redcanary.com Open in urlscan Pro
104.198.136.223  Public Scan

27 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

• https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID HTTP 302
• https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID HTTP 307
• https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dredcanary.com%2526pId%253d%2524UID HTTP 302
• https://attr.ml-api.io/?domain=redcanary.com&pId=8993297579676123140

Request Chain 43

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1540753%26time%3D1711453520979%26li_adsId%3D7340c482-7e0b-447c-a406-fcc387ca9c6d%26url%3Dhttps%253A%252F%252Fredcanary.com%252Fthreat-detection-report%252Ftechniques%252Fmark-of-the-web-bypass%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&cookiesTest=true&liSync=true&e_ipv6=AQIvmDr_smn6xgAAAY56lEZ58wNdYgfy6nxkVpGdeRqeI7qfW6o9cWTHMi_ekQaB22wT62yB

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/	343 KB 61 KB	516ms 257ms	Document text/html	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / WP Engine Resource Hash 007d6febaa1003fea664e36b547e13032ab5dcf0edcf7fe74f67c48cb164ea36 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control max-age=600, must-revalidate content-encoding br content-security-policy upgrade-insecure-requests content-type text/html; charset=UTF-8 date Tue, 26 Mar 2024 11:45:20 GMT feature-policy microphone 'none'; geolocation 'none' link <https://redcanary.com/?p=33650>; rel=shortlink referrer-policy strict-origin-when-cross-origin server nginx strict-transport-security "max-age=63072000; includeSubDomains; preload"; vary Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding x-cache HIT: 8 x-cache-group normal x-cacheable SHORT x-content-type-options nosniff x-frame-options deny x-permitted-cross-domain-policies master-only x-powered-by WP Engine x-xss-protection 1; mode=block
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.1/	88 KB 31 KB	126ms 38ms	Script text/javascript	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 07:47:00 GMT content-encoding gzip x-content-type-options nosniff age 14300 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31100 x-xss-protection 0 last-modified Thu, 08 Sep 2022 18:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Wed, 26 Mar 2025 07:47:00 GMT
GET H2	200	forms2.min.js Show response resource.redcanary.com/js/forms2/js/	199 KB 67 KB	129ms 36ms	Script application/x-javascript	104.17.73.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://resource.redcanary.com/js/forms2/js/forms2.min.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b9649e0e9e5790f8d6b5e69aa4ff9969e8f7d72a84f8501ff9379078005124d8 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Tue, 05 Mar 2024 19:24:48 GMT server cloudflare age 6630 etag "33420d9-31af8-612eecb9f6000" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 86a6e4d7887971c4-FRA expires Tue, 26 Mar 2024 15:45:20 GMT
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	50ms 8ms	Script application/x-javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67D4) / Resource Hash 669e893d0a591a1115f4422736cae04efc5d05c317cb7c23de0125adddf761db Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSub last-modified Fri, 22 Mar 2024 00:22:58 GMT server ECS (frb/67D4) age 52388 etag "6c217c17ef7bda1:0" vary Accept-Encoding x-cache HIT content-type application/x-javascript cache-control max-age=86400 accept-ranges bytes content-length 25393
GET H2	200	qualified.js Show response js.qualified.com/	655 KB 159 KB	496ms 452ms	Script text/javascript	2606:4700::6812:1005 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.qualified.com/qualified.js?token=bAEbi2aHVysBKzuy Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6b0539f2281d00f59190feb48a9f5e51d3b3c7c7f3e8f4225b7be10fb60a0140 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-encoding gzip via 1.1 spaces-router (devel) strict-transport-security max-age=63072000; includeSubDomains cf-cache-status MISS x-content-type-options nosniff x-permitted-cross-domain-policies none x-xss-protection 1; mode=block x-request-id 0138be97-e6cd-f49e-b4af-6db69283de73 pragma no-cache x-runtime 0.025573 referrer-policy strict-origin-when-cross-origin server cloudflare etag W/"6b0539f2281d00f59190feb48a9f5e51" x-download-options noopen vary Accept,Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control public, max-age=14400 cf-ray 86a6e4d87d469bb9-FRA expires Tue, 26 Mar 2024 15:45:21 GMT
GET H3	200	highlight.min.js Show response cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/	130 KB 33 KB	51ms 31ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/highlight.min.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d2f545bb226e5bcc1d50af37b345d245dce63bc07aaeba2243e0f1ea87b2dcb9 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 201731 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 33250 last-modified Mon, 08 Feb 2021 15:10:43 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "60215473-20801" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ewiUb30kR7NXN1tO3tDFWhETCBqjeKihL5XpLkjgYTPnFV9VkFsodFUqCtgmPf8axfD6Isz8F%2BEaGHNCI21rQnBJckXARmXwTe%2BQKczplaXa55kTWa2D7INQUsG0uPEFHSiZs%2F8%2B"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 86a6e4d7cece910c-FRA expires Sun, 16 Mar 2025 11:45:20 GMT
GET H/1.1	200 OK	teknkl-formsplus-1.0.5.js Show response s3-us-west-2.amazonaws.com/s.cdpn.io/250687/	41 KB 41 KB	537ms 183ms	Script application/x-js	52.218.221.128 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s3-us-west-2.amazonaws.com/s.cdpn.io/250687/teknkl-formsplus-1.0.5.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.218.221.128 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2.amazonaws.com Software AmazonS3 / Resource Hash 731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 26 Mar 2024 11:45:22 GMT x-amz-version-id OjXdZ5iYdmgpgEuq0ftytCBc_PO35ThO Last-Modified Thu, 26 Apr 2018 08:20:46 GMT Server AmazonS3 x-amz-request-id PND3HA9X21N3WG05 ETag "bab0c2b3523f8244564b675fe34db610" Content-Type application/x-js Cache-Control public Accept-Ranges bytes Content-Length 41617 x-amz-id-2 EKnBuJCZOFvF+iPIv3IRYapAkc6qQcx9vjHf9FPF/zBYgXZnbL3gjoqzQEIAnWMzP4p6F+z7L8M=
GET H2	200	autoptimize_7656531523331c3a1a75c80a2079530c.js Show response redcanary.com/wp-content/cache/autoptimize/js/	294 KB 84 KB	134ms 133ms	Script application/javascript	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/cache/autoptimize/js/autoptimize_7656531523331c3a1a75c80a2079530c.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash b15af634d5bab399198b33d3fc2655e06bb8b3128b5e47749f7cd7937341b34a Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 13 Mar 2024 14:17:56 GMT server nginx etag W/"65f1b594-49897" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	38ms 8ms	Script application/x-javascript	88.221.60.75 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 88.221.60.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a88-221-60-75.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 26 Mar 2024 11:45:20 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	gtm.js Show response www.googletagmanager.com/	326 KB 107 KB	152ms 57ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash c2461b802c5d0253692680abc39572981c7306f589d5908339b5fb4b2081c3e2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 108657 x-xss-protection 0 last-modified Tue, 26 Mar 2024 09:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 26 Mar 2024 11:45:20 GMT
GET H2	200	css fonts.googleapis.com/	7 KB 1 KB	150ms 48ms	Stylesheet text/css	2a00:1450:4001:803::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,500,700&display=swap Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2400a36b6ad539bf01612df2f0ae253d0928fcdd2e966b299af7e84111216651 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Tue, 26 Mar 2024 11:45:20 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 26 Mar 2024 11:45:20 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 26 Mar 2024 11:45:20 GMT
GET H2	200	autoptimize_6f971801869df4eb1d949860592a1b82.css redcanary.com/wp-content/cache/autoptimize/css/	5 MB 252 KB	254ms 254ms	Stylesheet text/css	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 643d20b97a95561c69361ab8b30347f9fddc6d70e41247669fbc67c8170ca5f0 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 13 Mar 2024 14:17:55 GMT server nginx etag W/"65f1b593-53f73a" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=31536000
GET H3	200	default.min.css cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/styles/	763 B 859 B	24ms 24ms	Stylesheet text/css	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/styles/default.min.css Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3cc36c64ef86bed21592653daac82fd7e4c364c32c8344336aa13f7dbf52c90 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 23560 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 271 last-modified Mon, 08 Feb 2021 15:10:43 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "60215473-2fb" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFsVAr%2BMifX1mqhOHMoRTuPCpuJf0AZ%2F94ASOLXzZgWUsHm1Lo%2FMnAGsCUWzoW3IZO8QDwn3myQGPRhWOWhhDJ%2BHBvGj%2F%2BASq7cjgh204EaDuWAV4UepI7Wb3YTrsj5gdeeDzpXn"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 86a6e4d83f31910c-FRA expires Sun, 16 Mar 2025 11:45:20 GMT
GET DATA	200 OK	truncated /	64 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	65 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9edb5c5ef600768db6e8ee027853f2c6f8ab34f615b495faaf114579f8de2e22 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	2OaXmeYBJ0hcTmS3kxjJOx open.spotify.com/embed/track/ Frame C0C5	0 0	138ms 74ms	Document text/html	2a02:26f0:3500:4::b818:4da1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://open.spotify.com/embed/track/2OaXmeYBJ0hcTmS3kxjJOx?si=0a73eee1312147eb&utm_source=oembed Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:4::b818:4da1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=86400 X-Content-Type-Options nosniff Request headers Referer https://redcanary.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=93600 cache-control private, no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-length 3954 content-type text/html; charset=utf-8 critical-origin-trial Tpcd date Tue, 26 Mar 2024 11:45:20 GMT etag "tfntfgakns8d4" origin-trial AjTBCzHiqtNU3PxD6GL8VpVl68/SfxkZJuLQbbyvSNj6/o9VuhZ5EPb/2dTYqi+Mot0AD6XOHBeIatAwEt4lAQcAAABOeyJvcmlnaW4iOiJodHRwczovL29wZW4uc3BvdGlmeS5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTl9 strict-transport-security max-age=86400 vary Accept-Encoding x-content-type-options nosniff x-envoy-upstream-service-time 33
GET H2	200	CanarySans-Text-700.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	23 KB 23 KB	240ms 240ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Text-700.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 2920a21f3d5f1c34cc38823f2c4422d1a0d23cba63233e5e8c382852aa7ada7c Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:25 GMT server nginx etag "65f06305-5acc" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 23244
GET H2	200	CanarySans-Text-400.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	23 KB 23 KB	240ms 240ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Text-400.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 9a5b8f66f586ce4d9566503535595800d6d4c8b6e1651ab8b2fbf8f02819ef42 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:23 GMT server nginx etag "65f06303-5a48" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 23112
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 50f56ffcd1de32ee77d7e5318ca930efd4499de8de67fd9a4bd88752156b2357 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6c4eb73013535fee0ddbe5ca50b9a258b8dffc4489c6ff1913ed47641a68f369 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	bullet-square.svg redcanary.com/wp-content/themes/redcanary/assets/img/	443 B 616 B	205ms 205ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/bullet-square.svg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 6217f642930c0d2411329fb00cf9a7e2e138a98f56eece6e82b3a7359f20cb11 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 23 Aug 2021 16:46:07 GMT server nginx etag W/"6123d0cf-1bb" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ac17f47544ece7e11e91ee98e926de953ed5d1fcc8b9f55aa000d4ea19010e2c Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fc870b745fe4f0f28892633f04fd39b61953a784b7a536a9cb55d647075b2872 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	67 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6e0408f7fbaf5216b577287b7654be1388d933b9b41dbd95dc733d5b5020f67a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	12ms 9ms	Script application/x-javascript	88.221.60.75 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 88.221.60.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a88-221-60-75.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 26 Mar 2024 11:45:20 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Thu, 04 Jul 2024 11:45:20 GMT
POST H/1.1	200 OK	visitWebPage 003-yru-314.mktoresp.com/webevents/	2 B 318 B	1418ms 177ms	Ping text/plain	192.28.147.68 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://003-yru-314.mktoresp.com/webevents/visitWebPage?_mchNc=1711453520772&_mchCn=&_mchId=003-YRU-314&_mchTk=_mch-redcanary.com-1711453520771-19318&_mchHo=redcanary.com&_mchPo=&_mchRu=%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.28.147.68 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx/1.20.1 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 26 Mar 2024 11:45:22 GMT Content-Encoding gzip Server nginx/1.20.1 Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id 9fcee0ad-056a-4230-8745-b6dbca1f68f0
GET H2	200	css fonts.googleapis.com/	7 KB 821 B	45ms 45ms	Stylesheet text/css	2a00:1450:4001:803::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,500,700&display=swap Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2400a36b6ad539bf01612df2f0ae253d0928fcdd2e966b299af7e84111216651 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Tue, 26 Mar 2024 11:45:20 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 26 Mar 2024 11:45:20 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 26 Mar 2024 11:45:20 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v22/	15 KB 15 KB	125ms 41ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,500,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://fonts.googleapis.com/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 07:44:09 GMT x-content-type-options nosniff age 14471 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14892 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 26 Mar 2025 07:44:09 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v22/	14 KB 15 KB	158ms 79ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,500,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c3de27b2cbd6deda629c9b442700cf54c0dda74e494b1c75a57d822068a047f8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://fonts.googleapis.com/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 03:37:51 GMT x-content-type-options nosniff age 29249 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14780 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:58 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 26 Mar 2025 03:37:51 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v22/	14 KB 14 KB	135ms 56ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,500,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://fonts.googleapis.com/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 07:44:18 GMT x-content-type-options nosniff age 14462 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14712 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:57 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 26 Mar 2025 07:44:18 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	326 KB 103 KB	59ms 58ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-T3K4MTNQJN&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash c4a60e5ddaa3ca4a84322084baa256a1e3c7a0410650ba7e370110574533d73c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 104995 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 26 Mar 2024 11:45:20 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	34ms 7ms	Script application/javascript	146.75.120.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding gzip last-modified Fri, 22 Mar 2024 21:07:24 GMT x-amz-server-side-encryption AES256 etag "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15412 x-served-by cache-iad-kcgs7200068-IAD, cache-fra-etou8220100-FRA
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	48 KB 17 KB	36ms 10ms	Script application/javascript	2a02:26f0:3500:16::215:148d AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 11 Mar 2024 16:03:53 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=79594 accept-ranges bytes content-length 17224
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	28 KB 9 KB	30ms 8ms	Script application/javascript	2a04:4e42:200::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Thu, 15 Feb 2024 20:38:48 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "9a680c8c475d8bba600d4d87b4fa7ee5" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 8702
GET H2	200	destination Show response www.googletagmanager.com/gtag/	221 KB 79 KB	54ms 54ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-759876114&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8c4b722caee7534c09001c8e85d37d6e13813bd1d6ee4d3dd9c7a2a3641b3d40 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 80587 x-xss-protection 0 last-modified Tue, 26 Mar 2024 09:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 26 Mar 2024 11:45:20 GMT
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	59ms 37ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Tue, 26 Mar 2024 11:45:20 GMT last-modified Thu, 29 Feb 2024 19:58:06 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 88053DD2F5A84175B7979D4D58383750 Ref B: FRAEDGE1422 Ref C: 2024-03-26T11:45:20Z etag "01b4e9c496bda1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13261
GET H2	200	9416.js Show response script.crazyegg.com/pages/scripts/0096/	6 KB 2 KB	64ms 33ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/scripts/0096/9416.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 67c51092df1baf612753a19d7089012ae55b7cdcf4b8d172ce39902eec659e7b Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:20 GMT content-encoding gzip cf-cache-status HIT age 1848 cf-polished origSize=6112 ce-version 11.5.195 cf-bgj minify last-modified Tue, 26 Mar 2024 11:14:32 GMT server cloudflare vary Accept-Encoding content-type text/javascript access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 timing-allow-origin * cf-ray 86a6e4da0e239c0c-FRA
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	216 KB 58 KB	25ms 8ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 4e049bbdc40b8d2e87194216781b7ad54cdb528be6686225e510468c056facb0 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 26 Mar 2024 11:45:20 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 57659 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=6, rtx=0, c=12, mss=1326, tbw=2774, tp=-1, tpl=-1, uplat=0, ullat=-1 pragma public x-fb-debug tSrIKXavVhgPgT6JfQ9gWjMqRzZuGJQ4q6VmPwnUkIur+4rkA3HWss1yMPTud4B1L7UyxKqrbemvhh9GpmnsJQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ attr.ml-api.io/ Redirect Chain https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dredcanary.com%2526pId%253d%2524UID https://attr.ml-api.io/?domain=redcanary.com&pId=8993297579676123140	0 235 B	381ms 155ms	Image application/json	2600:9000:2670:600:12:3734:2a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://attr.ml-api.io/?domain=redcanary.com&pId=8993297579676123140 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Server 2600:9000:2670:600:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers date Tue, 26 Mar 2024 11:45:21 GMT via 1.1 f0393fc6725f4d719cff14263a50d286.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P9 x-cache Miss from cloudfront content-type application/json x-amz-cf-id Y_USn6jRVxelMW25uHG7K91aKAdB6OI7224KBX7oX4QHu3d2sWoWEA== content-length 0 apigw-requestid VPFE0j5pIAMEJOg= Redirect headers pragma no-cache date Tue, 26 Mar 2024 11:45:21 GMT an-x-request-uuid 760d4d06-ca42-4f3b-8e49-623d2f2f0a0e server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://attr.ml-api.io/?domain=redcanary.com&pId=8993297579676123140 x-proxy-origin 185.213.155.134; 185.213.155.134; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	t2_5kac730w_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 700 B	42ms 26ms	XHR application/json	2a04:4e42:200::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_5kac730w_telemetry Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-encoding gzip via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} server snooserv vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/json access-control-allow-origin * cache-control max-age=300 accept-ranges bytes content-length 98
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	54ms 25ms	Image image/gif	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1711453520971&id=t2_5kac730w&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=5a6d921a-1876-4d50-b49d-e1ccf07124b3&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=800&sw=600&v=rdt_c9439d84&dpm=&dpcc=&dprc= Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H2	200	adsct t.co/i/	43 B 379 B	226ms 186ms	Image image/gif	104.244.42.5 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=057c7ab2-c460-4875-96a6-5ebb6d13e238&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=17fa98a0-5a8a-4065-b66e-8c13c2142d28&tw_document_href=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o015g&type=javascript&version=2.3.30 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.5 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-response-time 174 date Tue, 26 Mar 2024 11:45:20 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id c631191609a10129 cache-control no-cache, no-store, max-age=0 perf 7469935968 x-connection-hash 89b9b4d65857c9876a9b2f807bf5b9d8edf673a1f34777bf46f36548e7b84720 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 394 B	162ms 122ms	Image image/gif	104.244.42.131 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=057c7ab2-c460-4875-96a6-5ebb6d13e238&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=17fa98a0-5a8a-4065-b66e-8c13c2142d28&tw_document_href=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o015g&type=javascript&version=2.3.30 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.131 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-response-time 109 date Tue, 26 Mar 2024 11:45:20 GMT strict-transport-security max-age=631138519 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id ba09ae6b221e9690 cache-control no-cache, no-store, max-age=0 perf 7469935968 x-connection-hash 5f835da7818bc4ab032b2f7f84d9b367651ef3824bb60265249602415986ab31 content-length 43
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2F... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2F... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1540753%26time%3D1711453520979%26li_adsId%3D7340c482-7e0b-447c-a406-fcc387ca9c6d%... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2F... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2...	0 263 B	202ms 118ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&cookiesTest=true&liSync=true&e_ipv6=AQIvmDr_smn6xgAAAY56lEZ58wNdYgfy6nxkVpGdeRqeI7qfW6o9cWTHMi_ekQaB22wT62yB Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers date Tue, 26 Mar 2024 11:45:21 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 898CE0C463194A6495E1A7222A61BF10 Ref B: FRAEDGE1516 Ref C: 2024-03-26T11:45:21Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAYUjtM2yTiOtr4AqHuT/w== Redirect headers date Tue, 26 Mar 2024 11:45:21 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: C91EA37422334E5492FC791E7315B386 Ref B: FRAEDGE2019 Ref C: 2024-03-26T11:45:21Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1711453520979&li_adsId=7340c482-7e0b-447c-a406-fcc387ca9c6d&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&cookiesTest=true&liSync=true&e_ipv6=AQIvmDr_smn6xgAAAY56lEZ58wNdYgfy6nxkVpGdeRqeI7qfW6o9cWTHMi_ekQaB22wT62yB x-li-proto http/2 content-length 0 x-li-uuid AAYUjtMzKJDNC1nR9/Ocbw==
GET H2	200	1042590016249604 Show response connect.facebook.net/signals/config/	54 KB 11 KB	135ms 134ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1042590016249604?v=2.9.150&r=stable&domain=redcanary.com&hme=8b8eb2472f555e54a8b57f2b720f9bd3b1bc6aed031525376dd772ba51107995&ex_m=63%2C107%2C95%2C99%2C54%2C3%2C89%2C62%2C14%2C87%2C80%2C45%2C47%2C153%2C156%2C167%2C163%2C164%2C166%2C26%2C90%2C46%2C69%2C165%2C148%2C151%2C160%2C161%2C168%2C116%2C13%2C44%2C172%2C171%2C118%2C16%2C30%2C33%2C1%2C37%2C58%2C59%2C60%2C64%2C84%2C15%2C12%2C86%2C83%2C82%2C96%2C98%2C32%2C97%2C27%2C23%2C149%2C152%2C125%2C25%2C9%2C10%2C11%2C5%2C6%2C22%2C19%2C20%2C50%2C55%2C57%2C67%2C91%2C24%2C68%2C8%2C7%2C72%2C42%2C18%2C93%2C92%2C17%2C74%2C79%2C41%2C40%2C78%2C34%2C36%2C77%2C49%2C75%2C29%2C38%2C66%2C0%2C85%2C4%2C81%2C73%2C76%2C2%2C31%2C56%2C35%2C94%2C39%2C71%2C61%2C100%2C53%2C52%2C28%2C88%2C51%2C48%2C43%2C70%2C65%2C21%2C101 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 0713f090918bacc0996b6982ad6a19b1ebf5381b428d61d7db825c22655379f2 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 26 Mar 2024 11:45:21 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=14, rtx=0, c=63, mss=1326, tbw=62785, tp=-1, tpl=-1, uplat=127, ullat=0 pragma public x-fb-debug iGbNSIee4GUALbtzEwCCNQhn+OYjSHD4teKuZsTfVCJFkcaBC17SWkyMJ0BLZQJzvD+y1BHCBukfd6Eg3BWLsw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	204	56383426.js Show response bat.bing.com/p/action/	0 116 B	37ms 37ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/56383426.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Tue, 26 Mar 2024 11:45:20 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 341421816EBE4B519F02398D7F3DB9F3 Ref B: FRAEDGE1422 Ref C: 2024-03-26T11:45:20Z x-cache CONFIG_NOCACHE
POST H2	204	collect region1.analytics.google.com/g/	0 252 B	66ms 20ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-T3K4MTNQJN&gtm=45je43p0v874113835z8813277038za200&_p=1711453520658&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=174042477.1711453521&ul=en-us&sr=800x600&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.58%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.58&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&_s=1&sid=1711453521&sct=1&seg=0&dl=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&dt=Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1154 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-T3K4MTNQJN&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:21 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 243 B	67ms 20ms	Ping text/plain	2a00:1450:400c:c1d::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-T3K4MTNQJN&cid=174042477.1711453521&gtm=45je43p0v874113835z8813277038za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-T3K4MTNQJN&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c1d::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:21 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	136ms 61ms	Image image/gif	142.250.185.227 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-T3K4MTNQJN&cid=174042477.1711453521&gtm=45je43p0v874113835z8813277038za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1470229594 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.227 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:21 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 273 B	27ms 7ms	Image text/plain	2a03:2880:f177:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1042590016249604&ev=PageView&dl=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&rl=&if=false&ts=1711453521142&sw=800&sh=600&v=2.9.150&r=stable&ec=0&o=4126&fbp=fb.1.1711453521139.884933586&ler=empty&cdl=API_unavailable&it=1711453520988&coo=false&rqm=GET Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1326, tbw=2766, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Tue, 26 Mar 2024 11:45:21 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	autoptimize_6f971801869df4eb1d949860592a1b82.css redcanary.com/wp-content/cache/autoptimize/css/	5 MB 252 KB	134ms 134ms	Stylesheet text/css	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 643d20b97a95561c69361ab8b30347f9fddc6d70e41247669fbc67c8170ca5f0 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 13 Mar 2024 14:17:55 GMT server nginx etag W/"65f1b593-53f73a" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	redcanary.com.json Show response script.crazyegg.com/pages/data-scripts/0096/9416/site/	5 KB 2 KB	69ms 48ms	XHR application/json	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0096/9416/site/redcanary.com.json?t=1 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6fd9a330a61e75b98bb8e967ccb718208e6336711c15366598ac712c99d99e48 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-encoding gzip cf-cache-status HIT age 1848 ce-version 11.5.195 content-length 1935 last-modified Tue, 26 Mar 2024 11:14:33 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 86a6e4dc8cd15d44-FRA
GET H2	200	ipv cdn.bizible.com/	43 B 328 B	8ms 7ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-417244810&_biz_u=49c446a64576405da0611d5f917c09b7&_biz_l=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&_biz_t=1711453520765&_biz_i=Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report&_biz_n=0&a=redcanary.com&rnd=808276&cdn_o=a&_biz_z=1711453521358 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67BA) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:21 GMT strict-transport-security max-age=31536000; includeSub last-modified Mon, 25 Mar 2024 02:02:34 GMT server ECS (frb/67BA) age 121367 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	u cdn.bizibly.com/	43 B 203 B	17ms 7ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=49c446a64576405da0611d5f917c09b7&_biz_l=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&_biz_t=1711453521360&_biz_i=Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report&a=redcanary.com&rnd=785419&cdn_o=a&_biz_z=1711453521360 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6752) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:21 GMT strict-transport-security max-age=31536000; includeSub last-modified Mon, 25 Mar 2024 02:02:29 GMT server ECS (frb/6752) age 121372 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	f3744a5e-342b-429c-9d2c-2c1b7b45310a.js Show response j.6sc.co/j/	5 KB 5 KB	636ms 412ms	Script application/javascript	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/j/f3744a5e-342b-429c-9d2c-2c1b7b45310a.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 805ce4322a9be88ec58266cf40c95f62920aadea2a0d00f6ddeda8f82df66b09 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id ZP_GnDytUL9NRU7xM5CP6PgfirMXR58J date Tue, 26 Mar 2024 11:45:22 GMT x-amz-cf-pop FRA60-P8 x-amz-server-side-encryption AES256 x-amz-meta-content-type application/json content-length 4827 pragma no-cache last-modified Thu, 15 Feb 2024 19:15:51 GMT server AmazonS3 etag "e32c5c81f0cda4121d7ac50a6fa46548" vary Accept-Encoding content-type application/javascript cache-control max-age=0, no-cache, no-store accept-ranges bytes x-amz-cf-id V1kDpxneg6uTfud9WaWGizttMtRshkNlV7VxvsH17ESIs2lX3dpjMg== expires Tue, 26 Mar 2024 11:45:22 GMT
GET H2	200	48b755942b6c8e4721f048f3e49b8c1f.js Show response script.crazyegg.com/pages/versioned/common-scripts/	94 KB 31 KB	22ms 22ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/common-scripts/48b755942b6c8e4721f048f3e49b8c1f.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1fadf4b3a72004ad1d5e89ed7b3b63a5f1eb25a0b228c046da150aa1e749bad Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-encoding gzip cf-cache-status HIT last-modified Tue, 05 Mar 2024 18:24:51 GMT server cloudflare age 77098 vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes timing-allow-origin * cf-ray 86a6e4dd49549c0c-FRA content-length 31384
GET H2	204	0 bat.bing.com/action/	0 285 B	35ms 35ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=56383426&tm=gtm002&Ver=2&mid=d11464c5-0966-439b-b516-99dd1c322c14&sid=537bbdf0eb6611eea8541d56cf58763c&vid=537bc700eb6611ee86ea590e24344c4d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=800&sh=600&sc=24&tl=Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report&p=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&r=&lt=1528&evt=pageLoad&sv=1&rn=73419 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Tue, 26 Mar 2024 11:45:20 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: ACF5096DB330440C87DCF0EDCBEB51EA Ref B: FRAEDGE1422 Ref C: 2024-03-26T11:45:21Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	xdc.js Show response cdn.bizible.com/	116 B 326 B	117ms 116ms	Script text/javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=49c446a64576405da0611d5f917c09b7&_biz_h=-417244810&cdn_o=a&jsVer=4.24.03.21&a=redcanary.com Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6711) / Resource Hash 4762fdfad6d2533471e8ed1b134bd42056c7511875709e898a6c460d4e300b69 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSub server ECS (frb/6711) etag DDB4AFE9 vary Accept-Encoding p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 content-length 219
GET H2	200	spotify-logo-black-8-01.svg redcanary.com/wp-content/uploads/2021/03/	898 B 819 B	125ms 125ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2021/03/spotify-logo-black-8-01.svg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 24a9979fff20ad59cba9b4a38af6fba8903c482fa2c390e2f0e82c97a649da98 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 29 Mar 2021 15:22:29 GMT server nginx etag W/"6061f0b5-382" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	TDR-Logo.png redcanary.com/wp-content/uploads/2024/03/	8 KB 8 KB	201ms 199ms	Image image/png	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2024/03/TDR-Logo.png Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash e1c5157c6cfbec259cef0bdee5539dbcfef552d637bdff0de9c5e16bb138193e Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 11 Mar 2024 16:56:40 GMT server nginx etag "65ef37c8-208e" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 8334
GET H2	200	CanarySans-Display-400.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	23 KB 23 KB	133ms 132ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Display-400.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash c8794253f4669bc181f3401651637f6a14f68ea3ffd1bd18a8e46abaac6308ac Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:16 GMT server nginx etag "65f062fc-5b10" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 23312
GET H2	200	tdr-sidenav-grain.png redcanary.com/wp-content/themes/redcanary/assets/img/	230 KB 231 KB	130ms 130ms	Image image/png	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/tdr-sidenav-grain.png Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 3cf023f65b0756bbd15808ea4464febb7dde19426a49c5ea03555010b9a01813 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 19:10:27 GMT server nginx etag "65f0a8a3-3998b" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 235915
GET H2	200	tdr-search-icon.svg redcanary.com/wp-content/themes/redcanary/assets/img/	773 B 726 B	250ms 250ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/tdr-search-icon.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 7bb26544c7c0d00e118860dc125c1bc943201bca5cf780804370732b39210d38 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:32 GMT server nginx etag W/"64187eac-305" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	tdr-hero-canaries.png redcanary.com/wp-content/themes/redcanary/assets/img/	10 KB 10 KB	250ms 250ms	Image image/png	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/tdr-hero-canaries.png Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 7481436346ad777435fe494e87a3d7fa9dc1251ab9a024d5305a90fcc0b44f8c Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:31 GMT server nginx etag "64187eab-27ad" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 10157
GET H2	200	topic-hero.jpg redcanary.com/wp-content/themes/redcanary/assets/img/	244 KB 245 KB	132ms 132ms	Image image/jpeg	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/topic-hero.jpg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 36975a27509bf92a53016181456a48ff34220ab524329a013bd2fa486ab19048 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 27 Feb 2019 15:51:15 GMT server nginx etag "5c76b1f3-3d141" vary Accept-Encoding content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 250177
GET H2	200	CanarySans-Text-700.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	23 KB 23 KB	249ms 249ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Text-700.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 2920a21f3d5f1c34cc38823f2c4422d1a0d23cba63233e5e8c382852aa7ada7c Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:25 GMT server nginx etag "65f06305-5acc" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 23244
GET H2	200	CanarySans-Display-700.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	23 KB 23 KB	133ms 133ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Display-700.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash df064dd6edad0cdc26f0a3abc83b8d5d5b173a41d6b88d8d242823055da2124d Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:18 GMT server nginx etag "65f062fe-5b1c" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 23324
GET H2	200	CanarySans-Display-300.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	23 KB 23 KB	134ms 134ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Display-300.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 52ce30c1ca4a370f850fadf51868d1792a6e6a81f9488f67b993cc7d2921d187 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:15 GMT server nginx etag "65f062fb-5acc" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 23244
GET H2	200	graphic-soundwave.svg redcanary.com/wp-content/themes/redcanary/assets/img/	3 KB 798 B	251ms 251ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/graphic-soundwave.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 1d3d9de6db687e8b9bf3aa08f565dc2db8743147acce6904bf762b7ff56dbf09 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:29 GMT server nginx etag W/"64187ea9-abb" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	icon-spotify.svg redcanary.com/wp-content/themes/redcanary/assets/img/	2 KB 1 KB	253ms 252ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/icon-spotify.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 5a67c844a08bb049379474c28891b836a26d673555f882dd5717beeabf42200f Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:30 GMT server nginx etag W/"64187eaa-653" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	CanarySans-Text-400.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	23 KB 23 KB	253ms 251ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Text-400.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 9a5b8f66f586ce4d9566503535595800d6d4c8b6e1651ab8b2fbf8f02819ef42 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:23 GMT server nginx etag "65f06303-5a48" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 23112
GET H2	200	CanarySans-Text-300.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	22 KB 23 KB	250ms 249ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Text-300.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 6a2fae6141cd3c337ae20368ec6c6d16bcd1774b42c9cf6ef2b79f4ce7a67710 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:22 GMT server nginx etag "65f06302-5998" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 22936
GET H2	200	button-right-arrow-white.svg redcanary.com/wp-content/themes/redcanary/assets/img/	350 B 581 B	249ms 249ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/button-right-arrow-white.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 8edbf02936f4bbda931a228bd84f7b668522af07f3dfc33b5caee429e7febb85 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 27 Feb 2019 15:51:05 GMT server nginx etag W/"5c76b1e9-15e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	TDR-Header03-1200w.jpeg redcanary.com/wp-content/themes/redcanary/assets/img/	495 KB 496 KB	251ms 250ms	Image image/jpeg	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/TDR-Header03-1200w.jpeg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 5cd3baa58afc9b772d9cb881478a4511bba11be108264372e299aa7500a41f57 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 19:01:44 GMT server nginx etag "65f0a698-7bacb" vary Accept-Encoding content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 506571
GET H2	200	search-btn.svg redcanary.com/wp-content/themes/redcanary/assets/img/	161 B 435 B	253ms 253ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/search-btn.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 0f57969cdf0d61b86fc25ded8a8c5058a5edd346d1845b232610a54f08d0fcb8 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 08 Sep 2021 23:08:04 GMT server nginx etag W/"61394254-a1" vary Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	redcanary.com.json Show response script.crazyegg.com/pages/data-scripts/0096/9416/sampling/ Frame 7785	160 B 212 B	18ms 18ms	XHR application/json	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0096/9416/sampling/redcanary.com.json?t=475403 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/48b755942b6c8e4721f048f3e49b8c1f.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9fb499d7dc1d297a198b6763d9d22925cbc7770533ccc598eee57f1c1d5e6770 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-encoding gzip cf-cache-status HIT age 1848 ce-version 11.5.195 content-length 147 last-modified Tue, 26 Mar 2024 11:14:33 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 86a6e4de5e735d44-FRA
GET H2	200	u cdn.bizible.com/	43 B 85 B	9ms 9ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/u?mapType=mkto&mapValue=id%3A003-YRU-314%26token%3A_mch-redcanary.com-1711453520771-19318&_biz_u=49c446a64576405da0611d5f917c09b7&_biz_l=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&_biz_t=1711453521360&_biz_i=Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report&_biz_n=1&a=redcanary.com&rnd=685328&cdn_o=a&_biz_z=1711453521657 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6752) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:21 GMT strict-transport-security max-age=31536000; includeSub last-modified Mon, 25 Mar 2024 02:02:29 GMT server ECS (frb/6752) age 121372 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	birdInFlight-flipped-975x975-1.jpg redcanary.com/wp-content/uploads/2022/03/	18 KB 18 KB	228ms 228ms	Image image/jpeg	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2022/03/birdInFlight-flipped-975x975-1.jpg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 9dcafe0dd491720f7b4e7168ee159909aba669acbba23ca17e32c9a2174510b0 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 07 Mar 2022 19:56:58 GMT server nginx etag "6226638a-460b" vary Accept-Encoding content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 17931
GET H2	200	TDR-Header-02-Subtle-1.jpg redcanary.com/wp-content/uploads/2024/03/	474 KB 475 KB	229ms 228ms	Image image/jpeg	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2024/03/TDR-Header-02-Subtle-1.jpg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 6cf86376868d29f0157d614e705b93d5073217ae21a9c51508de2c27c6c95a6e Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 11 Mar 2024 16:20:50 GMT server nginx etag "65ef2f62-76850" vary Accept-Encoding content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 485456
GET H2	200	Icon_Alert-Center_Investigation.svg redcanary.com/wp-content/uploads/2020/09/	4 KB 1 KB	339ms 338ms	Image image/svg+xml	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2020/09/Icon_Alert-Center_Investigation.svg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 1576f47ba50e5433d2efe01986fa43b861bd6a4de15751c35bf606b2a9fed2c9 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 24 Sep 2020 17:12:27 GMT server nginx etag W/"5f6cd37b-e55" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	healthcheck Show response pagestates-tracking.crazyegg.com/ Frame 7785	19 B 463 B	28ms 7ms	XHR application/json	13.35.58.58 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pagestates-tracking.crazyegg.com/healthcheck Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/48b755942b6c8e4721f048f3e49b8c1f.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.35.58.58 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-58.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 20 Sep 2023 01:43:28 GMT via 1.1 fe1df26b55e8c12763613686df86f7f2.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10 age 16279314 x-cache Hit from cloudfront content-length 19 last-modified Fri, 08 Jul 2022 22:25:51 GMT server AmazonS3 etag "d06f04fccf68d0b228a5923187ce1afd" access-control-max-age 31536000 access-control-allow-methods GET, HEAD content-type application/json access-control-allow-origin * access-control-expose-headers Access-Control-Allow-Origin accept-ranges bytes x-amz-cf-id BXgZ1MEhyiVGUSzV5jzdTT8cBGpaQqjFRlE8fFFfz6W6n8Vma0xUmw==
GET H2	200	healthcheck Show response assets-tracking.crazyegg.com/ Frame 7785	19 B 461 B	30ms 8ms	XHR application/json	18.66.122.45 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets-tracking.crazyegg.com/healthcheck Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/48b755942b6c8e4721f048f3e49b8c1f.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.45 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-45.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 20 Dec 2023 01:23:29 GMT via 1.1 2816426ad1adbedbdd23d4cdf80c2de2.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P2 age 8418113 x-cache Hit from cloudfront content-length 19 last-modified Fri, 08 Jul 2022 22:25:51 GMT server AmazonS3 etag "d06f04fccf68d0b228a5923187ce1afd" access-control-max-age 31536000 access-control-allow-methods GET, HEAD content-type application/json access-control-allow-origin * access-control-expose-headers Access-Control-Allow-Origin accept-ranges bytes x-amz-cf-id SeQqOX5k9zD_CX2g0eP0gGELVSvyzhovYRysSrnhe1l0A4w0bjhPpw==
GET BLOB	200 OK	a7acbe11-15fe-4d31-a146-021a267c725d https://redcanary.com/	45 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://redcanary.com/a7acbe11-15fe-4d31-a146-021a267c725d Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Length 45 Content-Type text/javascript
GET H2	200	CanarySans-Text-600.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	23 KB 23 KB	260ms 260ms	Font font/woff2	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/CanarySans-Text-600.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 62d02c88b4232d936a5d2554226d043540fe3f4b4822aba7f82eb4c72c7eda51 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_6f971801869df4eb1d949860592a1b82.css Origin https://redcanary.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 12 Mar 2024 14:13:25 GMT server nginx etag "65f06305-5af4" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 23284
GET H2	200	clock Show response tracking.crazyegg.com/ Frame 7785	41 B 148 B	110ms 40ms	XHR text/plain	63.32.22.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.crazyegg.com/clock?t=1711453521766&tk=40ea43635c9a9388c5f9f97df894a565&s=360154&p=%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&u=969416&v=c5fac4a655ac2ae667d4971676edf9474b5b75ae&f=redcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass&ul=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/48b755942b6c8e4721f048f3e49b8c1f.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 63.32.22.36 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-32-22-36.eu-west-1.compute.amazonaws.com Software awselb/2.0 / Resource Hash 744ce15e10d08cd59bcfbdb7327b5dc33aca0bc416a5e511e72ee77a58cfeb75 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Tue, 26 Mar 2024 11:45:21 GMT cache-control no-store server awselb/2.0 content-length 41 content-type text/plain
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 193 B	111ms 111ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept * Referer https://redcanary.com/ sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: AD6479EDF75D4C87B54C6B5D879BBF6F Ref B: FRAEDGE2019 Ref C: 2024-03-26T11:45:21Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 access-control-allow-origin https://redcanary.com x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYUjtM5urdlJ6xK2S07aw==
GET H2	200	d9b6b28e3d84db3e4c966a5cf73af402.js Show response script.crazyegg.com/pages/versioned/trackingpagestate-scripts/	20 KB 8 KB	24ms 24ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/trackingpagestate-scripts/d9b6b28e3d84db3e4c966a5cf73af402.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 86f2855487ee0f2a026de07b800d0a191f2d66723011cf5e7bddea4669037b33 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-encoding gzip cf-cache-status HIT last-modified Tue, 19 Mar 2024 15:32:06 GMT server cloudflare age 77098 vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes timing-allow-origin * cf-ray 86a6e4dffbb49c0c-FRA content-length 8025
GET BLOB	200 OK	36a03457-d137-4f13-918b-39397dd82e4d https://redcanary.com/	241 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://redcanary.com/36a03457-d137-4f13-918b-39397dd82e4d Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 0fe50f8a7110e4062093b96b9d2517757016c4d2b3a905a6fe64baf7844252ef Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Length 241 Content-Type text/javascript
GET H2	200	cd03386b0fde68cad33bac3d9c045084.js Show response script.crazyegg.com/pages/versioned/tracking-scripts/	95 KB 30 KB	24ms 24ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/tracking-scripts/cd03386b0fde68cad33bac3d9c045084.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b3cd2e0adf5395f7af5f6a65f761a458630d3a1da8e06ed3305a64d90ef5d46b Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:21 GMT content-encoding gzip cf-cache-status HIT last-modified Fri, 08 Mar 2024 19:54:23 GMT server cloudflare age 77099 vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes timing-allow-origin * cf-ray 86a6e4e04bfe9c0c-FRA content-length 30708
GET H2	200	6si.min.js Show response j.6sc.co/	64 KB 18 KB	7ms 7ms	Script application/javascript	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: j.6sc.co URL: https://j.6sc.co/j/f3744a5e-342b-429c-9d2c-2c1b7b45310a.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:22 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 22 Feb 2024 19:00:41 GMT server nginx/1.14.0 (Ubuntu) etag "65d799d9-101dd" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 17693 expires Tue, 26 Mar 2024 11:45:22 GMT
GET H2	200	getuidj Show response secure.adnxs.com/	29 B 1 KB	8ms 8ms	XHR application/json	37.252.172.123 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/getuidj Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.23.4 / Resource Hash 0958086bde25b5cc6dbd55b56c8e25f7d018323d2ff483bbb2039365755f8ccc Security Headers Name Value X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:22 GMT an-x-request-uuid 13d5e3ca-0381-44ab-ac47-d1c84951a144 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type application/json; charset=utf-8 access-control-allow-origin https://redcanary.com cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 185.213.155.134; 185.213.155.134; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 29 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 191 B	80ms 71ms	XHR text/html	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:22 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://redcanary.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	20 B 307 B	46ms 9ms	XHR text/html	2a02:26f0:ab00::214:8e41 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:ab00::214:8e41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash dd98357d2bb2982eb4e0d6ad52bdd1467161e32990a70c4f0d6a28b2a8095141 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:22 GMT vary Origin content-type text/html access-control-allow-origin https://redcanary.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a03:1b20:6:f011::1e server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1711453522155_34901565_320231692_31_1210_5_17_219";dur=1 content-length 20 expires Tue, 26 Mar 2024 11:45:22 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	119ms 36ms	Script text/javascript	2a00:1450:4001:827::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 26 Mar 2024 09:48:08 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 7034 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Tue, 26 Mar 2024 11:48:08 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	373ms 364ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=7a8d1a54-88c3-46bc-897d-a5ee1d8b4446&session=a071c1d1-5e53-4d37-83c1-50d5d0db754b&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Windows%20uses%20the%20Mark-of-the-Web%20to%20indicate%20that%20a%20file%20originated%20from%20the%20Internet%2C%20and%20adversaries%20have%20a%20few%20methods%20for%20bypassing%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&pageViewId=0a3415f1-da47-4eea-8eac-d787040f1d08&an_uid=8993297579676123140&webTagId=f3744a5e-342b-429c-9d2c-2c1b7b45310a&v=1.1.15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:22 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	324ms 315ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=7a8d1a54-88c3-46bc-897d-a5ee1d8b4446&session=a071c1d1-5e53-4d37-83c1-50d5d0db754b&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22565ffb1efc5e75f417d1fe1c2134f835%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22e8bebcdaa132f727ae8d16d9967447769318945e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22f3744a5e-342b-429c-9d2c-2c1b7b45310a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Windows%20uses%20the%20Mark-of-the-Web%20to%20indicate%20that%20a%20file%20originated%20from%20the%20Internet%2C%20and%20adversaries%20have%20a%20few%20methods%20for%20bypassing%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&pageViewId=0a3415f1-da47-4eea-8eac-d787040f1d08&an_uid=8993297579676123140&webTagId=f3744a5e-342b-429c-9d2c-2c1b7b45310a&v=1.1.15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:22 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	favicon.png redcanary.com/wp-content/themes/redcanary/assets/img/	16 KB 16 KB	125ms 125ms	Other image/png	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/favicon.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 8b4532ddd365937e2ee31a95189a447d45881cf4dadf2ab66c850786f87774d8 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:22 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 27 Feb 2019 15:51:08 GMT server nginx etag "5c76b1ec-3fb8" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 16312
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	290ms 290ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=7a8d1a54-88c3-46bc-897d-a5ee1d8b4446&session=a071c1d1-5e53-4d37-83c1-50d5d0db754b&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A1e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Windows%20uses%20the%20Mark-of-the-Web%20to%20indicate%20that%20a%20file%20originated%20from%20the%20Internet%2C%20and%20adversaries%20have%20a%20few%20methods%20for%20bypassing%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&pageViewId=0a3415f1-da47-4eea-8eac-d787040f1d08&an_uid=8993297579676123140&webTagId=f3744a5e-342b-429c-9d2c-2c1b7b45310a&v=1.1.15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:22 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	messenger app.qualified.com/w/1/bAEbi2aHVysBKzuy/ Frame D8E2	0 0	369ms 134ms	Document text/html	54.208.246.21 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=957d320d-4ce8-4d68-aa54-896d54354a5f Requested by Host: js.qualified.com URL: https://js.qualified.com/qualified.js?token=bAEbi2aHVysBKzuy Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.208.246.21 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-208-246-21.compute-1.amazonaws.com Software / Resource Hash Security Headers Name Value Content-Security-Policy Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://redcanary.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Cache-Control max-age=0, private, must-revalidate Content-Encoding gzip Content-Length 1999 Content-Security-Policy Content-Type text/html; charset=utf-8 Date Tue, 26 Mar 2024 11:45:22 GMT Etag W/"b43352150e81b1fac247a023152c943a" Link <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush Referrer-Policy strict-origin-when-cross-origin Strict-Transport-Security max-age=63072000; includeSubDomains Vary Accept-Encoding Via 1.1 spaces-router (devel) X-Content-Type-Options nosniff X-Download-Options noopen X-Permitted-Cross-Domain-Policies none X-Request-Id f62b6b84-b414-2ff7-1c86-be470f5f2d70 X-Runtime 0.026860 X-Xss-Protection 1; mode=block
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 207 B	43ms 42ms	XHR text/plain	2a00:1450:4001:827::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=630383901&t=pageview&_s=1&dl=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&ul=en-us&de=UTF-8&dt=Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=YADAAEABAAAAACAAI~&jid=310076748&gjid=1357734349&cid=174042477.1711453521&tid=UA-52702906-1&_gid=327370739.1711453522&_r=1&_slc=1&gtm=45He43p0n81PXWC8JWv813277038za200&cd18=null&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=844052061 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:22 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	details Show response epsilon.6sense.com/v3/company/	745 B 717 B	29ms 14ms	XHR application/json	13.248.142.121 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v3/company/details Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.248.142.121 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ac3ff6aafb2cddae2.awsglobalaccelerator.com Software nginx / Resource Hash 4160094e8e7a55a3dd60c62de930a81375ddce09c11dc6d7b28332da6dbbdf14 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 Authorization Token e8bebcdaa132f727ae8d16d9967447769318945e User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 X-6s-CustomID WebTag f3744a5e-342b-429c-9d2c-2c1b7b45310a Referer https://redcanary.com/ sec-ch-ua-platform "Win32" Response headers x-trace-id 4987288548066590714 date Tue, 26 Mar 2024 11:45:22 GMT content-encoding gzip server nginx vary Origin, Accept-Encoding content-type application/json x-6si-region eu-central-1a access-control-allow-origin https://redcanary.com access-control-expose-headers X-6si-Region access-control-allow-credentials true timing-allow-origin https://6sense.com, https://www.ssga.com content-length 399
OPTIONS H2	200	details epsilon.6sense.com/v3/company/ Frame	0 0	31ms 10ms	Preflight	13.248.142.121 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v3/company/details Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.248.142.121 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ac3ff6aafb2cddae2.awsglobalaccelerator.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,x-6s-customid Access-Control-Request-Method GET Origin https://redcanary.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization,x-6s-customid access-control-allow-methods OPTIONS,GET access-control-allow-origin https://redcanary.com access-control-expose-headers X-6si-Region access-control-max-age 1800 date Tue, 26 Mar 2024 11:45:22 GMT server nginx timing-allow-origin https://6sense.com, https://www.ssga.com x-6si-region eu-central-1a x-trace-id 5530411783690808562
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 151 B	32ms 32ms	XHR text/plain	2a00:1450:400c:c1d::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-52702906-1&cid=174042477.1711453521&jid=310076748&gjid=1357734349&_gid=327370739.1711453522&npa=1&_u=YADAAEAAAAAAACAAI~&z=1738959690 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c1d::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Tue, 26 Mar 2024 11:45:22 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	36ms 36ms	Image image/gif	142.250.185.110 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j101&a=630383901&t=event&ni=1&_s=1&dl=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&ul=en-us&de=UTF-8&dt=Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report&sd=24-bit&sr=800x600&vp=1600x1113&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=6ADAAEABAAAAACAAI~&jid=&gjid=&cid=174042477.1711453521&tid=UA-52702906-1&_gid=327370739.1711453522&gtm=45He43p0n81PXWC8JWv813277038za200&cd4=&cd5=&cd10=&cd11=&cd20=&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=363869812 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.110 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f14.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 07:49:27 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 14155 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	134ms 61ms	Image image/gif	142.250.185.196 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-52702906-1&cid=174042477.1711453521&jid=310076748&npa=1&_u=YADAAEAAAAAAACAAI~&z=1659709099 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.196 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s52-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	60ms 60ms	Image image/gif	142.250.185.227 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-52702906-1&cid=174042477.1711453521&jid=310076748&npa=1&_u=YADAAEAAAAAAACAAI~&z=1659709099 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.227 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 26 Mar 2024 11:45:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	favicon.ico redcanary.com/wp-content/themes/redcanary/assets/img/	1 KB 812 B	125ms 125ms	Other image/x-icon	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash c3096f016b56aa58ea27707e5636618495175ed50b77c09b91c9cb5c014b79e2 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:22 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 05 Mar 2024 03:00:32 GMT server nginx etag W/"65e68ad0-47e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/x-icon access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	favicon-32x32.png redcanary.com/wp-content/themes/redcanary/assets/img/	1 KB 2 KB	127ms 126ms	Other image/png	104.198.136.223 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/favicon-32x32.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash a19b17e3c318b115a7531fd404bd12a49d65104d57a1efd064f5ae80b457f52f Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:22 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 05 Mar 2024 03:00:32 GMT server nginx etag "65e68ad0-5c9" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 1481
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	187ms 187ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=7a8d1a54-88c3-46bc-897d-a5ee1d8b4446&session=a071c1d1-5e53-4d37-83c1-50d5d0db754b&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A23%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A22%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Windows%20uses%20the%20Mark-of-the-Web%20to%20indicate%20that%20a%20file%20originated%20from%20the%20Internet%2C%20and%20adversaries%20have%20a%20few%20methods%20for%20bypassing%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&pageViewId=0a3415f1-da47-4eea-8eac-d787040f1d08&an_uid=8993297579676123140&webTagId=f3744a5e-342b-429c-9d2c-2c1b7b45310a&v=1.1.15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:23 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	282ms 282ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=7a8d1a54-88c3-46bc-897d-a5ee1d8b4446&session=a071c1d1-5e53-4d37-83c1-50d5d0db754b&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A24%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A23%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Windows%20uses%20the%20Mark-of-the-Web%20to%20indicate%20that%20a%20file%20originated%20from%20the%20Internet%2C%20and%20adversaries%20have%20a%20few%20methods%20for%20bypassing%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&pageViewId=0a3415f1-da47-4eea-8eac-d787040f1d08&an_uid=8993297579676123140&webTagId=f3744a5e-342b-429c-9d2c-2c1b7b45310a&v=1.1.15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:24 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	220ms 220ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=7a8d1a54-88c3-46bc-897d-a5ee1d8b4446&session=a071c1d1-5e53-4d37-83c1-50d5d0db754b&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A25%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A24%20GMT%22%2C%22timeSpent%22%3A%221007%22%2C%22totalTimeSpent%22%3A%223012%22%7D&isIframe=false&m=%7B%22description%22%3A%22Windows%20uses%20the%20Mark-of-the-Web%20to%20indicate%20that%20a%20file%20originated%20from%20the%20Internet%2C%20and%20adversaries%20have%20a%20few%20methods%20for%20bypassing%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&pageViewId=0a3415f1-da47-4eea-8eac-d787040f1d08&an_uid=8993297579676123140&webTagId=f3744a5e-342b-429c-9d2c-2c1b7b45310a&v=1.1.15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:25 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	227ms 227ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=565ffb1efc5e75f417d1fe1c2134f835&svisitor=null&visitor=7a8d1a54-88c3-46bc-897d-a5ee1d8b4446&session=a071c1d1-5e53-4d37-83c1-50d5d0db754b&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A26%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2026%20Mar%202024%2011%3A45%3A25%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224013%22%7D&isIframe=false&m=%7B%22description%22%3A%22Windows%20uses%20the%20Mark-of-the-Web%20to%20indicate%20that%20a%20file%20originated%20from%20the%20Internet%2C%20and%20adversaries%20have%20a%20few%20methods%20for%20bypassing%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mark%20of%20the%20Web%20Bypass%20-%20Red%20Canary%20Threat%20Detection%20Report%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Ftechniques%2Fmark-of-the-web-bypass%2F&pageViewId=0a3415f1-da47-4eea-8eac-d787040f1d08&an_uid=8993297579676123140&webTagId=f3744a5e-342b-429c-9d2c-2c1b7b45310a&v=1.1.15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 11:45:26 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT