apr 2022 20:00:42 GMT server Duo/1.0 etag "6255da6a-bb" content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 accept-ranges bytes x-amz-cf-id JOTUpLoviJQCy_mgllQA9H4_DSsRc8rHy2j2p8siCImhIfnMuD4BXA== expires Tue, 30 Apr 2024 00:17:42 GMT
GET H2	200	icon-sprite.20210112.svg Show response duo.com/fonts/	240 KB 81 KB	34ms 34ms	XHR image/svg+xml	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/fonts/icon-sprite.20210112.svg Requested by Host: duo.com URL: https://duo.com/js/build/production-2021.min.js?v=1679628612 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash d9218d98cd999ad151e3b5ff5e2d7021b93f1c806c49ffc1f60a3f476d64747e Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 24 Apr 2023 22:51:15 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C1 age 526659 x-cache Hit from cloudfront pragma public last-modified Tue, 12 Apr 2022 20:01:08 GMT server Duo/1.0 etag W/"6255da84-3c031" vary Accept-Encoding content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id ohCojfa62dnSHTzFey-xDJUEc1v5pu7OU_MAMWd24QZmNXaEro1IFQ== expires Tue, 23 Apr 2024 22:51:15 GMT
GET H2	200	utag.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	226 KB 57 KB	114ms 23ms	Script application/javascript	2600:9000:2511:7a00:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Requested by Host: www.cisco.com URL: https://www.cisco.com/c/dam/cdc/t/ctm.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 892d876246e269ba84a8fc52e5a639d6d8a95d50281ac098fa4bca7bd3c7a89d Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id _wv_xBTAAG47b8Qkoq_E9bI9LmG.rShX content-encoding br via 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront) date Mon, 01 May 2023 01:07:50 GMT last-modified Fri, 14 Apr 2023 21:01:52 GMT server AmazonS3 x-amz-cf-pop JFK50-P6 age 65 x-amz-server-side-encryption AES256 etag W/"298beebd2cb027cf4508b8be65f3c678" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=300 x-amz-cf-id VPr7CawUUjaCTL5LI6_97C3kX11bHRJglcRSR6VfOOjBPQPwvfzN3w==
GET H2	404	data.json Show response duo.com/public/json-bodymovin/d-logo-dark/	53 KB 12 KB	95ms 95ms	XHR text/html	13.225.63.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/public/json-bodymovin/d-logo-dark/data.json Requested by Host: duo.com URL: https://duo.com/js/build/production-2021.min.js?v=1679628612 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-107.ewr53.r.cloudfront.net Software Duo/1.0 / Resource Hash 966f7980585bf229f10989efd8ac092799de4f7588975bb78c2b2fbd028d1ed1 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:54 GMT content-encoding gzip via 1.1 8ab0aef6448b5ee7c8ac1a76da988556.cloudfront.net (CloudFront) server Duo/1.0 x-amz-cf-pop EWR53-C1 etag W/"6438a7fe-d202" vary Accept-Encoding x-cache Error from cloudfront content-type text/html; charset=utf-8 x-amz-cf-id 634NS7MLl_2YG4KY6ssHGb-s4JvNpluv4Y7vqhbqXd2K7UWlpFM7pQ==
GET H/1.1	200 OK	rd Show response dpm.demdex.net/id/ Redirect Chain https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1682903334909 https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1682903334909	973 B 1 KB	86ms 84ms	XHR application/json	54.148.169.223 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1682903334909 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol HTTP/1.1 Server 54.148.169.223 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-148-169-223.us-west-2.compute.amazonaws.com Software / Resource Hash df211faa7b17d7422564dd82a0d9f466108c9b85e3fcf2766f20835b462b23bf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers DCS dcs-prod-usw2-2-v044-0c8f2041b.edge-usw2.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-TID KBhjvqJZRfM= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://duo.com Content-Type application/json;charset=utf-8 Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Length 532 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers DCS dcs-prod-usw2-2-v044-0b796320e.edge-usw2.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains X-TID 7uUzgqqHS1s= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://duo.com Location https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1682903334909 Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Length 0 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	utag.5.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	73 KB 25 KB	21ms 20ms	Script application/javascript	2600:9000:2511:7a00:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.5.js?utv=ut4.46.202304131615 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 105f58f234aa02a846522fdf24b09a2b087a46ac8be5c6051fe09202d3f61314 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id nMLvhNfv2CUBaZ0Z.oOX2ZRSwuYoVxgR content-encoding br via 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront) date Mon, 01 May 2023 01:05:36 GMT last-modified Fri, 14 Apr 2023 21:01:51 GMT server AmazonS3 x-amz-cf-pop JFK50-P6 age 199 x-amz-server-side-encryption AES256 etag W/"b664f99d542469270892331eac22fd8d" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id sNEubu1MUaqEhZxxQovNx8UnbGjd5U-qfvDz3_cwbzzmh2RACjG3ow==
GET H2	200	utag.52.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	19 KB 7 KB	24ms 23ms	Script application/javascript	2600:9000:2511:7a00:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.52.js?utv=ut4.46.202304131615 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f8677844ddb268d5b5deefe1a9964b0e373863db808b21dcfe058ab7437fe617 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id j3xqGNT8rUmOdpUEUqUGReu_sGOf._i1 content-encoding br via 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront) date Mon, 01 May 2023 01:05:36 GMT last-modified Fri, 14 Apr 2023 21:01:51 GMT server AmazonS3 x-amz-cf-pop JFK50-P6 age 199 x-amz-server-side-encryption AES256 etag W/"0758c4c6fd90d769f52b3d9b659974f4" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id Cn1T9pcLZoLSIcBv4Aj388nK4I1sPQvwUJ3_7PQxMwQaEUAko8V94A==
GET H2	200	utag.28.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	2 KB 1 KB	26ms 25ms	Script application/javascript	2600:9000:2511:7a00:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.28.js?utv=ut4.46.202106171628 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 6ac1bc53d4545e02be79eb2ddec0b118e26210fd9f5f0494637127de5908a49d Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id HeJLvC0LZbDMhegC9bDxZ1xlNf1ICdoE content-encoding br via 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront) date Mon, 01 May 2023 01:05:36 GMT last-modified Fri, 14 Apr 2023 21:01:52 GMT server AmazonS3 x-amz-cf-pop JFK50-P6 age 199 x-amz-server-side-encryption AES256 etag W/"1f078473bd422b5d26b02e07c73f7618" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id SarzoBvzZBpYEWLeYkTd-7_VGffZlut_Bl_YuXyUHc_t7RtW3AiJ0A==
GET H2	200	utag.60.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	3 KB 2 KB	25ms 24ms	Script application/javascript	2600:9000:2511:7a00:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.60.js?utv=ut4.46.202303102021 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f899f59e75509fe9f04aff8e7b30f0cf49193ad870f0c5b22cb120df7c52265e Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id 0KdkeCDRwpCnvws9.Tyl5liSxUnW204W content-encoding br via 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront) date Mon, 01 May 2023 01:05:36 GMT last-modified Fri, 14 Apr 2023 21:01:50 GMT server AmazonS3 x-amz-cf-pop JFK50-P6 age 199 x-amz-server-side-encryption AES256 etag W/"74b9a75bd75db8f0381f6a9e16d87966" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id mVQauCFcZF4UfMnW31P9e6CxEcDG1qikW0643mpzKGD12AenjFU7fA==
GET H2	200	utag.83.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	3 KB 2 KB	26ms 25ms	Script application/javascript	2600:9000:2511:7a00:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.83.js?utv=ut4.46.202304031427 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a5cc88e365596685704b672d48a62e544fc3c0976bf745f68b43933821c05a23 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id kLBLKxtcgdAScM1W19WFB5Mev8aqfr9X content-encoding br via 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront) date Mon, 01 May 2023 01:05:36 GMT last-modified Fri, 14 Apr 2023 21:01:52 GMT server AmazonS3 x-amz-cf-pop JFK50-P6 age 199 x-amz-server-side-encryption AES256 etag W/"619c4cfaf1ef717cf057b4be933e7658" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id XUFye4zyL4hldBCOqxZfIeDntFxyLCxwzZRCHiOgjPMAvgcSzYcJTw==
GET H2	200	utag.84.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	2 KB 2 KB	26ms 26ms	Script application/javascript	2600:9000:2511:7a00:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.84.js?utv=ut4.46.202304131347 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash af92bf3301ac6fe497f69488f9814c47c949c95d56c80d1b368e728e6c89ab7c Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id lgXM7OGWACx8dTHYNgB0WETFcL8yXCEY content-encoding br via 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront) date Mon, 01 May 2023 01:05:36 GMT last-modified Fri, 14 Apr 2023 21:01:51 GMT server AmazonS3 x-amz-cf-pop JFK50-P6 age 199 x-amz-server-side-encryption AES256 etag W/"7dfe28a5a514d8bc42bfb414aacad89f" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id 3HZ8Ify1N99ketZToRcENAtP7tvee4Hl2GLvS-5U2Cjgz5u0gNo8Fg==
GET H2	200	amzn.js Show response c.amazon-adsystem.com/aat/	7 KB 7 KB	87ms 18ms	Script text/javascript	143.204.151.99 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/aat/amzn.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.151.99 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-151-99.ewr52.r.cloudfront.net Software AmazonS3 / Resource Hash 45153d776213fa86c1ef7dca51e36d669e1b697b53907f3bf7cd3ee706edbaec Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 30 Apr 2023 03:23:16 GMT x-amz-version-id RCjAxJ8CrRqbtKQCS4KIrWhcLcYrBklc via 1.1 5dd7b838ea405f86fdd3f313ecc68490.cloudfront.net (CloudFront) last-modified Thu, 11 Nov 2021 17:52:19 GMT server AmazonS3 x-amz-cf-pop EWR52-C2 age 78340 etag "4e42700e21a922978b72507ad18a7fea" x-cache Hit from cloudfront content-type text/javascript accept-ranges bytes content-length 6674 x-amz-cf-id EOV5G_he87Pn8YDG2HfGOKpzaQnc55-8IRneq3TeoVpOiySwpSRRtw==
GET H/1.1	200 OK	ntpagetag.gif cisco-tags.cisco.com/tag/	85 B 598 B	334ms 78ms	Image image/gif	72.163.10.10 CISCOSYSTEMS
General Check archive.org Show headers Download Go to Show image Full URL https://cisco-tags.cisco.com/tag/ntpagetag.gif?js=1&ts=1682903335059.996&lc=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&rs=1600x1200&cd=24&ln=en&tz=GMT&jv=0&ck=UnicaNIODID%3Dundefined&utag_main_v_id=0187d4daffe90002825de29c907b03074006106c00b08&meta.viewport=width%3Ddevice-width%2C%20initial-scale%3D1.0%2C%20user-scalable%3Dyes&title=broad%20cyber%20espionage%20campaign%20follows%20supply%20chain%20attack%20on%20solarwinds%20%7C%20decipher&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&webdriver=false&tag=ut4.46.202304142101&entitlement=undefined&locale=en-us&meta.country=us&meta.locale=us&breakpoint=unavailable&content_type=no%20contenttype&linktrack=linkpage&loc=http%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookie_length=0&meta.iapath=no%20iapath&hier1=no%20iapath&meta.wm_reporting_category=no%20iapath&sa_source=meta.iapath&t_profile=cisco.duo&t_load=ctm&suite=cisco-complete&returnVisit=false&cookies=true&localstorage=true&dnt=false&conversion=event1&adobeVersions=AppMeasurement%3D2.12.0%2CVisitorJS%3Dna%2CMbox%3Dna&meta.msapplication-tilecolor=%23000000&meta.msapplication-config=%2Fassets%2Fimg%2Fdecipher%2Ffavicons%2Fbrowserconfig.xml&meta.theme-color=%23ffffff&meta.robots=index%2Cfollow%2Carchive&meta.fb:app_id=2090208394329663&meta.og:site_name=decipher&meta.og:type=website&meta.og:url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&meta.twitter:card=summary_large_image&meta.twitter:site=%40deciphersec&meta.twitter:creator=%40deciphersec&meta.og:title=broad%20cyber%20espionage%20campaign%20follows%20supply%20chain%20attack%20on%20solarwinds&meta.twitter:title=broad%20cyber%20espionage%20campaign%20follows%20supply%20chain%20attack%20on%20solarwinds&meta.description=attackers%20planted%20a%20compromised%20update%20for%20the%20solarwinds%20orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.&meta.og:description=attackers%20planted%20a%20compromised%20update%20for%20the%20solarwinds%20orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.&meta.twitter:description=attackers%20planted%20a%20compromised%20update%20for%20the%20solarwinds%20orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.&meta.twitter:image=https%3A%2F%2Fduo.com%2Fassets%2Fimg%2Fseo-images%2Fsun-decipher.jpg&meta.og:image=https%3A%2F%2Fduo.com%2Fassets%2Fimg%2Fseo-images%2Fsun-decipher.jpg&meta.og:image:width=1200&meta.og:image:height=630&meta.bitly-verification=040b99f315c6&meta.google-site-verification=svd8ahbyylsc2wljqdzwij1d2tnu8-u3fbldciehxdu&meta.twitter:widgets:csp=on&meta.msvalidate.01=27fb624dbd3f07315a4bf69f5d649c68&ets=1682903335061.400 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 72.163.10.10 , United States, ASN109 (CISCOSYSTEMS, US), Reverse DNS cisco-tags.cisco.com Software Apache/2.4 / Resource Hash b96b64444f7d52c39b5716fe4d3e8d0433c67fb79731a4400188835d97b74bce Security Headers Name Value Content-Security-Policy script-src 'self'; object-src 'self' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Mon, 01 May 2023 01:08:55 GMT Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff Content-Security-Policy script-src 'self'; object-src 'self' Last-Modified Fri, 12 Jun 2009 13:25:52 GMT Server Apache/2.4 ETag "55" X-Frame-Options SAMEORIGIN Content-Type image/gif Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=1000 Content-Length 85 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	up_loader.1.1.0.js Show response js.adsrvr.org/	4 KB 2 KB	69ms 17ms	Script application/x-javascript	143.204.138.162 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.adsrvr.org/up_loader.1.1.0.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 143.204.138.162 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-138-162.ewr52.r.cloudfront.net Software AmazonS3 / Resource Hash ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Sun, 30 Apr 2023 03:56:11 GMT Content-Encoding gzip Via 1.1 c855cfdfac580e3b58f1c68c8d67dcf6.cloudfront.net (CloudFront) Last-Modified Thu, 24 Sep 2020 15:15:34 GMT Server AmazonS3 X-Amz-Cf-Pop EWR52-C2 Age 76365 ETag W/"98d98b3499058b76d58073cf8ede2f10" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/x-javascript X-Cache Hit from cloudfront Connection keep-alive X-Amz-Cf-Id 4VVk_OL_ExK9dZYzPYmYd2Er9jCcxT4GJ8an2oDt475n5VSep18Sxw==
GET H2	200	gtm.js Show response www.googletagmanager.com/	357 KB 102 KB	108ms 61ms	Script application/javascript	2607:f8b0:4006:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81d::2008 New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash d93e2c8dcfc8251a5ce508301e2e947600f1d7a38a3df7e0ab011e0f190e3790 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 104010 x-xss-protection 0 last-modified Mon, 01 May 2023 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 01 May 2023 01:08:55 GMT
GET H2	200	fd2h6g6rw8bb.js Show response js.driftt.com/include/1682903400000/	221 KB 62 KB	123ms 62ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/include/1682903400000/fd2h6g6rw8bb.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.84.js?utv=ut4.46.202304131347 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 8989f87b90cacdbca5875bdfbed7dd3c3f2acee982b9353c04d86e8c123906c0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id x8TZ8iebDtxhM0duvZHFnO4hbRoyqYO1 strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip date Mon, 01 May 2023 01:08:55 GMT via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 x-amz-server-side-encryption AES256 x-cache RefreshHit from cloudfront x-envoy-upstream-service-time 32 last-modified Fri, 28 Apr 2023 19:39:03 GMT server istio-envoy etag W/"1aa02cf06cb1a631ba2d08d343214ad7" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control no-cache access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id ZDDfGXQGzMrdsc5GVtdeQ79LXlwO57qgaoJukxZS1DtsviEgwcs0Rg==
GET H2	200	utag.v.js Show response tags.tiqcdn.com/utag/tiqapp/	2 B 434 B	19ms 19ms	Script application/javascript	2600:9000:2511:7a00:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=cisco/duo/202304142100&cb=1682903335065 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:7a00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id 2XUX04X5QEw0.xFya64khU._sHTRl_Pz date Mon, 01 May 2023 01:03:19 GMT via 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront) x-amz-cf-pop JFK50-P6 age 337 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 2 last-modified Sat, 11 Mar 2023 06:57:46 GMT server AmazonS3 etag "7bc0ee636b3b83484fc3b9348863bd22" vary Accept-Encoding content-type application/javascript cache-control max-age=300 accept-ranges bytes x-amz-cf-id PJOLRK1aJgQmeUlKtdySMzTbrKQZXZgESWSh0pV19qWYG6wfvFqXCg==
GET H/1.1	200 OK	iu3 Show response s.amazon-adsystem.com/ Frame 629F Redirect Chain https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1682903335147 https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1682903335147&dcc=t	65 B 896 B	56ms 55ms	Document text/html	52.46.155.104 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1682903335147&dcc=t Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aat/amzn.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash 115d83ece49fd1c5769409aab9d78572eed86cd38a0556b4cdeeac82c83091d3 Security Headers Name Value Strict-Transport-Security max-age=47474747; includeSubDomains; preload Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Cache-Control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 Connection keep-alive Content-Length 65 Content-Type text/html;charset=ISO-8859-1 Date Mon, 01 May 2023 01:08:55 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT Pragma no-cache Server Server Strict-Transport-Security max-age=47474747; includeSubDomains; preload Vary Content-Type,Accept-Encoding,User-Agent p3p policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR" x-amz-rid J6KEY6A50Q67EX47PZ89 Redirect headers Cache-Control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 Connection keep-alive Content-Length 0 Date Mon, 01 May 2023 01:08:55 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT Location https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1682903335147&dcc=t Pragma no-cache Server Server Strict-Transport-Security max-age=47474747; includeSubDomains; preload Vary Content-Type,Accept-Encoding,User-Agent p3p policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR" x-amz-rid VQ3KTN3REJXHVY2QK889
GET H2	200	optimize.js Show response www.google-analytics.com/gtm/	114 KB 45 KB	99ms 37ms	Script application/javascript	2607:f8b0:4006:81e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/gtm/optimize.js?id=GTM-WV3KTWL Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81e::200e New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 3fcdca9d6044c62ba84ae431023d8278dd13b748ffe6f97dd60dbb862f8b2442 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 45499 x-xss-protection 0 last-modified Mon, 01 May 2023 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 01 May 2023 01:08:55 GMT
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	125ms 19ms	Script application/x-javascript	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js?account=duo.com Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1DD2) / Resource Hash fe220f545f1bf98a40215c7e22abc72ed2167effe29406f6f3d568febeb6c726 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT content-encoding gzip last-modified Thu, 27 Apr 2023 12:08:20 GMT server ECS (nyb/1DD2) age 42582 etag "e64a45f5079d91:0" vary Accept-Encoding x-cache HIT content-type application/x-javascript cache-control max-age=86400 accept-ranges bytes content-length 25478
GET H2	200	analytics.js Show response www.google-analytics.com/	51 KB 21 KB	82ms 23ms	Script text/javascript	2607:f8b0:4006:81e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81e::200e New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Sun, 30 Apr 2023 23:22:23 GMT last-modified Mon, 17 Apr 2023 22:36:01 GMT server Golfe2 age 6392 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20737 expires Mon, 01 May 2023 01:22:23 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	114ms 29ms	Script application/x-javascript	2600:141b:13::17d7:82b9 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13::17d7:82b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 10 Jan 2023 17:22:56 GMT x-cdn AKAM vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=82115 accept-ranges bytes content-length 4777
GET H2	200	ebdaa317731b0.js Show response t.contentsquare.net/uxa/	371 KB 98 KB	89ms 23ms	Script application/javascript	18.164.116.94 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://t.contentsquare.net/uxa/ebdaa317731b0.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.164.116.94 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-164-116-94.jfk50.r.cloudfront.net Software AmazonS3 / Resource Hash 85784c85c70c1e16fcb092f0037eca6b24e890de8756b48455380ba2b7ca845d Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 30 Apr 2023 14:04:17 GMT content-encoding gzip via 1.1 08307cdad31639e360e0351e9156d6ba.cloudfront.net (CloudFront) x-amz-cf-pop JFK50-P6 age 0 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 content-length 99791 last-modified Thu, 27 Apr 2023 13:59:10 GMT server AmazonS3 etag "fbdca6f20dc76ce4bdb41cbf70ecbb6c" vary Accept-Encoding, Origin content-type application/javascript;charset=utf-8 cache-control max-age=900 accept-ranges bytes timing-allow-origin * x-amz-cf-id B_XFY52G1AWWzCDUc_FnbpMtrCjlNcAD5WW40eeQyZY-QpP9QZL2JQ==
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	107 KB 28 KB	82ms 18ms	Script application/x-javascript	2a03:2880:f012:10c:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 091ba5711e7f397eca67fb1da60968a88be608d2f4fb80955ef74f645b6e898b Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 01 May 2023 01:08:55 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27967 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug k8P4MkjejZIllf/9Mxo8no8oo5kp8xRcf0/do8r8AMHz2uTQnA8uz7GLKtSwkT/2C4RzS5RI/QRKogH2ot3CyA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 1512268381 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	munchkin-beta.js Show response munchkin.marketo.net/	1 KB 1 KB	104ms 25ms	Script application/x-javascript	104.91.126.206 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin-beta.js Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.91.126.206 Boston, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-91-126-206.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash aaf173c00687da3d4328c0a1593d764175af1cb6708fa79ca5febcdc5f7de161 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Mon, 01 May 2023 01:08:55 GMT Content-Encoding gzip Last-Modified Fri, 03 Feb 2023 02:35:29 GMT Server AkamaiNetStorage ETag "7ea9bdc17bda32d919638e9e573666e3:1675391729.535053" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Content-Type application/x-javascript Connection keep-alive Accept-Ranges bytes Content-Length 728
GET H2	200	bat.js Show response bat.bing.com/	40 KB 12 KB	83ms 34ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash eec5c0b7f3736c064a5c93fb61f419fe7d3f7c1815c81004312fd349fd43be2c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Mon, 01 May 2023 01:08:55 GMT last-modified Thu, 20 Apr 2023 19:01:49 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: CE2F83BF594B49D7A7AE3EEBA1EB8ABC Ref B: YMQ01EDGE0811 Ref C: 2023-05-01T01:08:55Z etag "808c558fba73d91:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 12048
GET H2	200	aquant.js Show response secure.quantserve.com/	22 KB 9 KB	101ms 24ms	Script application/javascript	2620:116:800b:21:c1e8:5385:5098:6bf0 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://secure.quantserve.com/aquant.js?a=p-4CduNLZtPCAtp Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800b:21:c1e8:5385:5098:6bf0 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT content-encoding gzip etag "DUHyBE1e2vdA+NAhXV6BXg==" vary Accept-Encoding content-type application/javascript cache-control private, max-age=604800 accept-ranges bytes expires Mon, 08 May 2023 01:08:55 GMT
GET H2	200	6si.min.js Show response j.6sc.co/	33 KB 11 KB	114ms 20ms	Script application/javascript	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 04 Apr 2023 21:13:35 GMT server nginx/1.14.0 (Ubuntu) etag "642c92ff-8319" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 10492 expires Mon, 01 May 2023 01:08:55 GMT
GET H2	200	ctm.js Show response www.cisco.com/c/dam/cdc/t/	134 KB 31 KB	28ms 27ms	Script application/x-javascript	2600:1400:d:481::b33 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.cisco.com/c/dam/cdc/t/ctm.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d:481::b33 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Apache / Resource Hash 7e405db9bf16d70cdb523e5f6ab4da606f50890198437a23cd461de508a09b2a Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com https://community.cisco.com/; Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-edgeconnect-origin-mex-latency 57, 57 date Mon, 01 May 2023 01:08:55 GMT content-encoding gzip x-content-type-options nosniff content-security-policy upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com https://community.cisco.com/; strict-transport-security max-age=31536000 x-edgeconnect-midmile-rtt 0, 0 x-test-debug nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1 x-xss-protection 1; mode=block content-length 30965 pragma no-cache cdchost wemxweb-publish-prod2-01 server Apache etag "21706-5f992595ebbc3-gzip" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/x-javascript cache-control max-age=0, no-cache, no-store accept-ranges bytes expires Mon, 01 May 2023 01:08:55 GMT
GET H2	200	lp.js Show response metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/	6 KB 6 KB	111ms 26ms	Script application/x-javascript	205.185.216.10 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS map2.hwcdn.net Software / Resource Hash 10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT strict-transport-security max-age=15552000; includeSubDomains; preload last-modified Thu, 22 Sep 2022 17:10:43 GMT x-amz-request-id tx00000000000002fef1d9a-00644aacc5-4fac9c27-sfo2a etag "9a8767fa98da937fb02cdbbc52a101bb" vary Access-Control-Request-Headers,Access-Control-Request-Method,Origin x-hw 1682903335.dop207.dc2.t,1682903335.cds172.dc2.hn,1682903335.cds041.dc2.c content-type application/x-javascript cache-control max-age=316958 x-rgw-object-type Normal accept-ranges bytes content-length 5776
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	27ms 23ms	Script application/x-javascript	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1DD2) / Resource Hash fe220f545f1bf98a40215c7e22abc72ed2167effe29406f6f3d568febeb6c726 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT content-encoding gzip last-modified Thu, 27 Apr 2023 12:08:20 GMT server ECS (nyb/1DD2) age 42582 etag "e64a45f5079d91:0" vary Accept-Encoding x-cache HIT content-type application/x-javascript cache-control max-age=86400 accept-ranges bytes content-length 25478
GET H2	200	SmartForms.js Show response sfc.leadspace.com/	3 KB 4 KB	60ms 12ms	Script application/javascript	35.190.114.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://sfc.leadspace.com/SmartForms.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 154.114.190.35.bc.googleusercontent.com Software UploadServer / Resource Hash 0645386b306fc6a2e7a59f44e38fb44e53c519a4ba0f0701e0caa07e9ab601d6 Security Headers Name Value Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:49:26 GMT strict-transport-security max-age=31536000 content-security-policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; age 1169 x-guploader-uploadid ADPycdvGLQitHeLE8oS2gnZpI5yIpjVEnKj_SigHzBANHSfG3nElzNySkB5hcB8yAOmrFcpeohTUQfSjek0frHYb6YWNhcBfOENr x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2718 x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Sun, 19 Mar 2023 12:49:31 GMT server UploadServer etag "557a04d61944100c7badd3f08c3e0fd3" x-frame-options SAMEORIGIN x-goog-generation 1679230171142792 x-goog-hash crc32c=6Pcn1A==, md5=VXoE1hlEEAx7rdPwjD4P0w== access-control-allow-origin * access-control-expose-headers Content-Type cache-control public, max-age=3600 feature-policy camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com x-goog-stored-content-length 2718 accept-ranges bytes content-type application/javascript expires Mon, 01 May 2023 01:49:26 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	235 KB 81 KB	42ms 41ms	Script application/javascript	2607:f8b0:4006:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81d::2008 New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash c1fc9b218ade2f543f88be43abbe323d3b009a3a40f5c501be3c1e90032c2763 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 82320 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 01 May 2023 01:08:55 GMT
POST H2	204	collect analytics.google.com/g/	0 239 B	80ms 33ms	Ping text/plain	2001:4860:4802:34::181 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://analytics.google.com/g/collect?v=2&tid=G-95Z7P6PE75&gtm=45je34q0&_p=1084075091&_gaz=1&cid=1413323575.1682903335&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682903335&sct=1&seg=0&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&dt=Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 248 B	80ms 31ms	Ping text/plain	2607:f8b0:4004:c1b::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-95Z7P6PE75&cid=1413323575.1682903335&gtm=45je34q0&aip=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::9a Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.ca/ads/	42 B 408 B	116ms 45ms	Image image/gif	2607:f8b0:4006:824::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-95Z7P6PE75&cid=1413323575.1682903335&gtm=45je34q0&aip=1&z=1731414247 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	dest5.html Show response cisco.demdex.net/ Frame 3FE5	7 KB 3 KB	350ms 82ms	Document text/html	44.236.152.42 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cisco.demdex.net/dest5.html?d_nsid=0 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.236.152.42 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-236-152-42.us-west-2.compute.amazonaws.com Software / Resource Hash 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Accept-Ranges bytes Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 2791 Content-Type text/html;charset=UTF-8 DCS dcs-prod-usw2-1-v044-00512d3f4.edge-usw2.demdex.com 0 ms Expires Thu, 01 Jan 1970 00:00:00 UTC P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains X-TID lAyJxXZ9R9I= content-encoding gzip date Mon, 1 May 2023 01:08:55 GMT last-modified Thu, 27 Apr 2023 14:06:28 GMT vary accept-encoding
GET H2	200	id Show response smetrics.cisco.com/	48 B 451 B	290ms 87ms	XHR application/x-javascript	63.140.36.119 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://smetrics.cisco.com/id?d_visid_ver=4.1.0&d_fieldgroup=A&mcorgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&mid=66300153538229907801821826389533481989&ts=1682903335421 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.36.119 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-63-140-36-119.data.adobedc.net Software jag / Resource Hash b1a4d63b9cfa6e3e3ea6c1acb78101902686a1340c58d6f0094720aa7e76c59f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Mon, 01 May 2023 01:08:55 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff server jag vary Origin content-type application/x-javascript;charset=utf-8 access-control-allow-origin https://duo.com p3p CP="This is not a P3P policy" cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true content-length 48 x-xss-protection 1; mode=block
GET H2	204	4006052.js Show response bat.bing.com/p/action/	0 137 B	58ms 56ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/4006052.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / ARR/3.0 Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Mon, 01 May 2023 01:08:55 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 358A5C89B6C8485CAFB9F3FCFC49C9D5 Ref B: YMQ01EDGE0811 Ref C: 2023-05-01T01:08:55Z x-powered-by ARR/3.0 x-cache CONFIG_NOCACHE
GET H2	204	0 bat.bing.com/action/	0 361 B	37ms 35ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=4006052&Ver=2&mid=07c7d6f6-c639-4c4d-9fe1-f0c31ba85abf&sid=be805780e7bc11ed8ebdd51c53f4c956&vid=be808310e7bc11ed859e57c2c682cea6&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher&p=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&r=&lt=1501&evt=pageLoad&sv=1&rn=520042 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Mon, 01 May 2023 01:08:55 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 3F5F5B1EC5054ABBBA653562A5829101 Ref B: YMQ01EDGE0811 Ref C: 2023-05-01T01:08:55Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	216127175396154 Show response connect.facebook.net/signals/config/	377 KB 108 KB	22ms 21ms	Script application/x-javascript	2a03:2880:f012:10c:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/216127175396154?v=2.9.102&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 7334cddac0f32a9329efa7bcaa874da48aecd10afb74c9e6ff20f859e2e7863f Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 01 May 2023 01:08:55 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 110402 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug in/ZVBOv7mCjYOaG91Yo+lAA1gjBxQCe5Fpv3oyebb6eAejkhdIoMy8RoNF4ocHVorihhgs2xzAtIF4uMD86lQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 1512268381 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	26ms 25ms	Script application/x-javascript	104.91.126.206 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin-beta.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.91.126.206 Boston, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-91-126-206.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Mon, 01 May 2023 01:08:55 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Wed, 09 Aug 2023 01:08:55 GMT
GET H2	200	xdframe-single-domain-1.1.1.html Show response csxd.contentsquare.net/uxa/ Frame 59DC	2 KB 1 KB	172ms 18ms	Document text/html	2600:9000:23cb:4c00:1b:ed91:4680:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://csxd.contentsquare.net/uxa/xdframe-single-domain-1.1.1.html?pid=5637 Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/ebdaa317731b0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:23cb:4c00:1b:ed91:4680:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash d1a9abb0dc96d5a0fcc121a6de3a2c29c193a91d2f68939080e111b54d01d9e8 Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers age 30116906 cache-control max-age=31536000 content-encoding gzip content-type text/html date Tue, 17 May 2022 11:20:29 GMT etag W/"fbd0a9f9a63a143cf028aca21682b386" last-modified Mon, 07 Mar 2022 15:32:43 GMT server AmazonS3 vary Accept-Encoding via 1.1 8770cedbbb1c2feb157dc67ce83fe00c.cloudfront.net (CloudFront) x-amz-cf-id ZcwRSM0ODkkClTgFSU1BqwFDy0d1Te5cKCElB1orZVRhfhLv6oLzWA== x-amz-cf-pop JFK50-P1 x-amz-server-side-encryption AES256 x-amz-version-id null x-cache Hit from cloudfront
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 114 B	37ms 35ms	XHR text/plain	2607:f8b0:4006:81e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1084075091&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&ul=en-us&de=UTF-8&dt=Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAAABQAAAAC~&jid=1184252949&gjid=116484337&cid=1413323575.1682903335&tid=UA-20141016-1&_gid=818301295.1682903335&_r=1&_slc=1&gtm=45He34q0n71MFPB9D&z=1456055815 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81e::200e New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 151 B	31ms 30ms	XHR text/plain	2607:f8b0:4004:c1b::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-20141016-1&cid=1413323575.1682903335&jid=431131216&gjid=1005993514&_gid=818301295.1682903335&_u=aCDAgAABQAAAAG~&z=962659382 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::9a Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	collect www.google-analytics.com/	35 B 192 B	20ms 19ms	Image image/gif	2607:f8b0:4006:81e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j100&a=1084075091&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&ul=en-us&de=UTF-8&dt=Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAgAABQAAAAC~&jid=431131216&gjid=1005993514&cid=1413323575.1682903335&tid=UA-20141016-1&_gid=818301295.1682903335&gtm=45He34q0n71MFPB9D&cg3=Decipher%20Traffic%20Only&z=1892238183 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81e::200e New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Sun, 30 Apr 2023 12:15:47 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 46388 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/7540/domain/duo.com/	37 B 367 B	77ms 11ms	XHR application/json	2600:9000:21ec:b200:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/7540/domain/duo.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ec:b200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash db707c392c1c879d068ad124f8d1232613aa29e630a4fbd5e217f618bdff41fb Request headers Accept * Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:29:57 GMT content-encoding gzip via 1.1 697118bcd171d3b8a0299bf4ce5a8604.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2338 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=21539 x-amz-cf-id J56bo5gtIFmtgoIud_ckt8iKIQsh3fbYOHTquunv3IL-RoldStZDbA==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookiesTes... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%26time%3D1682903335510%26url%3Dhttps%253A%252F%252Fduo.com%252Fdecipher%252F... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookiesTes... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookiesTe...	0 489 B	103ms 69ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookiesTest=true&liSync=true&e_ipv6=AQLLNLlHaH8K2gAAAYfU2wRLgW1I3g_pTZaZf68AJqjgl0sC5nirbaVNHsUQugFjRW9zo-3F Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:56 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: A84E30AD9DAE4AFBB0F9C7FD3A518311 Ref B: YMQ01EDGE0514 Ref C: 2023-05-01T01:08:56Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAX6l3eKQ1iks3b01H9Xew== Redirect headers date Mon, 01 May 2023 01:08:55 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: F6BFAAF844B8410B8DB079B9659FF872 Ref B: YMQ01EDGE0608 Ref C: 2023-05-01T01:08:55Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1682903335510&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cookiesTest=true&liSync=true&e_ipv6=AQLLNLlHaH8K2gAAAYfU2wRLgW1I3g_pTZaZf68AJqjgl0sC5nirbaVNHsUQugFjRW9zo-3F x-li-proto http/2 content-length 0 x-li-uuid AAX6l3eIsDsXBE+NZPxkfQ==
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/7540/domain/duo.com/	37 B 369 B	73ms 9ms	XHR application/json	2600:9000:21ec:b200:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/7540/domain/duo.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ec:b200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash db707c392c1c879d068ad124f8d1232613aa29e630a4fbd5e217f618bdff41fb Request headers Accept * Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:29:57 GMT content-encoding gzip via 1.1 697118bcd171d3b8a0299bf4ce5a8604.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2338 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=21539 x-amz-cf-id 3OgRzI4KDnICdnTw0wuEh8mYtNF0eFGhY5T29_E1vraaOvNpEsji_w==
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/7540/domain/duo.com/	37 B 368 B	74ms 11ms	XHR application/json	2600:9000:21ec:b200:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/7540/domain/duo.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ec:b200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash db707c392c1c879d068ad124f8d1232613aa29e630a4fbd5e217f618bdff41fb Request headers Accept * Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:29:57 GMT content-encoding gzip via 1.1 697118bcd171d3b8a0299bf4ce5a8604.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2338 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=21539 x-amz-cf-id SWqL0BGGBbDu2MXseYLVLo2MkapAnSqJ9ZB0uhaWhn4pTmhuHqsMsw==
GET H2	200	rules-p-4CduNLZtPCAtp.js Show response rules.quantcount.com/	2 KB 1 KB	80ms 19ms	Script application/javascript	2600:9000:21dd:7400:6:44e3:f8c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://rules.quantcount.com/rules-p-4CduNLZtPCAtp.js Requested by Host: secure.quantserve.com URL: https://secure.quantserve.com/aquant.js?a=p-4CduNLZtPCAtp Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:7400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f69a82e80bb0f4bf2b963cc41704257bb7c27a2830eac8c549898e333a77a68f Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:30:28 GMT content-encoding gzip via 1.1 aa7679f2d01b23d9a66bfa6e92991b04.cloudfront.net (CloudFront) x-amz-cf-pop EWR53-C2 age 2308 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin last-modified Fri, 14 Oct 2022 06:32:47 GMT server AmazonS3 etag W/"34d1f7453407b67de9c442d34b1233a9" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=3600 x-amz-cf-id JYg1HFUZxBHyP0vLfdeD7nb_LZ-2UxyarED6D92EpeHQh_haIJF0SA==
GET BLOB	200 OK	c35a6e2a-e592-4f2b-ae8e-f45950fd3805 https://duo.com/	11 KB 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://duo.com/c35a6e2a-e592-4f2b-ae8e-f45950fd3805 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 1e116d068314b1eb97ad95264d427d9a63c5baa0395467bdaeed4bf9ce9c760a Request headers accept-language en-CA,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Content-Length 10879 Content-Type application/javascript
GET H2	200	ipv cdn.bizible.com/m/	43 B 303 B	21ms 20ms	Image image/gif	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=d4680b8c00a948d8e34665d139cd0de1&_biz_s=5a19a&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&_biz_t=1682903335545&_biz_i=Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher&_biz_n=0&a=duo.com&rnd=71605&cdn_o=a&_biz_z=1682903335546 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1D07) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT last-modified Sun, 30 Apr 2023 13:19:12 GMT server ECS (nyb/1D07) age 42583 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type Image/GIF cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	u cdn.bizibly.com/	43 B 203 B	44ms 20ms	Image image/gif	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=d4680b8c00a948d8e34665d139cd0de1&_biz_s=5a19a&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&_biz_t=1682903335550&_biz_i=Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher&a=duo.com&rnd=423366&cdn_o=a&_biz_z=1682903335550 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1D33) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT last-modified Sun, 30 Apr 2023 20:10:05 GMT server ECS (nyb/1D33) age 17930 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type Image/GIF cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
POST H3	200	collect Show response stats.g.doubleclick.net/j/	4 B 25 B	36ms 35ms	XHR text/plain	2607:f8b0:4004:c1b::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-20141016-1&cid=1413323575.1682903335&jid=1184252949&gjid=116484337&_gid=818301295.1682903335&_u=aADAAAAAQAAAAC~&z=159302290 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c1b::9a Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 408 B	90ms 39ms	Image image/gif	2607:f8b0:4006:81f::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-20141016-1&cid=1413323575.1682903335&jid=431131216&_u=aCDAgAABQAAAAG~&z=1474420138 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81f::2004 New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.ca/ads/	42 B 107 B	57ms 44ms	Image image/gif	2607:f8b0:4006:824::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-20141016-1&cid=1413323575.1682903335&jid=431131216&_u=aCDAgAABQAAAAG~&z=1474420138 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	74041.js Show response sfc.leadspace.com/	51 KB 52 KB	63ms 61ms	Script text/javascript	35.190.114.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://sfc.leadspace.com/74041.js Requested by Host: sfc.leadspace.com URL: https://sfc.leadspace.com/SmartForms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 154.114.190.35.bc.googleusercontent.com Software UploadServer / Resource Hash 84bcda975287ae82a621b995a7fa115a14e23819f512f6c901b8f30e344669b8 Security Headers Name Value Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT strict-transport-security max-age=31536000 content-security-policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; age 0 x-guploader-uploadid ADPycdv_bBvM_ForSFV4x_uZvmWAzJYww0VfXpGO8W3rSrP1Q-wkrs1M68My5i0CbjQ5PuGmQf_tiYahYFo9twIN5lnUkLC8F9Xc x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 52668 x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Sun, 18 Dec 2022 08:20:45 GMT server UploadServer etag "9262edb1908b557213735553b633518b" x-frame-options SAMEORIGIN x-goog-generation 1671351645312076 x-goog-hash crc32c=lCPU+A==, md5=kmLtsZCLVXITc1VTtjNRiw== access-control-allow-origin * access-control-expose-headers Content-Type cache-control public, max-age=3600 feature-policy camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com x-goog-stored-content-length 52668 accept-ranges bytes content-type text/javascript expires Mon, 01 May 2023 02:08:55 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 196 B	40ms 28ms	XHR text/html	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://duo.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	20 B 306 B	154ms 69ms	XHR text/html	2600:1400:d::1721:eeb1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d::1721:eeb1 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash a7b321e2aedb7eeb6e47e410d92923c2b37bc5999a80ea24e9584fc6ee88a0d6 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT vary Origin content-type text/html access-control-allow-origin https://duo.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2607:5300:60:7867::7 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467473_388099757_409382786_29_1398_20_0";dur=1 content-length 20 expires Mon, 01 May 2023 01:08:55 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	58ms 44ms	Image image/gif	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=cd7ca9cd-c117-499b-8dff-71c99216e192&session=9614ad9b-685d-4730-89a8-3d714ac24782&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A55%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2001%20May%202023%2001%3A08%3A55%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22839eaa5e959ad938f179bd0fe4450965%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2001%20May%202023%2001%3A08%3A55%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2001%20May%202023%2001%3A08%3A55%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Attackers%20planted%20a%20compromised%20update%20for%20the%20SolarWinds%20Orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&pageViewId=11071bdb-efd5-44b4-89e9-1f5ebfc115f7 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
POST H/1.0	200 OK	visitWebPage 074-uqx-410.mktoresp.com/webevents/	43 B 121 B	469ms 88ms	Ping image/gif	199.15.214.243 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://074-uqx-410.mktoresp.com/webevents/visitWebPage?_mchNc=1682903335582&_mchCn=&_mchId=074-UQX-410&_mchTk=_mch-duo.com-1682903335581-46145&_mchHo=duo.com&_mchPo=&_mchRu=%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&_mchPc=https%3A&_mchVr=163&_mchEcid=B8D07FF4520E94C10A490D4C%40AdobeOrg%3A9%3A66300153538229907801821826389533481989&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.15.214.243 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software BigIP / Resource Hash cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Connection Keep-Alive Content-Length 43 Server BigIP
GET H2	200	xdc.js Show response cdn.bizible.com/	116 B 524 B	55ms 52ms	Script text/javascript	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=d4680b8c00a948d8e34665d139cd0de1&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.04.20&a=duo.com Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1D31) / Resource Hash d518649e079e258970f57f7b17e3fcf9c8e9ba63d548629710b64f8362705a8f Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT content-encoding gzip server ECS (nyb/1D31) etag 945B1E0F vary Accept-Encoding p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 content-length 218
GET H2	200	oribili.js Show response cdn.linkedin.oribi.io/7540/	72 KB 24 KB	66ms 29ms	Script application/javascript	2600:9000:21ec:b200:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/7540/oribili.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ec:b200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 9425e201802508d3508b64c3a5d9e7443d268271ed9536a5fadc2961ec633afa Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:43 GMT content-encoding gzip via 1.1 442b92844f344782438a7e0f5132c124.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 12 vary accept-encoding, Origin x-cache Hit from cloudfront content-type application/javascript;charset=UTF-8 cache-control public, max-age=300 x-amz-cf-id Rab4sfSTkEGOAmp2f_UvQd4pV4BQLyxbHoFatO9AmUNgZrqux1wkyA==
GET H2	200	ga-audiences www.google.com/ads/	42 B 107 B	40ms 37ms	Image image/gif	2607:f8b0:4006:81f::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-20141016-1&cid=1413323575.1682903335&jid=1184252949&_u=aADAAAAAQAAAAC~&z=923865713 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81f::2004 New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.ca/ads/	42 B 63 B	41ms 38ms	Image image/gif	2607:f8b0:4006:824::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-20141016-1&cid=1413323575.1682903335&jid=1184252949&_u=aADAAAAAQAAAAC~&z=923865713 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 185 B	91ms 28ms	Image text/plain	2a03:2880:f112:182:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=216127175396154&ev=PageView&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&rl=&if=false&ts=1682903335661&sw=1600&sh=1200&v=2.9.102&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1682903335660.174672261&it=1682903335442&coo=false&rqm=GET Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Mon, 01 May 2023 01:08:55 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	pixel;r=380815311;labels=_fp.event.Default;rf=0;a=p-4CduNLZtPCAtp;url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds;uht=2;fpan=1;fpa=P0... pixel.quantserve.com/	35 B 371 B	26ms 25ms	Image image/gif	2620:116:800b:21:c1e8:5385:5098:6bf0 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.quantserve.com/pixel;r=380815311;labels=_fp.event.Default;rf=0;a=p-4CduNLZtPCAtp;url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds;uht=2;fpan=1;fpa=P0-1996021897-1682903335515;pbc=;ns=0;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;ref=;d=duo.com;dst=0;et=1682903335664;tzo=0;ogl=site_name.Decipher%2Ctype.website%2Curl.https%3A%2F%2Fduo%252Ecom%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-att%2Ctitle.Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%2Cdescription.Attackers%20planted%20a%20compromised%20update%20for%20the%20SolarWinds%20Orion%20platform%252C%20leadin%2Cimage.https%3A%2F%2Fduo%252Ecom%2Fassets%2Fimg%2Fseo-images%2Fsun-decipher%252Ejpg%2Cimage%3Awidth.1200%2Cimage%3Aheight.630;ses=001768ff-ab48-44e3-8ea6-4916f38cd7bd Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800b:21:c1e8:5385:5098:6bf0 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT strict-transport-security max-age=86400 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" content-type image/gif cache-control private, no-cache, no-store, proxy-revalidate content-length 35 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H2	200	u cdn.bizible.com/m/	43 B 120 B	19ms 18ms	Image image/gif	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/m/u?mapType=ecid&mapValue=B8D07FF4520E94C10A490D4C%40AdobeOrg_66300153538229907801821826389533481989&_biz_u=d4680b8c00a948d8e34665d139cd0de1&_biz_s=5a19a&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&_biz_t=1682903335552&_biz_i=Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher&_biz_n=1&a=duo.com&rnd=375001&cdn_o=a&_biz_z=1682903335676 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1D16) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT last-modified Sun, 30 Apr 2023 13:19:42 GMT server ECS (nyb/1D16) age 42553 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type Image/GIF cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H3	200	sf5.js Show response sfc.leadspace.com/	108 KB 108 KB	13ms 13ms	Script application/javascript	35.190.114.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://sfc.leadspace.com/sf5.js Requested by Host: sfc.leadspace.com URL: https://sfc.leadspace.com/SmartForms.js Protocol H3 Security QUIC, , AES_128_GCM Server 35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 154.114.190.35.bc.googleusercontent.com Software UploadServer / Resource Hash 9cc245821ba4cd37c377b90c95110b3f4dce6d086be4d39bb846e36d00c69e96 Security Headers Name Value Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 00:44:47 GMT strict-transport-security max-age=31536000 content-security-policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; age 1448 x-guploader-uploadid ADPycdtX6B910Z6qz3--NBUpSk9ATuSd7ivH12ptfwIbzkpMsvN7X3gexRK1txYfkB0B0RWidMAQ0k53tlG73ClRn9_nJWIwRk3z x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 110193 x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Sun, 19 Mar 2023 12:49:31 GMT server UploadServer etag "ade883d30872409e309569dd6cad3891" x-frame-options SAMEORIGIN x-goog-generation 1679230171801136 x-goog-hash crc32c=iINeEw==, md5=reiD0whyQJ4wlWndbK04kQ== access-control-allow-origin * access-control-expose-headers Content-Type cache-control public, max-age=3600 feature-policy camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com x-goog-stored-content-length 110193 accept-ranges bytes content-type application/javascript expires Mon, 01 May 2023 01:44:47 GMT
GET H2	204	pageview c.contentsquare.net/	0 320 B	134ms 23ms	Image text/plain	34.224.153.241 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://c.contentsquare.net/pageview?pid=5637&uu=2e417780-2387-af50-cd44-d90e3faa4fae&sn=1&hd=1682903335&pn=1&dw=1600&dh=4129&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&uc=0&la=en-US&v=13.12.0&pvt=n&ex=&r=730147 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.224.153.241 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-224-153-241.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 content-disposition inline timing-allow-origin * access-control-allow-headers Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With expires Sun, 24 Oct 1982 23:00:00 GMT
GET H2	200	s4324546985598 Show response smetrics.cisco.com/b/ss/cisco-complete/10/JS-2.12.0/	927 B 1 KB	92ms 92ms	Script application/x-javascript	63.140.36.119 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://smetrics.cisco.com/b/ss/cisco-complete/10/JS-2.12.0/s4324546985598?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=1%2F4%2F2023%201%3A8%3A55%201%200&d.&nsid=0&jsonv=1&.d&sdid=6CCB3A58607F49F7-1D26A6B79360677A&mid=66300153538229907801821826389533481989&aamlh=9&ce=UTF-8&ns=cisco&pageName=duo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&g=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&cc=USD&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=broad%20cyber%20espionage%20campaign%20follows%20supply%20chain%20attack%20on%20solarwinds%20%7C%20decipher&h1=duo.com%3Adecipher%3Abroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&c2=undefined%3Ano%20iapath%3Abroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&c3=duo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&h3=no%20iapath&c10=5%3A08%20PM%7CSunday&v10=5%3A08%20PM%7CSunday&v25=duo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&v26=no%20contenttype&c28=no%20iapath&v28=no%20iapath&c33=en-us&v33=en-us&c41=duo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&c46=ut4.46.202304142101&v48=undefined&c50=cisco-complete&c51=unavailable&c53=no%20contenttype&c59=0187d4daffe90002825de29c907b03074006106c00b08&v63=unavailable&v77=AppMeasurement%3D2.12.0%2CVisitorJS%3D4.1.0%2CMbox%3Dna&v78=dnt%3Dfalse%2Ccookies%3Dtrue%2Clocalstorage%3Dtrue&v92=0.9533683985696773_1682903335520&v98=cisco.duo&v106=66300153538229907801821826389533481989&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&AQE=1 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.5.js?utv=ut4.46.202304131615 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.36.119 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-63-140-36-119.data.adobedc.net Software jag / Resource Hash acfa4f82d91210e5224aed508cc7552c79e45ce2e78378ad19f0757947609c38 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-aam-tid 8a8VQBu5Tok= date Mon, 01 May 2023 01:08:55 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff p3p CP="This is not a P3P policy" content-length 927 x-xss-protection 1; mode=block dcs dcs-prod-usw2-2-v044-07167c779.edge-usw2.demdex.com 3 ms pragma no-cache last-modified Tue, 02 May 2023 01:08:55 GMT server jag etag 3614007393192706048-4619652178849768366 vary * content-type application/x-javascript;charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, max-age=0, no-transform, private expires Sun, 30 Apr 2023 01:08:55 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	67ms 66ms	Image image/gif	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=cd7ca9cd-c117-499b-8dff-71c99216e192&session=9614ad9b-685d-4730-89a8-3d714ac24782&event=ipv6&q=%7B%22address%22%3A%222607%3A5300%3A60%3A7867%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22Attackers%20planted%20a%20compromised%20update%20for%20the%20SolarWinds%20Orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&pageViewId=11071bdb-efd5-44b4-89e9-1f5ebfc115f7 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 953 B	100ms 34ms	Stylesheet text/css	2607:f8b0:4006:81f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Raleway Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81f::200a New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 227a156b02cb9dd20be403f5e5ba24330bdc76cfe10f3864e5bd3d4f72b03e66 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 01 May 2023 01:08:55 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sun, 30 Apr 2023 23:43:31 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 01 May 2023 01:08:55 GMT
POST H/1.1	200 OK	match Show response sfgw.leadspace.com/ip/	138 B 1 KB	104ms 101ms	XHR application/json	35.185.62.129 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://sfgw.leadspace.com/ip/match Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 35.185.62.129 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 129.62.185.35.bc.googleusercontent.com Software Prod / Resource Hash 0bf3c76b2ce66baa2f48ce7366d68dc1f6ee924e8f13da77c55bd1bee17f144a Security Headers Name Value Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' https://*.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.aptrinsic.com; img-src www.google-analytics.com https://*.leadspace.com https://*.aptrinsic.com https://storage.googleapis.com; connect-src https://*.leadspace.com wss://*.leadspace.com https://*.aptrinsic.com https://*.google-analytics.com; frame-src https://*.leadspace.com; style-src 'unsafe-inline' https://*.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://*.leadspace.com https://*.aptrinsic.com; frame-ancestors https://*.leadspace.com; media-src https://*.leadspace.com Strict-Transport-Security max-age=31536000; includeSubdomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept application/json Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 Authorization 74041 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type application/json Response headers date Mon, 01 May 2023 01:08:56 GMT content-security-policy default-src 'self'; script-src 'unsafe-inline' https://*.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.aptrinsic.com; img-src www.google-analytics.com https://*.leadspace.com https://*.aptrinsic.com https://storage.googleapis.com; connect-src https://*.leadspace.com wss://*.leadspace.com https://*.aptrinsic.com https://*.google-analytics.com; frame-src https://*.leadspace.com; style-src 'unsafe-inline' https://*.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://*.leadspace.com https://*.aptrinsic.com; frame-ancestors https://*.leadspace.com; media-src https://*.leadspace.com x-content-type-options nosniff referrer-policy no-referrer server Prod strict-transport-security max-age=31536000; includeSubdomains vary Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Origin content-type application/json access-control-allow-origin https://duo.com access-control-allow-credentials true content-length 138 x-xss-protection 1; mode=block
OPTIONS H/1.1	200 OK	match sfgw.leadspace.com/ip/ Frame	0 0	346ms 134ms	Preflight	35.185.62.129 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://sfgw.leadspace.com/ip/match Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 35.185.62.129 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 129.62.185.35.bc.googleusercontent.com Software Prod / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' https://*.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.aptrinsic.com; img-src www.google-analytics.com https://*.leadspace.com https://*.aptrinsic.com https://storage.googleapis.com; connect-src https://*.leadspace.com wss://*.leadspace.com https://*.aptrinsic.com https://*.google-analytics.com; frame-src https://*.leadspace.com; style-src 'unsafe-inline' https://*.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://*.leadspace.com https://*.aptrinsic.com; frame-ancestors https://*.leadspace.com; media-src https://*.leadspace.com Strict-Transport-Security max-age=31536000; includeSubdomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://duo.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization, content-type access-control-allow-methods POST access-control-allow-origin https://duo.com access-control-max-age 1800 allow GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH content-length 0 content-security-policy default-src 'self'; script-src 'unsafe-inline' https://*.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.aptrinsic.com; img-src www.google-analytics.com https://*.leadspace.com https://*.aptrinsic.com https://storage.googleapis.com; connect-src https://*.leadspace.com wss://*.leadspace.com https://*.aptrinsic.com https://*.google-analytics.com; frame-src https://*.leadspace.com; style-src 'unsafe-inline' https://*.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://*.leadspace.com https://*.aptrinsic.com; frame-ancestors https://*.leadspace.com; media-src https://*.leadspace.com date Mon, 01 May 2023 01:08:55 GMT referrer-policy no-referrer server Prod strict-transport-security max-age=31536000; includeSubdomains vary Origin,Access-Control-Request-Method,Access-Control-Request-Headers x-content-type-options nosniff x-xss-protection 1; mode=block
POST H2	202	event Show response gw.linkedin.oribi.io/	0 180 B	292ms 96ms	XHR text/plain	35.82.211.62 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://gw.linkedin.oribi.io/event Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.82.211.62 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-82-211-62.us-west-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept * Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers access-control-allow-origin https://duo.com date Mon, 01 May 2023 01:08:56 GMT access-control-allow-credentials true content-length 0 vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-type text/plain
GET H2	200	/ px.ads.linkedin.com/ws_collect/	0 144 B	76ms 75ms	Image text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px.ads.linkedin.com/ws_collect/?pid=7540&timestamp=1682903335886&raw_event_id=7540-3002e3db-b93f-c23a-e83a-0b06a1278f2a-1682903335884 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:55 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 12EA986AED474D1EB08FB79DC16E413C Ref B: YMQ01EDGE0608 Ref C: 2023-05-01T01:08:55Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAX6l3eHWqa3Mw+XI97vwA==
GET H2	204	dvar c.contentsquare.net/	0 319 B	23ms 23ms	Image text/plain	34.224.153.241 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://c.contentsquare.net/dvar?v=13.12.0&pid=5637&uu=2e417780-2387-af50-cd44-d90e3faa4fae&sn=1&pn=1&dv=H4sIAAAAAAAAA6tWSi72TSxJzsjMS%2FdOrVSyUjLQszQ1NjazMLa0MDWzNDM3N443NLMwsjQwNjY2NTUyUKoFAA3wiKA0AAAA&ct=2&r=290268 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.224.153.241 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-224-153-241.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Mon, 01 May 2023 01:08:55 GMT access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 content-disposition inline timing-allow-origin * access-control-allow-headers Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With expires Sun, 24 Oct 1982 23:00:00 GMT
GET H/1.1	200 OK	ibs:dpid=771&dpuuid=CAESELSyyjbZ1PQidlVzCxVlmfo&google_cver=1 dpm.demdex.net/ Frame 3FE5 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjE2MTc5MDQ5ODI2NzI4NTU2NTEyMDk3Njc4MTY1NjQ3ODY1NjQ= https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NjE2MTc5MDQ5ODI2NzI4NTU2NTEyMDk3Njc4MTY1NjQ3ODY1NjQ=&google_tc= https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELSyyjbZ1PQidlVzCxVlmfo&google_cver=1?gdpr=0&gdpr_consent=	42 B 942 B	89ms 87ms	Image image/gif	54.148.169.223 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELSyyjbZ1PQidlVzCxVlmfo&google_cver=1?gdpr=0&gdpr_consent= Protocol HTTP/1.1 Server 54.148.169.223 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-148-169-223.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://cisco.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers DCS dcs-prod-usw2-2-v044-01e348dc6.edge-usw2.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID 20RFbpknRNA= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Mon, 01 May 2023 01:08:56 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELSyyjbZ1PQidlVzCxVlmfo&google_cver=1?gdpr=0&gdpr_consent= p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 314 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	adsct analytics.twitter.com/i/ Frame 3FE5	43 B 392 B	217ms 46ms	Image image/gif	104.244.42.131 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?p_user_id=61617904982672855651209767816564786564&p_id=38594 Requested by Host: duo.com URL: https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.131 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_b / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language en-CA,en;q=0.9 Referer https://cisco.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-response-time 6 date Mon, 01 May 2023 01:08:55 GMT strict-transport-security max-age=631138519 server tsa_b content-type image/gif;charset=utf-8 x-transaction-id 3fe97345de51e179 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 15b10132629bb90fc678b1138b6525f9a47d650c3712120ff4855d2f0ce805cb content-length 43
GET H2	200	core Show response js.driftt.com/ Frame 883C	2 KB 1 KB	62ms 36ms	Document text/html	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1682903400000/fd2h6g6rw8bb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash e2a0c716824375ab3b6ba3d71119d6ea8658ec6d3afbe6efa8e49b07cc1e858b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache content-encoding gzip content-type text/html; charset=utf-8 date Mon, 01 May 2023 01:08:56 GMT etag W/"d24683eab735beaadd07b2ec060ce6d9" last-modified Fri, 28 Apr 2023 19:38:52 GMT server istio-envoy strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-id 5UdxjvshZ-_s5bP3ttQmwL_lHj22OWvmqhp-Utp1Q1LPOd0Tp3iwZw== x-amz-cf-pop JFK51-C1 x-amz-server-side-encryption AES256 x-amz-version-id Tj4_13N0iwCYRl75UDfc15zCZqfNJI.x x-cache RefreshHit from cloudfront x-envoy-upstream-service-time 20
GET H2	200	chat Show response js.driftt.com/core/ Frame 1961	2 KB 1 KB	59ms 41ms	Document text/html	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1682903400000/fd2h6g6rw8bb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash e2a0c716824375ab3b6ba3d71119d6ea8658ec6d3afbe6efa8e49b07cc1e858b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache content-encoding gzip content-type text/html; charset=utf-8 date Mon, 01 May 2023 01:08:56 GMT etag W/"d24683eab735beaadd07b2ec060ce6d9" last-modified Fri, 28 Apr 2023 19:38:52 GMT server istio-envoy strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-id 6WZgc3N2nzG1vw1pe--YnOoIaVJuZcw4ch5iHQ-fCq9LyUonbVYKew== x-amz-cf-pop JFK51-C1 x-amz-server-side-encryption AES256 x-amz-version-id Tj4_13N0iwCYRl75UDfc15zCZqfNJI.x x-cache RefreshHit from cloudfront x-envoy-upstream-service-time 28
GET H2	200	/ Show response match.adsrvr.org/track/upb/ Frame 8BEB Redirect Chain https://insight.adsrvr.org/track/up?adv=rshxraz&ref=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&upid=hpvhlc2&upv=1.1.0 https://match.adsrvr.org/track/upb/?adv=rshxraz&ref=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&upid=hpvhlc2&upv=1.1.0	953 B 1 KB	33ms 27ms	Document text/html	52.223.40.198 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://match.adsrvr.org/track/upb/?adv=rshxraz&ref=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&upid=hpvhlc2&upv=1.1.0 Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/up_loader.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.223.40.198 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash bfb2ddfa584b3a95ed21d3481fc3b86851a0a4b48b4632c14b2be6f43bd9ab7f Request headers Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers cache-control private,no-cache, must-revalidate content-type text/html; charset=utf-8 date Mon, 01 May 2023 01:08:56 GMT p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" pragma no-cache x-aspnet-version 4.0.30319 Redirect headers cache-control private,no-cache, must-revalidate content-type text/html; charset=utf-8 date Mon, 01 May 2023 01:08:56 GMT location https://match.adsrvr.org/track/upb/?adv=rshxraz&ref=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&upid=hpvhlc2&upv=1.1.0 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" pragma no-cache x-aspnet-version 4.0.30319
GET H3	200	collect www.google-analytics.com/	35 B 55 B	23ms 20ms	Image image/gif	2607:f8b0:4006:81e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j100&a=1084075091&t=event&ni=1&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&ul=en-us&de=UTF-8&dt=Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=undefined&ea=undefined&_u=aDDAAAABQAAAAG~&jid=&gjid=&cid=1413323575.1682903335&tid=UA-20141016-1&_gid=818301295.1682903335&gtm=45He34q0n71MFPB9D&cd2=1413323575.1682903335&z=1287240770 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:81e::200e New York, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers pragma no-cache date Sun, 30 Apr 2023 12:52:26 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 44190 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
POST H2	200	/ Show response www.facebook.com/tr/ Frame ABD4	0 66 B	23ms 19ms	Document text/plain	2a03:2880:f112:182:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://duo.com Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://duo.com alt-svc h3=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Mon, 01 May 2023 01:08:56 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET H/1.1	200 OK	ibs:dpid=30646 dpm.demdex.net/ Frame 3FE5 Redirect Chain https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=61617904982672855651209767816564786564&gdpr=0&gdpr_consent= https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-MjCLQwJE2pFweJElfcSx7rKFPjYKKStO3Zg-~A	42 B 943 B	106ms 94ms	Image image/gif	54.148.169.223 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-MjCLQwJE2pFweJElfcSx7rKFPjYKKStO3Zg-~A Protocol HTTP/1.1 Server 54.148.169.223 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-148-169-223.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://cisco.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers DCS dcs-prod-usw2-2-v044-0df8364e7.edge-usw2.demdex.com 11 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID 8rdX7ZnyTW0= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers date Mon, 01 May 2023 01:08:56 GMT strict-transport-security max-age=31536000 via http/1.1 spdc0104.pbp.bf1.yahoo.com (ApacheTrafficServer) server ATS age 0 content-type text/html;charset=utf-8 location https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-MjCLQwJE2pFweJElfcSx7rKFPjYKKStO3Zg-~A content-length 0
GET H2	200	runtime~main.288ca7cf.js Show response js.driftt.com/core/assets/js/ Frame 883C	6 KB 3 KB	69ms 66ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash a3986521f7e895cf3175098026f4471920366f5b3d3d1d0299a3c710a779e2ae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Origin https://js.driftt.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 19:38:51 GMT x-amz-version-id RlY44XUgIyFaw723OVFcTKdHmmxqiGSD content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 192605 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 43 last-modified Fri, 28 Apr 2023 19:33:24 GMT server istio-envoy etag W/"6d70ba943e02b1750bd44bdd0c539787" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id K3uM2MmXUtKTlqySrWaEqXJV8WRuoeZcmsziUHn7OKoU6ishNhjNgA==
GET H2	200	10.f16292bd.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	35 KB 13 KB	71ms 69ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/10.f16292bd.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 958a03c833d9116f7ab9a5ee503f7b0360b9291b268bfb77128a8f0e19238613 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Origin https://js.driftt.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 02 Apr 2023 10:15:05 GMT x-amz-version-id umDRh3UQS9dYpmKCPtw.RQIXsyWJwF9b content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2472831 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 20 last-modified Fri, 31 Mar 2023 03:20:36 GMT server istio-envoy etag W/"cdb5f42b656ab6b237aa50c24c0d8474" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id NXSTTV-Ns2Ef9FB5x68RkqOTlvV1H7ctl29QSm_ltFtzG0JMqtALtg==
GET H2	200	main~493df0b3.02edd878.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	7 KB 3 KB	73ms 71ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/main~493df0b3.02edd878.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 95245f488fc923a05392ac8ca5985ac00d44b0603ba7b987d103475181268d88 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds Origin https://js.driftt.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sat, 01 Apr 2023 17:08:38 GMT x-amz-version-id GeEu4y5ogkTLvG9nQWQR5SjDp.WHrJPZ content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2534418 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 74 last-modified Fri, 31 Mar 2023 03:20:40 GMT server istio-envoy etag W/"552f770e8c42c3e418dbe498f587a82e" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id e7LYarNLsga_BotoTQGKyUaY-wfQlpJ-9NAAwMILRgPZJHUkT0iRsA==
GET H2	200	runtime~main.288ca7cf.js Show response js.driftt.com/core/assets/js/ Frame 1961	6 KB 3 KB	65ms 63ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash a3986521f7e895cf3175098026f4471920366f5b3d3d1d0299a3c710a779e2ae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 Origin https://js.driftt.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 19:38:51 GMT x-amz-version-id RlY44XUgIyFaw723OVFcTKdHmmxqiGSD content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 192605 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 43 last-modified Fri, 28 Apr 2023 19:33:24 GMT server istio-envoy etag W/"6d70ba943e02b1750bd44bdd0c539787" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 5ntlUN7wXBSVKSyEG6c5LIPzieGo6SzlW43gy6Be4wln2hMJ4hmA1g==
GET H2	200	10.f16292bd.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	35 KB 13 KB	65ms 64ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/10.f16292bd.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 958a03c833d9116f7ab9a5ee503f7b0360b9291b268bfb77128a8f0e19238613 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 Origin https://js.driftt.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 02 Apr 2023 10:15:05 GMT x-amz-version-id umDRh3UQS9dYpmKCPtw.RQIXsyWJwF9b content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2472831 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 20 last-modified Fri, 31 Mar 2023 03:20:36 GMT server istio-envoy etag W/"cdb5f42b656ab6b237aa50c24c0d8474" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id VgKTPxqeH8qkTT5hC6yB1sUPtQ-fCP9AwOhgAzHi5i6hkB6MchAVNg==
GET H2	200	main~493df0b3.02edd878.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	7 KB 3 KB	68ms 67ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/main~493df0b3.02edd878.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 95245f488fc923a05392ac8ca5985ac00d44b0603ba7b987d103475181268d88 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 Origin https://js.driftt.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sat, 01 Apr 2023 17:08:38 GMT x-amz-version-id GeEu4y5ogkTLvG9nQWQR5SjDp.WHrJPZ content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2534418 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 74 last-modified Fri, 31 Mar 2023 03:20:40 GMT server istio-envoy etag W/"552f770e8c42c3e418dbe498f587a82e" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id Ska9o8mxLGiCDaHIoFazSYi7UTm0v-DZiWJd3cezb9pZfiSgzZXYeg==
GET H2	200	52.b1edaf4a.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	23 KB 8 KB	27ms 20ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sat, 04 Mar 2023 07:50:30 GMT x-amz-version-id Sn3EkueCHC_tRtPqOFFwTznveO4.Ubsv content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4987106 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 16 last-modified Fri, 03 Mar 2023 18:56:10 GMT server istio-envoy etag W/"cd29b9bc973e48a7fcd0ee7153bdf03b" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id b1aq9-tEIAX43aDrIsv6jasw2Hp-lIVSAcRNYfiQWcWpONtbEXm3jA==
GET H2	200	36.b49bf23f.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	36 KB 10 KB	29ms 21ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 08 Mar 2023 14:17:25 GMT x-amz-version-id MdGIvvi9YQ2J9_G5jz.yGOdFqcXwYS05 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4618291 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 28 last-modified Tue, 07 Mar 2023 18:47:39 GMT server istio-envoy etag W/"4ae92c53ef226eb2a201fc855ccb7835" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id he9PAxE5-jrkW_qt6AKm2uwi-8aYkttbMg7laCfsj_o3BSxT0xP9-Q==
GET H2	200	25.22647a55.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	32 KB 11 KB	30ms 23ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/25.22647a55.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 15 Mar 2023 06:56:04 GMT x-amz-version-id xQr6ANfVlQ8ZNn8hdXa_W5U6ZfwWeUA7 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4039972 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 32 last-modified Mon, 13 Mar 2023 18:41:51 GMT server istio-envoy etag W/"2ce6c446f71a395ff41647c9ba4b9c19" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id XgGESKvq1Z7WmsCmnz8nas7rRpmQOW4_nt5gEWLrH1isGXaymXqwpA==
GET H2	200	20.2ffef383.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	17 KB 6 KB	31ms 24ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 28 Feb 2023 07:50:00 GMT x-amz-version-id ybw1GI09u1lKCGavyikm1inUvvRdufu3 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 5332736 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 15 last-modified Mon, 27 Feb 2023 18:09:14 GMT server istio-envoy etag W/"ec6e94b6cea3a27506634867a8009ded" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 2TcB-ZV5lyV3GSmwAPo3Ezw2m7gbPnn_Zz2wxFygPIJQolbmBV2rrA==
GET H2	200	42.67956b13.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	25 KB 8 KB	32ms 26ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/42.67956b13.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 24 Mar 2023 13:57:30 GMT x-amz-version-id jad7ciYmD1.UhEFDgYSX13KMAlfo2TQd content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3237086 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 34 last-modified Wed, 22 Mar 2023 19:45:37 GMT server istio-envoy etag W/"d53cdfd4559700cfe085380882a8e897" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id h-y8cZomP_2M1IGPbfW6hCwP7oxDtha0fRUmtnBo7aPZgxLI1X5GJQ==
GET H2	200	21.b3438b1b.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	74 KB 23 KB	33ms 27ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/21.b3438b1b.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 24 Mar 2023 13:57:30 GMT x-amz-version-id eYkhGQjP40unMXdcN3HHYihjadR4802e content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3237086 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 86 last-modified Wed, 22 Mar 2023 19:45:36 GMT server istio-envoy etag W/"10e1bfa61646f14df045c581bc9410fd" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id gPkX11uyrAsmyxor-heuiJXXlYAOD2n9yXL9hSMNSUfMT4UOt_yZlA==
GET H2	200	27.3951aad8.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	66 KB 20 KB	36ms 30ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/27.3951aad8.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 04 Apr 2023 06:24:39 GMT x-amz-version-id aivTM5q4EqbjZyr6ZPDp3uMtkv8Qsctw content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2313857 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 38 last-modified Mon, 03 Apr 2023 20:09:54 GMT server istio-envoy etag W/"5b2b6d0508fe18c3efb6bcd6249fd4e1" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 5Y7-z56JfVgrZE1nKRzqHbfFWHq1-XlioNFEei3q00OwcOYvgjuaJA==
GET H2	200	15.699b0dc7.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	91 KB 28 KB	39ms 32ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 22 Mar 2023 16:27:21 GMT x-amz-version-id KF_bDZ.1exmwYIyY06clZwyCnDWvALFo content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3400895 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 81 last-modified Wed, 22 Mar 2023 14:57:52 GMT server istio-envoy etag W/"43d1442a9d30453da9eaeb12b9daafff" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 2nrGneLrwzC6g0uxzA0ZSLYHf_PyVPbTE-WZ6ov42l2vLiDDtmD6ZQ==
GET H2	200	12.d33926cb.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	23 KB 7 KB	41ms 35ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 03 Mar 2023 07:05:28 GMT x-amz-version-id 7gSekl93DRdHS1ssd38pWgXby3n2Vww2 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 5076208 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 27 last-modified Thu, 02 Mar 2023 19:44:20 GMT server istio-envoy etag W/"bdcb035523ec144399213aa65a8430ff" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id KKfsS1nkjVKU-RZtp02vKDDPbk74R0_8ttAwNwFLWLp0obo4iqmzAg==
GET H2	200	19.8e79a39a.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	62 KB 20 KB	43ms 38ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 12 Mar 2023 06:45:15 GMT x-amz-version-id sBgpDPg4E8n1uoNzBbNz7l_qusJlmRBu content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4299821 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 30 last-modified Thu, 09 Mar 2023 19:38:34 GMT server istio-envoy etag W/"c478a5bb4d7885e2b9250c6beeb4fd6d" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id LeEe3K3XuU4fIsp75Vbdc-TuJvxgnNypqJLL2e3lghGBR-eiKqOCEQ==
GET H2	200	50.de3b5864.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	105 KB 34 KB	46ms 40ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 21 Mar 2023 08:15:32 GMT x-amz-version-id .Jp3H9IwroEnQF4Gakvu11ViwJAtAJzd content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3516804 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 88 last-modified Mon, 20 Mar 2023 19:06:57 GMT server istio-envoy etag W/"114785899ceb423273fcc17aaad202e9" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id M8CqZTxDdSe6JFN1KiElU8VAipv8gKit8-ijBaqS7nCCX49TJETceg==
GET H2	200	41.a1867ad4.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	12 KB 4 KB	49ms 44ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Thu, 16 Mar 2023 07:20:09 GMT x-amz-version-id 5LomjhgUm7._fyzrQBTKl0XmRhJgm3pa content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3952127 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 45 last-modified Mon, 13 Mar 2023 18:41:51 GMT server istio-envoy etag W/"299dd262bf32831c99dc78a9c5b5ca43" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id BlDbRQRKqQFdywVIclJqHXZ5vhJG2unxW20uhKIevJFyqhtkh03CSQ==
GET H2	200	30.57dfb56c.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	13 KB 6 KB	50ms 45ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 20 Mar 2023 19:27:23 GMT x-amz-version-id KfFiV07Qwge7fnCeWZbfTMhDt2mAlVTi content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3562893 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 54 last-modified Mon, 20 Mar 2023 19:06:57 GMT server istio-envoy etag W/"b8addee34a5cd2241740a2e3094039b3" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id uK_PfTIWWm7L3_7zAh-W3eCN3Wy7P44S1TyOgt4fGP1z1o95ishCvw==
GET H2	200	22.4cb40074.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	17 KB 7 KB	51ms 46ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/22.4cb40074.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:40:20 GMT x-amz-version-id 7tFKkY8k35k4vJ09bMwXA3x5y_p.mEn4 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2226516 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 60 last-modified Tue, 04 Apr 2023 15:21:34 GMT server istio-envoy etag W/"6cf24f8ea74f43662c776ce6af09d469" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id Ba6j20oCP0n_w5fLb1y8K7d3V7NoxGyOkZ1IkVXuOfdUMjKr366O0w==
GET H2	200	9.b5c2854f.chunk.css js.driftt.com/core/assets/css/ Frame 883C	31 KB 4 KB	23ms 19ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 02 Apr 2023 09:08:37 GMT x-amz-version-id LhcyJeU2kFf26i1b16YWESXZ4pGeN9QF content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2476819 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 42 last-modified Wed, 29 Mar 2023 16:46:52 GMT server istio-envoy etag W/"9ef689f5d4cb5dab3b0e463418857c2f" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id k5moYO7geR7bnrgkrt4AoNHlu3ORM7Guhkzj4x_IlojPw5Z2VcxdhA==
GET H2	200	9.c3fb736e.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	80 KB 25 KB	52ms 47ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/9.c3fb736e.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 97835f51936631312648ce4198cd92c85beae9e09e3cdaff439c57ffccc5c5d5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Thu, 30 Mar 2023 20:10:33 GMT x-amz-version-id ky.11J_dzfrQl7TBwMrL03LxCIIayqY7 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2696303 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 69 last-modified Wed, 29 Mar 2023 16:46:56 GMT server istio-envoy etag W/"b4ca5f0ecc404e3c35769971c076a425" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id MWIh6eLW7cbIJgsp0LQXRPS1pqof3CM0uLB5-ifvN-GXT62KhwMNbQ==
GET H2	200	17.22abfce0.chunk.css js.driftt.com/core/assets/css/ Frame 883C	24 B 695 B	52ms 49ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 21 Mar 2023 11:02:43 GMT x-amz-version-id 9ti2s36gCLYUtp4L.4GakqTilGIjKEb5 via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop JFK51-C1 age 3506773 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 17 content-length 24 last-modified Mon, 20 Mar 2023 19:06:53 GMT server istio-envoy etag "0c5dad92482d9a7c7c253510f5082465" access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id jAuaYOAZtClHe48WjbRoOIcByixNA_aIWDJ_o-AWDVRLmY5APvSnqg==
GET H2	200	17.81f008ad.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	91 KB 23 KB	52ms 50ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/17.81f008ad.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash ae3f6024712196dff7272f57c522e4048826b484f7336a97cc3e7f6f00d2d443 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 18 Apr 2023 16:01:28 GMT x-amz-version-id pq2QZWEko7dMDbeq5q9U3.Qr6wYVodOo content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 1069648 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 140 last-modified Mon, 17 Apr 2023 18:50:41 GMT server istio-envoy etag W/"2c5463d20bb9c942f4cb26607893067b" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id C9jHP1aZE01B68PV5TdpaVcMfdVLejy9Yu_EYg657Hj2pouqF7Rh6Q==
GET H2	200	26.a55c1f38.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	50 KB 14 KB	52ms 51ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/26.a55c1f38.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 7616b033adbe366f235d70696b659f554051c0e578508896aab0ff5b169491db Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 19:38:51 GMT x-amz-version-id CLxBuTmXn3tjxxf_j0OncAOh499FdB3n content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 192605 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 30 last-modified Fri, 28 Apr 2023 19:33:22 GMT server istio-envoy etag W/"89bd8cf777e065fa7ca75d777c943155" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id q7i_6VOCQyJIKW0Bf7WmFt3BtWUI4-C03pptDzuugSL70rdRshkDUA==
GET H2	200	18.12d8d932.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	40 KB 13 KB	53ms 52ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/18.12d8d932.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 2ff2b9a5434137bda235f2847f5939dcd06977e5437ae82bfa197e00faabc6a9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 19:38:51 GMT x-amz-version-id 51lzaeDhcNerEWUeOM6e5tRXtG.B7lli content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 192605 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 40 last-modified Fri, 28 Apr 2023 19:33:21 GMT server istio-envoy etag W/"f8d07bd5dd786d7b8a311fde8e1e4859" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id kph0hGq7TRwnoxST6TNcuZx3gRf5LyktovOzlO1qS0NnusXGHrXqTA==
GET H2	204	usermatch.gif beacon.krxd.net/ Frame 3FE5 Redirect Chain https://usermatch.krxd.net/um/v2?partner=adobe&id=61617904982672855651209767816564786564 https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=61617904982672855651209767816564786564	0 338 B	77ms 24ms	Image text/plain	3.221.188.167 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=61617904982672855651209767816564786564 Protocol H2 Server 3.221.188.167 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-221-188-167.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-CA,en;q=0.9 Referer https://cisco.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-served-by beacon-n027-ash-prod.krxd.net date Mon, 01 May 2023 01:08:56 GMT cache-control private, no-cache, no-store x-request-time D=30 t=1682903336 p3p policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" Redirect headers location https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=61617904982672855651209767816564786564 date Mon, 01 May 2023 01:08:56 GMT x-cache-hits 0 x-age 0 content-length 0 x-cache MISS x-served-by usermatch-a002-ash-prod.krxd.net
GET H/1.1	200 OK	universal_pixel.1.1.0.js Show response js.adsrvr.org/ Frame 8BEB	487 B 986 B	19ms 17ms	Script application/x-javascript	143.204.138.162 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.adsrvr.org/universal_pixel.1.1.0.js Requested by Host: match.adsrvr.org URL: https://match.adsrvr.org/track/upb/?adv=rshxraz&ref=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&upid=hpvhlc2&upv=1.1.0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 143.204.138.162 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-138-162.ewr52.r.cloudfront.net Software AmazonS3 / Resource Hash f6d7e9dafd1ec463ecd0c6b20f170400dd15afe81c71dea50771550df2f83ffc Request headers accept-language en-CA,en;q=0.9 Referer https://match.adsrvr.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Sun, 30 Apr 2023 22:32:47 GMT Via 1.1 c855cfdfac580e3b58f1c68c8d67dcf6.cloudfront.net (CloudFront) Last-Modified Thu, 24 Sep 2020 15:15:32 GMT Server AmazonS3 X-Amz-Cf-Pop EWR52-C2 Age 9370 ETag "f0a7a3296da7382ce6bc1a3b6769e927" Vary Accept-Encoding X-Cache Hit from cloudfront Content-Type application/x-javascript Connection keep-alive Accept-Ranges bytes Content-Length 487 X-Amz-Cf-Id uWdhKL79LjD7dgi1siegPPqU2trKYzDpJJG2LNveUsIqdBMFKFUE1Q==
GET H2	200	52.b1edaf4a.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	23 KB 8 KB	18ms 18ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sat, 04 Mar 2023 07:50:30 GMT x-amz-version-id Sn3EkueCHC_tRtPqOFFwTznveO4.Ubsv content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4987106 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 16 last-modified Fri, 03 Mar 2023 18:56:10 GMT server istio-envoy etag W/"cd29b9bc973e48a7fcd0ee7153bdf03b" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id fe0ECjcbTVLVL9teo54iU9yfduoB7oMpHPGNrF8uaqtsisBZV53MWg==
GET H2	200	36.b49bf23f.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	36 KB 10 KB	20ms 19ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 08 Mar 2023 14:17:25 GMT x-amz-version-id MdGIvvi9YQ2J9_G5jz.yGOdFqcXwYS05 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4618291 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 28 last-modified Tue, 07 Mar 2023 18:47:39 GMT server istio-envoy etag W/"4ae92c53ef226eb2a201fc855ccb7835" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id gKnPx_NOE0uLbJm2Tmy9ZOeewMQg3RpuODoLxymelteBsPNYivPgfw==
GET H2	200	25.22647a55.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	32 KB 11 KB	21ms 21ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/25.22647a55.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 15 Mar 2023 06:56:04 GMT x-amz-version-id xQr6ANfVlQ8ZNn8hdXa_W5U6ZfwWeUA7 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4039972 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 32 last-modified Mon, 13 Mar 2023 18:41:51 GMT server istio-envoy etag W/"2ce6c446f71a395ff41647c9ba4b9c19" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id zmPuEc7Yobtc66oBnHvVHoEjS4BKDsY3sZLt646Se-OJpCFIWT7BIQ==
GET H2	200	20.2ffef383.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	17 KB 6 KB	22ms 21ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 28 Feb 2023 07:50:00 GMT x-amz-version-id ybw1GI09u1lKCGavyikm1inUvvRdufu3 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 5332736 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 15 last-modified Mon, 27 Feb 2023 18:09:14 GMT server istio-envoy etag W/"ec6e94b6cea3a27506634867a8009ded" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id cCeLjCoYnG9B3i3l8TC0EX0W5M3cqEncsG_fUmgnF0Q3x2F_4ZHUvg==
GET H2	200	42.67956b13.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	25 KB 8 KB	23ms 22ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/42.67956b13.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 24 Mar 2023 13:57:30 GMT x-amz-version-id jad7ciYmD1.UhEFDgYSX13KMAlfo2TQd content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3237086 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 34 last-modified Wed, 22 Mar 2023 19:45:37 GMT server istio-envoy etag W/"d53cdfd4559700cfe085380882a8e897" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id xUAJJ51W711zv4DOeOUPNnoD6fmqgyoMUiDebJ7OucCELvC_8TWUQA==
GET H2	200	21.b3438b1b.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	74 KB 23 KB	24ms 21ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/21.b3438b1b.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 24 Mar 2023 13:57:30 GMT x-amz-version-id eYkhGQjP40unMXdcN3HHYihjadR4802e content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3237086 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 86 last-modified Wed, 22 Mar 2023 19:45:36 GMT server istio-envoy etag W/"10e1bfa61646f14df045c581bc9410fd" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id jvGX_6_vBl6w7IF4SR536yag00pN7AhFvge0WvSdb1gpaN5SuXYNCA==
GET H2	200	27.3951aad8.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	66 KB 20 KB	25ms 20ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/27.3951aad8.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 04 Apr 2023 06:24:39 GMT x-amz-version-id aivTM5q4EqbjZyr6ZPDp3uMtkv8Qsctw content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2313857 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 38 last-modified Mon, 03 Apr 2023 20:09:54 GMT server istio-envoy etag W/"5b2b6d0508fe18c3efb6bcd6249fd4e1" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 2zBFEOSVVTNfF1PBCj9ZaSGfo4UUem8bHFwlXbALAVYf1icOnkArYg==
GET H2	200	15.699b0dc7.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	91 KB 28 KB	27ms 23ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 22 Mar 2023 16:27:21 GMT x-amz-version-id KF_bDZ.1exmwYIyY06clZwyCnDWvALFo content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3400895 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 81 last-modified Wed, 22 Mar 2023 14:57:52 GMT server istio-envoy etag W/"43d1442a9d30453da9eaeb12b9daafff" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id Mg7cj9ScEALRBfaeFv67HHo3CUFdyB25f6BZCkwYRpdTcZV1RXG_kw==
GET H2	200	12.d33926cb.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	23 KB 7 KB	29ms 24ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 03 Mar 2023 07:05:28 GMT x-amz-version-id 7gSekl93DRdHS1ssd38pWgXby3n2Vww2 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 5076208 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 27 last-modified Thu, 02 Mar 2023 19:44:20 GMT server istio-envoy etag W/"bdcb035523ec144399213aa65a8430ff" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id WS577R2nbD44_W8dPZDh1X7x-aN1ng0R2UI4pEq8hM4zCD3N7pFnGw==
GET H2	200	19.8e79a39a.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	62 KB 20 KB	30ms 26ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 12 Mar 2023 06:45:15 GMT x-amz-version-id sBgpDPg4E8n1uoNzBbNz7l_qusJlmRBu content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4299821 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 30 last-modified Thu, 09 Mar 2023 19:38:34 GMT server istio-envoy etag W/"c478a5bb4d7885e2b9250c6beeb4fd6d" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id tmPj4ZWPkpW6DcRS1pSG3GiLHXj5Or0gRfWpIyNcpvle7Q3WZkIm5Q==
GET H2	200	50.de3b5864.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	105 KB 34 KB	31ms 27ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 21 Mar 2023 08:15:32 GMT x-amz-version-id .Jp3H9IwroEnQF4Gakvu11ViwJAtAJzd content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3516804 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 88 last-modified Mon, 20 Mar 2023 19:06:57 GMT server istio-envoy etag W/"114785899ceb423273fcc17aaad202e9" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id kTDSoxy2HbNFmeRb8mUIF6e-7x5jxYZDYjoCaVA3TTJ47twdPBfF5g==
GET H2	200	41.a1867ad4.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	12 KB 4 KB	33ms 29ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Thu, 16 Mar 2023 07:20:09 GMT x-amz-version-id 5LomjhgUm7._fyzrQBTKl0XmRhJgm3pa content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3952127 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 45 last-modified Mon, 13 Mar 2023 18:41:51 GMT server istio-envoy etag W/"299dd262bf32831c99dc78a9c5b5ca43" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id c0RlBXMDMn7pziLy8Uk6xe6OqaA5-jhYpsTfzGwPy_1-DB9glrNwyw==
GET H2	200	30.57dfb56c.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	13 KB 6 KB	34ms 30ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 20 Mar 2023 19:27:23 GMT x-amz-version-id KfFiV07Qwge7fnCeWZbfTMhDt2mAlVTi content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3562893 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 54 last-modified Mon, 20 Mar 2023 19:06:57 GMT server istio-envoy etag W/"b8addee34a5cd2241740a2e3094039b3" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id z8eq03yJ5KUBpKg6U4z2-fkPIbKLArxBMyjdlNR-derAGOyTvZg9uw==
GET H2	200	22.4cb40074.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	17 KB 7 KB	36ms 32ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/22.4cb40074.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:40:20 GMT x-amz-version-id 7tFKkY8k35k4vJ09bMwXA3x5y_p.mEn4 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2226516 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 60 last-modified Tue, 04 Apr 2023 15:21:34 GMT server istio-envoy etag W/"6cf24f8ea74f43662c776ce6af09d469" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id hUVoAo-EXa2hc4F3G6Iom-MqluGhkRvx0T9o6qrantM78j6Of5iBxQ==
GET H2	200	9.b5c2854f.chunk.css js.driftt.com/core/assets/css/ Frame 1961	31 KB 4 KB	34ms 31ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 02 Apr 2023 09:08:37 GMT x-amz-version-id LhcyJeU2kFf26i1b16YWESXZ4pGeN9QF content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2476819 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 42 last-modified Wed, 29 Mar 2023 16:46:52 GMT server istio-envoy etag W/"9ef689f5d4cb5dab3b0e463418857c2f" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id QiFpEPszIQIULut4Byq7gLg7ggrAYN4LFGuBWT9jiEaTFZarcCQIlw==
GET H2	200	9.c3fb736e.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	80 KB 25 KB	36ms 33ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/9.c3fb736e.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 97835f51936631312648ce4198cd92c85beae9e09e3cdaff439c57ffccc5c5d5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Thu, 30 Mar 2023 20:10:33 GMT x-amz-version-id ky.11J_dzfrQl7TBwMrL03LxCIIayqY7 content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2696303 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 69 last-modified Wed, 29 Mar 2023 16:46:56 GMT server istio-envoy etag W/"b4ca5f0ecc404e3c35769971c076a425" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 6zqBwRCHIdDpI-o5U5iji3Xh5sufgZcXVdrb64L7emOTdjnGseVYUw==
GET H2	200	17.22abfce0.chunk.css js.driftt.com/core/assets/css/ Frame 1961	24 B 697 B	34ms 31ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 21 Mar 2023 11:02:43 GMT x-amz-version-id 9ti2s36gCLYUtp4L.4GakqTilGIjKEb5 via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop JFK51-C1 age 3506773 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 17 content-length 24 last-modified Mon, 20 Mar 2023 19:06:53 GMT server istio-envoy etag "0c5dad92482d9a7c7c253510f5082465" access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id Rkr1xR6wVlRWLN4l9rFH0OEClOA3Ebfk7QwFVTYRSgcZSOKHCCT3vw==
GET H2	200	17.81f008ad.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	91 KB 23 KB	36ms 34ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/17.81f008ad.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash ae3f6024712196dff7272f57c522e4048826b484f7336a97cc3e7f6f00d2d443 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 18 Apr 2023 16:01:28 GMT x-amz-version-id pq2QZWEko7dMDbeq5q9U3.Qr6wYVodOo content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 1069648 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 140 last-modified Mon, 17 Apr 2023 18:50:41 GMT server istio-envoy etag W/"2c5463d20bb9c942f4cb26607893067b" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id JCxzyYKWEvGNxVeRKnDR9cSKOXj62vWQvJQ30PZx9YGCa6TYli1QRg==
GET H2	200	26.a55c1f38.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	50 KB 14 KB	37ms 35ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/26.a55c1f38.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 7616b033adbe366f235d70696b659f554051c0e578508896aab0ff5b169491db Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 19:38:51 GMT x-amz-version-id CLxBuTmXn3tjxxf_j0OncAOh499FdB3n content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 192605 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 30 last-modified Fri, 28 Apr 2023 19:33:22 GMT server istio-envoy etag W/"89bd8cf777e065fa7ca75d777c943155" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id JRFD40mch8Wih6mYbQCDMiGc4xmtZtqq-tp5Y4wp2Of4Wu5XqTA_OQ==
GET H2	200	18.12d8d932.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	40 KB 13 KB	38ms 36ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/18.12d8d932.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 2ff2b9a5434137bda235f2847f5939dcd06977e5437ae82bfa197e00faabc6a9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 19:38:51 GMT x-amz-version-id 51lzaeDhcNerEWUeOM6e5tRXtG.B7lli content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 192605 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 40 last-modified Fri, 28 Apr 2023 19:33:21 GMT server istio-envoy etag W/"f8d07bd5dd786d7b8a311fde8e1e4859" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id WDvkFkVWirtfcuhpaMAlEOENaO0TzcutKgt6v8duBjafG2CEloTYMg==
GET H2	200	0.0b2ebd4a.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	9 KB 3 KB	20ms 19ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 29 Mar 2023 13:00:26 GMT x-amz-version-id KvqHsSugExbr72yVkbDLy5PpQDT2ioCd content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2808510 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 57 last-modified Tue, 28 Mar 2023 20:42:56 GMT server istio-envoy etag W/"c5efcdc9e465604f32cf24af10fd6c13" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 5IAgKd711tGmB5Pnl0-IJHz0gD4daUmx5hGZLnmRTdT-Ayz6xYHiug==
GET H2	200	28.01a0fe87.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	35 KB 35 KB	22ms 21ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/28.01a0fe87.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Thu, 02 Mar 2023 20:22:49 GMT x-amz-version-id neSopBF0zHVZ2Zs8icGDQEPMBXWE9Dni via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop JFK51-C1 age 5114767 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 63 content-length 35483 last-modified Thu, 02 Mar 2023 19:44:21 GMT server istio-envoy etag "0ad089f0617a0fa8014a23c2afa90ddd" access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id FZaAQab29ZZVeRFkhnyAXtGMns4RLEjxIBlQT0O2V6ueB6o_fufVLg==
GET H2	200	29.9bf46b67.chunk.css js.driftt.com/core/assets/css/ Frame 883C	8 KB 2 KB	21ms 20ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/29.9bf46b67.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 21 Mar 2023 11:02:44 GMT x-amz-version-id UFE22JlREJuiBg.jVL7yG7vdjdjU5pnT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3506772 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 39 last-modified Mon, 20 Mar 2023 19:06:53 GMT server istio-envoy etag W/"4f21faf2ba450e5fcdf7eda90813e185" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id NiNYTNiMdkoDKMqhrF_wKc1HCKJxpqNoG6DoJCx5NkW_kfz40bL2og==
GET H2	200	29.98c2b316.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	14 KB 6 KB	23ms 22ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/29.98c2b316.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash c6b2815294e64eb3d9e30955673ae3b60a486ae5b7dfcc7e48c0e2a4fe7301de Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 27 Mar 2023 18:08:56 GMT x-amz-version-id aizM0H1Fdw3zzppb3P2Ok7x7JUMOS1IQ content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2962800 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 52 last-modified Mon, 27 Mar 2023 17:53:25 GMT server istio-envoy etag W/"6526b5009cc642f706e7156982e7429b" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id xIzEdXwKirg6TmkdtR-icdROiMKNRI5HCTic4DqtcN-MqrRimAfDtg==
GET H2	200	23.c695453b.chunk.css js.driftt.com/core/assets/css/ Frame 883C	365 B 1 KB	22ms 21ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/23.c695453b.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 29 Mar 2023 15:11:29 GMT x-amz-version-id 7vZxo7ymCEpTMOiGbASq140o6O_xaOt7 via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop JFK51-C1 age 2800647 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 37 content-length 365 last-modified Mon, 27 Mar 2023 17:53:22 GMT server istio-envoy etag "06b2963b029c0824382815165bfea73e" access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id hVklpsdXLSYVGMoRKw-z2G6ojQhVr6n_nBf1epeDqqmY2D7-VLSjbA==
GET H2	200	23.ed4e6d8f.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	91 KB 25 KB	24ms 23ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/23.ed4e6d8f.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 7c4cddc44e59d49ccbfdaf1b57cca9884b74ee1710671c7d9fa974e3fae6f507 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 26 Apr 2023 16:38:37 GMT x-amz-version-id xN70QZOgyKQKNnP0o5N59vnLWimajx0E content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 376219 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 53 last-modified Wed, 26 Apr 2023 15:35:22 GMT server istio-envoy etag W/"697b9f051ece7b5f2c5dbe85f673b6cd" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id bnI5LcFBTSq8ifj6ehMSo3ya87uLiGKedGywJdFqIKMq0LQlqNso9w==
GET H2	200	google Show response match.adsrvr.org/track/cmf/ Frame 450D Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=M2Y3Y2QwNTUtMTAwZi00ZmRiLTkzYTktMDkyYzQ0YTE2Y2Q2&gdpr=0&gdpr_consent=&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c4... https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6&google_gid=CAESECsW1NZmthHuB_likLoVKVI&google_cver=1	70 B 587 B	25ms 25ms	Document image/gif	52.223.40.198 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6&google_gid=CAESECsW1NZmthHuB_likLoVKVI&google_cver=1 Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/universal_pixel.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.223.40.198 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers Referer https://match.adsrvr.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers cache-control private,no-cache, must-revalidate content-length 70 content-type image/gif date Mon, 01 May 2023 01:08:56 GMT p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" pragma no-cache x-aspnet-version 4.0.30319 Redirect headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-length 386 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Mon, 01 May 2023 01:08:56 GMT expires Fri, 01 Jan 1990 00:00:00 GMT location https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6&google_gid=CAESECsW1NZmthHuB_likLoVKVI&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" pragma no-cache server HTTP server (unknown) x-xss-protection 0
GET H2	200	appnexus Show response match.adsrvr.org/track/cmf/ Frame C3F4 Redirect Chain https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6 https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D3f7cd055-100f-4fdb-93a9-092c44a16cd6 https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1033618079951120501&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6	70 B 588 B	25ms 24ms	Document image/gif	52.223.40.198 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1033618079951120501&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6 Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/universal_pixel.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.223.40.198 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers Referer https://match.adsrvr.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers cache-control private,no-cache, must-revalidate content-length 70 content-type image/gif date Mon, 01 May 2023 01:08:56 GMT p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" pragma no-cache x-aspnet-version 4.0.30319 Redirect headers AN-X-Request-Uuid 7310d7a5-ed5b-4bf0-a5f7-d330eb9df33d Accept-CH Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Access-Control-Allow-Credentials true Access-Control-Allow-Origin * Cache-Control no-store, no-cache, private Connection keep-alive Content-Length 0 Content-Type text/html; charset=utf-8 Date Mon, 01 May 2023 01:08:56 GMT Expires Sat, 15 Nov 2008 16:00:00 GMT Location https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1033618079951120501&ttd_tdid=3f7cd055-100f-4fdb-93a9-092c44a16cd6 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Pragma no-cache Server nginx/1.21.3 X-Proxy-Origin 149.56.153.187; 149.56.153.187; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com X-XSS-Protection 0
GET H2	200	rubicon Show response match.adsrvr.org/track/cmf/ Frame B133 Redirect Chain https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3f7cd055-100f-4fdb-93a9-092c44a16cd6&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon https://match.adsrvr.org/track/cmf/rubicon?gdpr=0	70 B 587 B	25ms 24ms	Document image/gif	52.223.40.198 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/universal_pixel.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.223.40.198 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers Referer https://match.adsrvr.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers cache-control private,no-cache, must-revalidate content-length 70 content-type image/gif date Mon, 01 May 2023 01:08:56 GMT p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" pragma no-cache x-aspnet-version 4.0.30319 Redirect headers Cache-Control no-cache,no-store,must-revalidate Content-Type text/html Expires 0 Location https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Pragma no-cache X-RPHost af308bb17a856a105b8c87aaae7d7f8c content-length 0
GET H2	200	38.11d2b6a7.chunk.css js.driftt.com/core/assets/css/ Frame 1961	3 KB 1 KB	20ms 19ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/38.11d2b6a7.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 12 Mar 2023 06:45:16 GMT x-amz-version-id P3aycBysthgmcENcPayqohBO44enSkZR content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4299820 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 25 last-modified Thu, 09 Mar 2023 19:38:32 GMT server istio-envoy etag W/"87532c4db85f1429fa6d759bc3332f36" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id liS1Tg2OggQ0ERd9Qn13s5p25Qal7Zv7LGrBQjhUs3A6p9sEdsGs-w==
GET H2	200	38.2c907ce3.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	3 KB 2 KB	21ms 20ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/38.2c907ce3.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 0c07bf805e857013386ec7ea2d26911aed5c827ee90e71a94188553c6d8ef337 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Thu, 09 Mar 2023 16:46:57 GMT x-amz-version-id UxCT8aDYj_hNgM93MexUSctwVxa1i.5F content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 4522919 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 21 last-modified Thu, 09 Mar 2023 16:34:01 GMT server istio-envoy etag W/"ad63bf20f878fb64a363281ee85aa567" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id ekpp1PpQM82f-g9Q_NELrFiZF_V-VjYKWJInUjk6-pxzJdV7VQQtNA==
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	113ms 113ms	Image image/gif	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=cd7ca9cd-c117-499b-8dff-71c99216e192&session=9614ad9b-685d-4730-89a8-3d714ac24782&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A55%20GMT%22%2C%22timeSpent%22%3A%221006%22%2C%22totalTimeSpent%22%3A%221006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Attackers%20planted%20a%20compromised%20update%20for%20the%20SolarWinds%20Orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&pageViewId=11071bdb-efd5-44b4-89e9-1f5ebfc115f7 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:56 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	0.0b2ebd4a.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	9 KB 3 KB	18ms 18ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 29 Mar 2023 13:00:26 GMT x-amz-version-id KvqHsSugExbr72yVkbDLy5PpQDT2ioCd content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2808510 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 57 last-modified Tue, 28 Mar 2023 20:42:56 GMT server istio-envoy etag W/"c5efcdc9e465604f32cf24af10fd6c13" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id gOCmB4CwkctrqQZZlBQN6AdA7S6mLIfD0vKs6eULQPOPQHnVjBWAvA==
GET H2	200	3.07aa08a5.chunk.css js.driftt.com/core/assets/css/ Frame 1961	7 KB 2 KB	19ms 17ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 19 Mar 2023 21:49:44 GMT x-amz-version-id Q2PqwaAGurDGgY8YzFfQs2Uv742NLD.g content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3640752 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 31 last-modified Fri, 17 Mar 2023 17:38:15 GMT server istio-envoy etag W/"189aeffd571884559dababa22c66d75a" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id HqGs-FAdM5lBTQtssGwaDB672faziCwP81R2MZ1zpsferpDZSfvvSQ==
GET H2	200	3.f50b964b.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	54 KB 15 KB	23ms 20ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 24 Mar 2023 13:57:30 GMT x-amz-version-id Y8UJ84CmfvTL1vvwN0fzWZBCq4eSl45h content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3237086 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 41 last-modified Wed, 22 Mar 2023 19:45:37 GMT server istio-envoy etag W/"1ac37bf2b93050f29058b66a9ad43e10" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id qUg_xed7IOrAvcdDHyQlFF5Bjcr1zqTEgbfH5NxwSIcM3hnbObvoPA==
GET H2	200	1.02a6af84.chunk.css js.driftt.com/core/assets/css/ Frame 1961	44 KB 7 KB	20ms 18ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/1.02a6af84.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Tue, 04 Apr 2023 09:15:37 GMT x-amz-version-id nJZ6zADpWV11YakUyza533NKRNONyBtw content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2303599 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 31 last-modified Mon, 03 Apr 2023 20:09:51 GMT server istio-envoy etag W/"295093fc512c5e44a90c3c28242de8ae" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id txvIakGfYSKZ5WqTryHwNJXmLFf9CGg4OmBNWUdE0y3usVxQGtK5SA==
GET H2	200	1.dd688aaf.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	53 KB 17 KB	23ms 21ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/1.dd688aaf.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash d3ed94b69049a6046b0472b87a4d1be0a1c9482c9edc3793bf72714c82c7ce0c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 05 Apr 2023 20:29:52 GMT x-amz-version-id EYuyMkYTdV6Sz.Tu3e2Qz8Z_YPV77rIe content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2176744 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 34 last-modified Wed, 05 Apr 2023 19:06:48 GMT server istio-envoy etag W/"456df11dba646f06e80bbae67a65aad8" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id BSdvwxJDXI39Uzmk10swwRSyxhfx24_cOkPcD50Q3TX1I7quE6WdYA==
GET H2	200	4.b4477698.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	23 KB 10 KB	24ms 22ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/4.b4477698.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Wed, 05 Apr 2023 20:29:52 GMT x-amz-version-id 0s5HvDu7I8ZUWeiRZtf_7BJNbUsVlUik content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2176744 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 34 last-modified Wed, 05 Apr 2023 19:06:49 GMT server istio-envoy etag W/"ec2b0368f8359c0e46e2bfb9cf8e79ef" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id NTLCQ-ri0tkMrQVauvbo0mQZsWekUePSVq3I6wc-ZUnhCNC1BNp5Sg==
GET H2	200	35.a3318c5e.chunk.css js.driftt.com/core/assets/css/ Frame 1961	14 KB 3 KB	20ms 19ms	Stylesheet text/css	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/css/35.a3318c5e.chunk.css Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 17 Mar 2023 13:11:06 GMT x-amz-version-id .Qx9Y0gU9g3o.rVP1g.ErQa6wXaiIqXc content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 3844670 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 67 last-modified Mon, 13 Mar 2023 18:41:48 GMT server istio-envoy etag W/"b06e02b360914b25e58305b1b9b954dc" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type text/css access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id C_vay2iTg5csWQXhIb6tlX-RFFBeaMDld_Ep0jl98YygZL-KqvqLBg==
GET H2	200	35.46d29dea.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	12 KB 5 KB	24ms 23ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/35.46d29dea.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 2693e158a319fe2c6576e7fdd76ad78ca5e0235cce4418503e5fee2e7426b2d0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 19:38:51 GMT x-amz-version-id xuvYWNeKM10RQbhB8D3mlc4N6CStBtYA content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 192605 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 40 last-modified Fri, 28 Apr 2023 19:33:22 GMT server istio-envoy etag W/"8195467360aaef75c927565e2e787326" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id STJwrt59RyKKZgeqf0jR5GVdTCPp1OOkNuc7HRYXB34nlWZU9K2OYQ==
POST H2	200	v2 Show response bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 883C	147 B 588 B	120ms 34ms	XHR application/json	34.193.113.164 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://bootstrap.api.drift.com/widget_bootstrap/ping/v2 Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-193-113-164.compute-1.amazonaws.com Software istio-envoy / Resource Hash 0b7b38390ed37478d212f2fd7f08af0e09a0e91bf3ac287b7338c82db945fb47 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept application/json, text/plain, */* Referer https://js.driftt.com/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Mon, 01 May 2023 01:08:56 GMT strict-transport-security max-age=31536000; includeSubDomains server istio-envoy requestid 288a5eb8c3505169 access-control-max-age 1209600 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH content-type application/json;charset=utf-8 access-control-allow-origin * access-control-expose-headers X-Results-Total-Count,X-Page-Info vary Accept-Encoding access-control-allow-credentials true x-envoy-upstream-service-time 9 access-control-allow-headers origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version content-length 147
POST H2	200	v3 Show response metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 883C	25 B 89 B	44ms 36ms	XHR application/json	34.193.113.164 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://metrics.api.drift.com/monitoring/metrics/widget/init/v3 Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-193-113-164.compute-1.amazonaws.com Software istio-envoy / Resource Hash f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept application/json, text/plain, */* Referer https://js.driftt.com/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Mon, 01 May 2023 01:08:56 GMT strict-transport-security max-age=31536000; includeSubDomains server istio-envoy requestid 4db8460d8bd3e70b access-control-max-age 1209600 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH content-type application/json;charset=utf-8 access-control-allow-origin * access-control-expose-headers X-Results-Total-Count,X-Page-Info vary Accept-Encoding access-control-allow-credentials true x-envoy-upstream-service-time 12 access-control-allow-headers origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version content-length 25
POST H2	200	widget_bootstrap Show response bootstrap.api.drift.com/ Frame 883C	20 KB 6 KB	301ms 300ms	XHR application/json	34.193.113.164 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://bootstrap.api.drift.com/widget_bootstrap Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-193-113-164.compute-1.amazonaws.com Software istio-envoy / Resource Hash 83e1b0ff1bdf5a0616e428f998d9343c06082a232847398197ae5e5c4ac172ba Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept application/json, text/plain, */* Referer https://js.driftt.com/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Mon, 01 May 2023 01:08:56 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip server istio-envoy requestid 93d8dd299fffa493 access-control-max-age 1209600 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH content-type application/json;charset=utf-8 access-control-allow-origin * access-control-expose-headers X-Results-Total-Count,X-Page-Info vary Accept-Encoding access-control-allow-credentials true x-envoy-upstream-service-time 276 access-control-allow-headers origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
POST H2	200	track Show response event.api.drift.com/ Frame 883C	684 B 743 B	26ms 25ms	XHR application/json	34.193.113.164 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://event.api.drift.com/track Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-193-113-164.compute-1.amazonaws.com Software istio-envoy / Resource Hash c7b98c307eddf0286041270d8bbcb183a9375d17f6a2520b0a4b5d774c8ba315 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept application/json, text/plain, */* Referer https://js.driftt.com/ accept-language en-CA,en;q=0.9 Authorization Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODEwMzgzMjA3MiIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyMjg3NzMiLCJleHAiOjE3MTQ1MjU3MzYsImlhdCI6MTY4MjkwMzMzNn0.wT8ZUpi_BbCWmGV6IJJNf-sE6YpuLRCBfQZhtPFOPHeiyfJhBc1aSDVLwKdjfdyReRiGveWSpMKufwV3FK5xgA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type application/json Response headers date Mon, 01 May 2023 01:08:57 GMT strict-transport-security max-age=31536000; includeSubDomains server istio-envoy requestid e10d20cc46c30531 access-control-max-age 1209600 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH content-type application/json;charset=utf-8 access-control-allow-origin * access-control-expose-headers X-Results-Total-Count,X-Page-Info access-control-allow-credentials true x-envoy-upstream-service-time 1 access-control-allow-headers origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version content-length 684
OPTIONS H2	200	track event.api.drift.com/ Frame	0 0	38ms 29ms	Preflight text/plain	34.193.113.164 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://event.api.drift.com/track Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-193-113-164.compute-1.amazonaws.com Software istio-envoy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://js.driftt.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH access-control-allow-origin * access-control-expose-headers X-Results-Total-Count,X-Page-Info access-control-max-age 1209600 allow POST,OPTIONS content-length 13 content-type text/plain date Mon, 01 May 2023 01:08:57 GMT requestid drift612f9404ef0913251fc8ae09e59 server istio-envoy strict-transport-security max-age=31536000; includeSubDomains x-envoy-upstream-service-time 1
GET H2	200	58.377a2854.chunk.js Show response js.driftt.com/core/assets/js/ Frame 883C	18 KB 7 KB	19ms 19ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/58.377a2854.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 130688f16399fc1980b2900037a220bc182f4b0c320621dc7d70ec721514765e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core?d=1&embedId=fd2h6g6rw8bb&eId=fd2h6g6rw8bb&region=US&forceShow=false&skipCampaigns=false&sessionId=d40e0447-160b-43bc-9db7-14cceb5cf760&sessionStarted=1682903336.15&campaignRefreshToken=eedd774f-bd2a-4236-bbf3-b5150e321928&hideController=false&pageLoadStartTime=1682903334361&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 02 Apr 2023 10:15:05 GMT x-amz-version-id k5uZ.9PW.JvNHCZ_RpRIj6kuYFtHIceG content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2472832 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 33 last-modified Fri, 31 Mar 2023 03:20:38 GMT server istio-envoy etag W/"33f417d96bdfff4c4e2ac5468c815f07" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 7n1PQKam_DvhIoSuRwATQPCDWB6jWe2d5pfqd5obGovV5Rk41mxU9w==
GET H2	200	58.377a2854.chunk.js Show response js.driftt.com/core/assets/js/ Frame 1961	18 KB 7 KB	21ms 17ms	Script application/javascript	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/assets/js/58.377a2854.chunk.js Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash 130688f16399fc1980b2900037a220bc182f4b0c320621dc7d70ec721514765e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-CA,en;q=0.9 Referer https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1682903334361 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sun, 02 Apr 2023 10:15:05 GMT x-amz-version-id k5uZ.9PW.JvNHCZ_RpRIj6kuYFtHIceG content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 2472832 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 33 last-modified Fri, 31 Mar 2023 03:20:38 GMT server istio-envoy etag W/"33f417d96bdfff4c4e2ac5468c815f07" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 3Ka9hRWigKjhXqKKQ0HfNfN0QBIk09HA4PMepL-2O4N7EQufkwWW3A==
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2 js.driftt.com/deploy/assets/static/fonts/ Frame 883C	38 KB 39 KB	19ms 19ms	Font font/woff2	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2 Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css Origin https://js.driftt.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 03 Mar 2023 19:44:27 GMT strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 5030670 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 77 content-length 39372 last-modified Fri, 03 Mar 2023 16:21:38 GMT server istio-envoy etag "40b6965b5cd26213faf61e5ab6765bb9" access-control-allow-methods GET, POST, OPTIONS content-type application/font-woff2,font/woff2 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id l8Iyr-wx5tP6jsYk8_00eIB4-ghHGJWIMf9U5e7a1qVkH4t1XIGfEg==
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2 js.driftt.com/deploy/assets/static/fonts/ Frame 1961	38 KB 39 KB	18ms 18ms	Font font/woff2	13.225.223.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2 Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-48.jfk51.r.cloudfront.net Software istio-envoy / Resource Hash fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css Origin https://js.driftt.com accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 03 Mar 2023 19:44:27 GMT strict-transport-security max-age=31536000; includeSubDomains via 1.1 027e28c3e3bc8e973485de11ace0dd5c.cloudfront.net (CloudFront) x-amz-cf-pop JFK51-C1 age 5030670 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 77 content-length 39372 last-modified Fri, 03 Mar 2023 16:21:38 GMT server istio-envoy etag "40b6965b5cd26213faf61e5ab6765bb9" access-control-allow-methods GET, POST, OPTIONS content-type application/font-woff2,font/woff2 access-control-allow-origin * cache-control max-age=31536000 access-control-allow-credentials true accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id LfNYEbq-VrqZvzIa-uFwJY0epeuV0Yo_vtQMNAG8Gii7iM4rx4jImg==
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	49ms 48ms	Image image/gif	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=cd7ca9cd-c117-499b-8dff-71c99216e192&session=9614ad9b-685d-4730-89a8-3d714ac24782&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A56%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Attackers%20planted%20a%20compromised%20update%20for%20the%20SolarWinds%20Orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&pageViewId=11071bdb-efd5-44b4-89e9-1f5ebfc115f7 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:57 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	40ms 40ms	Image image/gif	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=cd7ca9cd-c117-499b-8dff-71c99216e192&session=9614ad9b-685d-4730-89a8-3d714ac24782&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A57%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223009%22%7D&isIframe=false&m=%7B%22description%22%3A%22Attackers%20planted%20a%20compromised%20update%20for%20the%20SolarWinds%20Orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&pageViewId=11071bdb-efd5-44b4-89e9-1f5ebfc115f7 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:58 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	bulk Show response metrics.api.drift.com/monitoring/metrics/event3/ Frame 883C	25 B 111 B	43ms 42ms	XHR application/json	34.193.113.164 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://metrics.api.drift.com/monitoring/metrics/event3/bulk Requested by Host: js.driftt.com URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-193-113-164.compute-1.amazonaws.com Software istio-envoy / Resource Hash f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept application/json, text/plain, */* Referer https://js.driftt.com/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Mon, 01 May 2023 01:08:59 GMT strict-transport-security max-age=31536000; includeSubDomains server istio-envoy requestid 7bf0c20e07f274e5 access-control-max-age 1209600 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH content-type application/json;charset=utf-8 access-control-allow-origin * access-control-expose-headers X-Results-Total-Count,X-Page-Info vary Accept-Encoding access-control-allow-credentials true x-envoy-upstream-service-time 18 access-control-allow-headers origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version content-length 25
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 494 B	39ms 39ms	Image image/gif	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=cd7ca9cd-c117-499b-8dff-71c99216e192&session=9614ad9b-685d-4730-89a8-3d714ac24782&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A58%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224010%22%7D&isIframe=false&m=%7B%22description%22%3A%22Attackers%20planted%20a%20compromised%20update%20for%20the%20SolarWinds%20Orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&pageViewId=11071bdb-efd5-44b4-89e9-1f5ebfc115f7 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:08:59 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 494 B	38ms 38ms	Image image/gif	104.126.116.10 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=cd7ca9cd-c117-499b-8dff-71c99216e192&session=9614ad9b-685d-4730-89a8-3d714ac24782&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A09%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2001%20May%202023%2001%3A08%3A59%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225011%22%7D&isIframe=false&m=%7B%22description%22%3A%22Attackers%20planted%20a%20compromised%20update%20for%20the%20SolarWinds%20Orion%20platform%2C%20leading%20to%20a%20cyber%20espionage%20campaign%20that%20hit%20many%20companies%20and%20government%20agencies.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Broad%20Cyber%20Espionage%20Campaign%20Follows%20Supply%20Chain%20Attack%20on%20SolarWinds%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fbroad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds&pageViewId=11071bdb-efd5-44b4-89e9-1f5ebfc115f7 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.126.116.10 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-126-116-10.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://duo.com/decipher/broad-cyber-espionage-campaign-follows-supply-chain-attack-on-solarwinds User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 01:09:00 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 02:04:22 GMT server nginx/1.14.0 (Ubuntu) etag "63f03226-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT