www.sygnia.co Open in urlscan Pro
141.193.213.10  Public Scan

14 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2 HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4003889%26time%3D1718768314053%26url%3Dhttps%253A%252F%252Fwww.sygnia.co%252Fblog%252Fchina-nexus-threat-group-velvet-ant%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKA9c_OXbeGHgAAAZAukyoRlHM6JnMPCvZD89PcJGHR2gwFbpw-7QD-psFjMG6yWA

Request Chain 107

• https://c.clarity.ms/c.gif HTTP 302
• https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=71A07663B44943F2AD195860560E6122&RedC=c.clarity.ms&MXFR=0B3413E929EC6B4B17A0074A2DEC6534 HTTP 302
• https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=71A07663B44943F2AD195860560E6122&MUID=1504CAE13A20612D1F23DE423BAB600C

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
32 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/	268 KB 37 KB	837ms 603ms	Document text/html	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / WP Engine Resource Hash a13515f4d5a873095d0fcb754d79eeb0a2c8c565cc4daa8547f776d877e35940 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control max-age=600, must-revalidate cf-cache-status DYNAMIC cf-ray 89607c898d934d5e-FRA content-encoding br content-type text/html; charset=UTF-8 date Wed, 19 Jun 2024 03:38:29 GMT link <https://www.sygnia.co/wp-json/>; rel="https://api.w.org/" <https://www.sygnia.co/wp-json/wp/v2/posts/3313>; rel="alternate"; type="application/json" <https://www.sygnia.co/?p=3313>; rel=shortlink server cloudflare vary Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie x-cache HIT: 14 x-cache-group normal x-cacheable SHORT x-powered-by WP Engine
GET H2	200	style.min.css sygnia.b-cdn.net/wp-includes/css/dist/block-library/	111 KB 16 KB	313ms 8ms	Stylesheet text/css	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-includes/css/dist/block-library/style.min.css?ver=0a0d0997e3f8080a81b66a80d65e3dc1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status MISS cdn-edgestorageid 1079 cdn-cachedat 05/21/2024 10:09:02 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:12 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e54-1bae5" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid 73fb01cf5cc8bf9182975ff4ca38d589 cf-ray 8873c4c0bafa9299-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	style.css sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/	7 KB 3 KB	313ms 0ms	Stylesheet text/css	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/style.css?ver=1718618133 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 37aa2afe642b4f6846d6d2d4c75b35b7d91bc618c3dda33e7a9feef1862de00a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status MISS cdn-edgestorageid 1081 cdn-cachedat 06/07/2024 22:53:28 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 04 Jun 2024 11:43:34 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"665efde6-1bb3" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid d60e7b89b4615d2d72591f32be44790a cf-ray 890437e9e88c694b-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	start.css sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/	32 KB 7 KB	314ms 0ms	Stylesheet text/css	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/start.css?ver=1718618133 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash e0f8484362935eb3c7724c5a551611b89f0d22a6c209f4f020fa3e66d1766a81 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1080 age 1911 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:54:47 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6f67-7f2c" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid 1833d04835d254a4ff4983f5895afd55 cf-ray 8873ea45880518b3-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	vendor.css sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/	79 KB 14 KB	343ms 26ms	Stylesheet text/css	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/vendor.css?ver=1718618133 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash beb3d3261844647f8ad40783030656786f17ac89edcdf556f2e232bc6ac5656e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status MISS cdn-edgestorageid 1080 cdn-cachedat 05/30/2024 09:04:27 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Thu, 23 May 2024 09:01:13 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664f05d9-13a7a" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid 4bbbdf134e8b8cdebb9ef9f73689214a cf-ray 88bd8e8ab8c09112-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	main.css sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/	387 KB 52 KB	344ms 26ms	Stylesheet text/css	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 5ef1ec86440bd5517d008284eec6c36b8283deda9793276bbf464438f7904cb9 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1081 age 1911 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:54:48 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6f68-60b63" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid 4e045821d75dad832e81daa09cdc5611 cf-ray 8873ea458f089f24-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	jquery.min.js Show response sygnia.b-cdn.net/wp-includes/js/jquery/	86 KB 31 KB	32ms 30ms	Script application/javascript	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1079 age 42889 cdn-cachedat 05/24/2024 16:49:06 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 16:10:12 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664cc764-15601" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 44df39d198e768f4562c2de96ea5a634 cf-ray 888ec6f10fd93737-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	jquery-migrate.min.js Show response sygnia.b-cdn.net/wp-includes/js/jquery/	13 KB 5 KB	18ms 10ms	Script application/javascript	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1079 age 1910 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:11 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e53-3509" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 488ee57aaaf54d9c48256d7b87cd11d5 cf-ray 8873ea4589c99731-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H3	200	v2.js Show response js.hsforms.net/forms/embed/	482 KB 156 KB	234ms 69ms	Script application/javascript	104.18.142.119 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/embed/v2.js Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip age 392 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=896072fa49f7975a-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"56164b8f5dbcf6e65e555e48d5d6176a" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.5387/bundles/project-v2.js date Wed, 19 Jun 2024 03:38:29 GMT x-amz-version-id mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92 x-content-type-options nosniff cf-cache-status HIT via 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront) nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 53e577ae-1410-4829-b88a-c41743eb6295 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 53e577ae-1410-4829-b88a-c41743eb6295 last-modified Thu, 06 Jun 2024 13:36:59 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6wNTxj%2BHwXkZungwNIHes0d6lI0Cc%2BL5bhjX%2FBdrvnAnBKFbURD1BRPio1NuCJvqynmkW0gl5yuG8EZFo%2F6KDw8Bea9kkb%2BtZ3cuIbyAht7EhAQGpCJsJ2f8iJdsqtx8"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-9c6mc cf-ray 89607c8e7ad33a92-FRA x-amz-cf-id ykbNAo3etgvxkyXBitOq2MuMtvZ-QGnV81QtsQ7NtDMKBWSPiUXuEw==
GET H2	200	8776530.js Show response js.hs-scripts.com/	2 KB 1 KB	1057ms 0ms	Script application/javascript	2606:4700::6810:8bd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/8776530.js Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b25ba90304e49047d0f5d7432303e6a221ebf3e687d22b8566591967cb826f1f Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d980314c-8561-40ac-9add-a4ddfc1c531e x-envoy-upstream-service-time 4 content-length 629 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d980314c-8561-40ac-9add-a4ddfc1c531e last-modified Wed, 19 Jun 2024 03:16:31 GMT server cloudflare vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-5d47c8d44f-6pxvl access-control-allow-credentials true cache-control public, max-age=90 accept-ranges bytes cf-ray 89607c97df645c85-FRA expires Wed, 19 Jun 2024 03:40:01 GMT
GET H3	200	main_logo.svg www.sygnia.co/wp-content/uploads/2024/01/	2 KB 1 KB	21ms 19ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/01/main_logo.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 6d635cb5df71d3b41ecf01e08f469d63957b1f4eaa39944e9787e0a267ae22c9 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 134590 etag W/"667006f5-6c1" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c8d68ed4d5e-FRA alt-svc h3=":443"; ma=86400
GET H3	200	icon_info.svg www.sygnia.co/wp-content/uploads/2024/01/	274 B 405 B	418ms 410ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/01/icon_info.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 482bfcc25fc36b5ca7cfdbb76380da0a6df7000a0c238edfaa82b1dfaa0d8526 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 146755 etag W/"667006f5-112" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c921d394d5e-FRA alt-svc h3=":443"; ma=86400
GET H3	200	share_item_facebook.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	284 B 435 B	233ms 225ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_facebook.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ab45f33a794552f8e14ae66eaf6af4ba0bd9f1cc02896012ff4968fad5a9713b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 145935 etag W/"667006f5-11c" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c921d3b4d5e-FRA alt-svc h3=":443"; ma=86400
GET H3	200	share_item_x.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	321 B 451 B	408ms 400ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_x.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 5bf0b35b5dce9e77690dafd5e5ea233b31e02101cc6a73f5d0416ac114792e35 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 117005 etag W/"667006f5-141" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c921d3c4d5e-FRA alt-svc h3=":443"; ma=86400
GET H3	200	share_item_linkedin.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	516 B 540 B	249ms 241ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_linkedin.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 88934ea7e6d53babd8bae2f0d386a9a8f40104b1fdd9c52e7a62cfe15bb47b63 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 146263 etag W/"667006f5-204" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c921d3f4d5e-FRA alt-svc h3=":443"; ma=86400
GET H3	200	share_item_mail.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	319 B 438 B	609ms 600ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_mail.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash da53520a115493051abcf091908a7515afea76d2c9a707a0493f2021cafd20a3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 143362 etag W/"667006f5-13f" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c921d404d5e-FRA alt-svc h3=":443"; ma=86400
GET H3	200	article_card_lines_decor.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	5 KB 902 B	159ms 123ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/article_card_lines_decor.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 03f49a978258eb1f89518f68f6ece0bdf3dde0344349569ee8817b36e7189876 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:29 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 145982 etag W/"667006f5-12a6" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c8ec9ef4d5e-FRA alt-svc h3=":443"; ma=86400
GET H3	200	social_linkedin_white.svg www.sygnia.co/wp-content/uploads/2024/05/	530 B 548 B	602ms 594ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/05/social_linkedin_white.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash fb6783e593b49bb9261e7639dea5b37b3bbe225c4b3827310940ce752b3b6add Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:41 GMT server cloudflare age 150220 etag W/"667006f1-212" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c921d424d5e-FRA alt-svc h3=":443"; ma=86400
GET H3	200	social_x_white.svg www.sygnia.co/wp-content/uploads/2024/05/	346 B 466 B	393ms 386ms	Image image/svg+xml	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/05/social_x_white.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 60951d4152b680cf26897b16cf061939b15b33e76066bdaea8a8398703ee5d19 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:41 GMT server cloudflare age 150169 etag W/"667006f1-15a" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89607c921d434d5e-FRA alt-svc h3=":443"; ma=86400
GET H2	200	jquery.selectric.min.js Show response sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/	14 KB 5 KB	193ms 0ms	Script application/javascript	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/jquery.selectric.min.js?ver=1.0.90 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 570131c06e2b9e41ab9917ab39ecb6bbb063c2433abbaff89ea3335c7bd7d5ee Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1079 age 1910 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e5a-384b" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid d6d7b5e8169ab2fcf9e741973ca20810 cf-ray 8873ea458e6237fb-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	jquery.mCustomScrollbar.concat.min.js Show response sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/	39 KB 12 KB	352ms 0ms	Script application/javascript	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/jquery.mCustomScrollbar.concat.min.js?ver=1.0.90 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 3ac859f905d1e38eed93ebb76953499f9078693adfeb41668915a47e4acebb1e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1079 age 1910 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e5a-9cae" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 2815bf765ac4a0c200c5be1f09c5481d cf-ray 8873ea458c2d71a9-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	lazyload.min.js Show response sygnia.b-cdn.net/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/	9 KB 4 KB	338ms 0ms	Script application/javascript	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1081 age 372013 cdn-cachedat 05/26/2024 01:03:21 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 16:10:21 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664cc76d-22bc" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 229fd4ad37c802c1eb52df808c313041 cf-ray 8899d8514d909bbc-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	js Show response www.googletagmanager.com/gtag/	331 KB 108 KB	1078ms 2ms	Script application/javascript	2a00:1450:4001:801::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f8a78b9d708802cf8fa18f95c5131f9392dd9c051d6c34a0cd4919e472862657 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 109747 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Wed, 19 Jun 2024 03:38:31 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	334 KB 108 KB	1013ms 0ms	Script application/javascript	2a00:1450:4001:801::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 3fc9e666bdd818a1f8d40fbf9de70be52739c0ceea96d55f00502dea49cc8487 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 110557 x-xss-protection 0 last-modified Wed, 19 Jun 2024 03:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 19 Jun 2024 03:38:31 GMT
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash acfaaf62bff0119246c65258ed4eddfff3758441c562b3726627e377d6939118 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 50410fbc6131cebfceefaa33c1c9e04417e2a1f022a13dbb23486a39b3ad23e1 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 20b45d5bce36aad5a15e7764f5e2fb5375e9402bfc1982c121b499335805ca8e Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ee5c739681588a99eef62fe74b53f6f7951b494df59469bc806199a2c36b8cd Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 13420e2ab328e317e36049945692f0350cc1740f32059f7e891784e97190877c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 440f605d063e19f1e06baeb6a34d17963626c11c4b3e6c377908e45c4e5238ed Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1c5d931117615c91d0f3f4b65ec87c68647a30a358dddfe5d6ab46f4b0bac939 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9466705eb27c2bd68a0ad061508b1c064ea7307079c4f497a7c6a152715933e8 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fcef787036dbfef77ad9a0303a91850376867e85d1de02d4200026db785a6988 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 36eff6bf944482ce474b49e5245507f65edf49455fda377c762d09b639fe62a6 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	253 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8746996314732452443328c9005778a65f59fb3ce23886256f4ce5cc826f36cf Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	685 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6363e009d5233d3a07b75315cea4838f87d86cedef07bc9e7b2fe80b4b6707f3 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	248 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a6d94bba3091f01e612c8a679efbb3eb688b7d20da216fa254a92cecd6572865 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	250 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 04ecc921a16e8836f1479f6b04e16114c1273410eda3be11428581d344afbfdd Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	article_card_lines_decor_huge.svg sygnia.b-cdn.net/wp-content/themes/sygnia-theme/images/	5 KB 1 KB	334ms 0ms	Image image/svg+xml	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Show image Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/images/article_card_lines_decor_huge.svg Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash b9859c9773072556f0e8de582865e66fc2ee3a01853385e9b44c3e3a1fa652ef Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT content-encoding br cf-cache-status MISS cdn-edgestorageid 1080 cdn-cachedat 05/21/2024 10:35:35 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e5a-1268" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid a9536e91a67080a92dc323fb0eb8d72f cf-ray 8873eba92cafa01c-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Medium.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	97 KB 98 KB	503ms 0ms	Font application/octet-stream	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Medium.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 5d47d588556711a601728fc8a6d02c6b4fe8069210b411d2408359fee9a2ed6f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT cf-cache-status HIT cdn-edgestorageid 1080 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 99492 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-184a4" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid e6a3dea66563edac8497959170e3f200 accept-ranges bytes cf-ray 8873ea488dac2be2-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFAlternateGothic-Medium.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	132 KB 133 KB	510ms 8ms	Font application/octet-stream	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFAlternateGothic-Medium.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 7d3d1b5a7db60fd338b0765356fd2813d0d6d9600639845d645c49e2c61e5bf8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT cf-cache-status MISS cdn-edgestorageid 1081 cdn-cachedat 05/21/2024 10:35:35 cdn-pullzone 2091526 alt-svc h3=":443" content-length 135264 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-21060" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 64eb7be55965f2f417d8d99bb8525577 accept-ranges bytes cf-ray 8873eba93f619a17-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Regular.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	94 KB 94 KB	511ms 10ms	Font application/octet-stream	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Regular.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash d893fa560a64242185cfccd40f02e2267432daab306ca89dc8e4176b62d9cf3d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT cf-cache-status HIT cdn-edgestorageid 1082 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 96116 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-17774" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid faf48b9320591c67b2b9956cd137fefb accept-ranges bytes cf-ray 8873ea48adf6373a-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Light.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	94 KB 94 KB	471ms 12ms	Font application/octet-stream	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Light.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 6db159af02a213a7d4058f5ffe508392ca8d46478f1ded5a446ef9a0226fe52f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT cf-cache-status HIT cdn-edgestorageid 1080 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 96140 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-1778c" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 65bb29b83f94ae78421ed10dd4fd099f accept-ranges bytes cf-ray 8873ea488ba618b3-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Heavy.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	102 KB 103 KB	476ms 18ms	Font application/octet-stream	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Heavy.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash cc2b240009df1ede0c3884229e7e7d14a04752dca62910c215f871188b1c91f0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT cf-cache-status HIT cdn-edgestorageid 1080 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 104484 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-19824" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 373919189c1deeb7ac8c85451d7b12de accept-ranges bytes cf-ray 8873ea489994a01c-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Bold.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	100 KB 100 KB	479ms 21ms	Font application/octet-stream	2400:52e0:1e00::1080:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Bold.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1080 / Resource Hash 9d205ce526929a67b4b7f36717fd842e28b560d1837d46a552a55988f13fe898 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:30 GMT cf-cache-status HIT cdn-edgestorageid 1080 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 102192 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1080 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-18f30" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid a0876156f424ad20a798183ae816a59b accept-ranges bytes cf-ray 8873ea4898481d96-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4cd44939e2a40d2edf57d2c2c5fad51d26aecddbb2a14cbf288ebea6cfeecfc5 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0d4d3a229240ee2f7f12e1286b6f7759df6228f1942d1b3debda6349ef1f90fc Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0fc0b91f46e1c00dd3bc09f13bda3ba51f0887c1d607f024a03e9a51e79e8c74 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 59aae364c9b619b7493674b87d266f058349bf4c6ac8ae78c90c3b192b8e5177 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d540e7278f54d50e5b78445c8f31034e81d1a3abe4ab98cf23f31cfb9babf670 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fe175078011d8981c15d5be839df9fccb7c4d8640bb6d9e495cd23d6e5e32cb3 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c5580d46d80a0fc3b81e22b5f7c82a42435c04d5b7817586034145a22798c44c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 393dbca9f5658eaf4859e39a8ee1fc05b1e0f653a8ae92db8ff50e5c234eab0a Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 39c5b9da29291f6b37c7e9428f2de883301f85f5e9cbfce66712875fb7c45d7a Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7aa22f1345830677872990b5c195b73f0c11cb69ec8d50481fb5f51a486775dc Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 23af52792bbf8dbb7290f297ff42ba6c1ced9c38072b1b71aaef087351596743 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ba9362bb0507b75f49c317210043a33ab2eccf279aae9dd99315328c936cbf2c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	64 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	jquery.mousewheel.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/	3 KB 2 KB	420ms 69ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 351716 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 1046 last-modified Mon, 04 May 2020 16:11:46 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec2-ad3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2FmJgoC0GMOyrM%2B4KC0FvfxWNPTz4DqWMg5xSGQGHxxllcKig73xc1eCOxqLPHJ8I%2BhCvhS6O2Jc1FACVkHv003xI3JOXWbibDdUXuiFZL80wx4WJboPJHOQuWSRKELKjKRPL7ZL"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 89607c986910a05e-FRA expires Mon, 09 Jun 2025 03:38:31 GMT
GET H3	200	json Show response forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/	2 KB 2 KB	619ms 235ms	XHR application/json	104.19.175.188 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8c180daaec738c7b77a7c6201b0a5bf184d53d8381bce073d98f1109527e2435 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/json, text/plain, */* Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-origin-hublet na1 date Wed, 19 Jun 2024 03:38:31 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c8442fb2-0b2f-498e-a227-5fbb52b37510 x-envoy-upstream-service-time 21 alt-svc h3=":443"; ma=86400 content-length 1128 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c8442fb2-0b2f-498e-a227-5fbb52b37510 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * cf-ray 89607c98dffa1e4d-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-zwbwx
GET H3	200	json Show response forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/	2 KB 2 KB	836ms 203ms	XHR application/json	104.19.175.188 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad56a43d0b3da7cc4a0ac4f5764554d59c806d851590c13be1cd125896609f05 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/json, text/plain, */* Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-origin-hublet na1 date Wed, 19 Jun 2024 03:38:31 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 652af86b-96b3-465b-8dcd-bf011a17d956 x-envoy-upstream-service-time 19 alt-svc h3=":443"; ma=86400 content-length 1128 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 652af86b-96b3-465b-8dcd-bf011a17d956 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * cf-ray 89607c9a79281e4d-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-fnshr
GET DATA	200 OK	truncated /	250 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash aefdd073a5a00a2b6959db7818278d0fdef8f0ef5d65312542de0d5bd32ca0f7 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	250 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ea5fb260d4b5370cf7050e2e921c6a1bd6117d4ae54058649b803177fb6bcd9 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	255 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 65f8b1c674f201983d6930f4670a451f2677db1f2352921ea3ec16d2a00c5d7e Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	243 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0c9d2afbb789c07d465dddd42752f23d3c74c414f2baa27bc5193bbfdd6f6596 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	Malware-2.png.webp www.sygnia.co/wp-content/uploads/2024/06/	117 KB 118 KB	169ms 98ms	Image image/webp	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/06/Malware-2.png.webp Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c8d40e0175b81f1c7aaccd9bef47170e06cf8ab80af2879782f130a0e3206363 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT cf-cache-status HIT last-modified Mon, 17 Jun 2024 11:06:18 GMT server cloudflare age 145666 etag "667018aa-1d552" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 89607c98da424d5e-FRA alt-svc h3=":443"; ma=86400 content-length 120146
GET H2	200	web-interactives-embed.js Show response js.hubspot.com/	82 KB 24 KB	601ms 90ms	Script application/javascript	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hubspot.com/web-interactives-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/8776530.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2a89c8b374ed1c8906af70baa4a0f75993a4a43aa7545786598cf820e4d02517 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1183/bundles/project.js&cfRay=89607c9bfff58ed7-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"71d30408e8a4394bc3200e642ab7802d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.1183/bundles/project.js date Wed, 19 Jun 2024 03:38:31 GMT x-amz-version-id c.dt9hh6keM4m12BcMYa6Rr6MpVATgRK x-content-type-options nosniff cf-cache-status EXPIRED via 1.1 53b70ac9dc46d1c13992b291cf22a9aa.cloudfront.net (CloudFront) nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id ee4e1373-7de7-4ab2-baea-87b379bfb0b6 x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-evy-trace-route-configuration listener_https/all x-request-id ee4e1373-7de7-4ab2-baea-87b379bfb0b6 last-modified Thu, 13 Jun 2024 15:47:04 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2yjCQb%2FRNWHTfu2%2FXbt%2BM%2BPWqhRY241gqaqnuyfeTy%2F2gzCpL182bU7APUszopGrJXIppOoERUfHaLt%2Bf42y2lJUxM%2FgT9%2FhIcIWUIW17RgYYwoUvxgAvxBehVc7TkBXndW%2B%2FSviRwYHGGZJ"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-rcvgx cf-ray 89607c9bfff58ed7-FRA x-amz-cf-id BjpiIwJieI2ZjTiNGUPK_X2kcEbFp6JEqSA1pZumw_mFyYXH_98sXw==
GET H2	200	8776530.js Show response js.hs-banner.com/	62 KB 19 KB	800ms 303ms	Script text/javascript	2606:4700:4400::ac40:991b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/8776530.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/8776530.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c68393226d3633049135829ab9caba1bdbae820130979d2a7d6a452c4857a68a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT x-amz-version-id cKOjOKHy0gkD3vnvadsggOelDxgHEFKW content-encoding gzip cf-cache-status REVALIDATED x-amz-request-id MM82DEBW19EJGB2Z x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id a40c7f60-3735-46bc-a4b1-768fcf89fe88 x-envoy-upstream-service-time 33 x-amz-id-2 TDe7TTEK3CMjWkoiR4Z7tHZEK/GRMkkKdcKBBu3UXzQn34/lk1VQT1yoe0qdBGbJ/CmMU88yaog= x-evy-trace-listener listener_https x-request-id a40c7f60-3735-46bc-a4b1-768fcf89fe88 x-evy-trace-route-configuration listener_https/all last-modified Fri, 14 Jun 2024 13:01:06 GMT server cloudflare etag W/"2b29ebca7a42fcdc3b13bb1d1998bff9" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-qr8zh vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 89607c9bfde69b33-FRA expires Wed, 19 Jun 2024 03:43:31 GMT
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 4 KB	486ms 0ms	Script application/javascript	2606:4700::6811:80ac CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/8776530.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c114a5641b9988aecb7a00c47bd1d37d912883ff4ef9c3b9fe6ad21603ab1066 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT x-amz-version-id 7Zz_oLsqoY3yHsxt9nM5YRwsj1MKwqFV content-encoding gzip x-content-type-options nosniff via 1.1 76e55a2361219fb19722e949475d1844.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 254 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.565/bundles/pixels-release.js&cfRay=896076642e379128-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 7f874000-d205-40c9-94e8-cb5369017f12 cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 6 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 7f874000-d205-40c9-94e8-cb5369017f12 last-modified Tue, 18 Jun 2024 12:46:30 UTC server cloudflare etag W/"b233ea75981268a81228cd819e8fd5eb" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status MISS x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-ddwd7 cf-ray 89607c9bfd621cb9-FRA x-amz-cf-id UYXtYSIC5-JaGw0LKxG3r53Q6tazUoBDHooE1XF8-mYogGla4Bayhw== x-hs-target-asset adsscriptloaderstatic/static-1.565/bundles/pixels-release.js
GET H2	200	8776530.js Show response js.hs-analytics.net/analytics/1718768100000/	67 KB 24 KB	600ms 104ms	Script text/javascript	2606:4700::6810:a0a8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1718768100000/8776530.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/8776530.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5b3c542396dff8231c7cc4f46bf67aad962b55decd65f563b33409cff3871fa7 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT x-amz-version-id null content-encoding gzip cf-cache-status MISS x-amz-request-id 75NQZCXTC9ETK2P3 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 932defa7-b80e-49eb-9b79-190ede3b9ac5 x-envoy-upstream-service-time 25 x-amz-id-2 ITmt40510ce/gbNB7EyNRAlbWxh3nF+CBeAVV3h+PhDsHW3K9p4+6pz/FJpJvBHy90a0+X/wN20= x-evy-trace-listener listener_https x-request-id 932defa7-b80e-49eb-9b79-190ede3b9ac5 x-evy-trace-route-configuration listener_https/all last-modified Fri, 14 Jun 2024 13:01:07 GMT server cloudflare etag W/"f18eae7233dcb208f542ca0bf4ff2c08" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-2r68v cache-control max-age=300,public access-control-allow-credentials false cf-ray 89607c9bfa023a7c-FRA expires Wed, 19 Jun 2024 03:43:31 GMT
GET H3	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 883 B	213ms 168ms	Image image/gif	104.19.175.188 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:31 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c23ba9f5-952e-4b94-bd1a-0f164795775c x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c23ba9f5-952e-4b94-bd1a-0f164795775c server cloudflare vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-h57s4 access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 89607c9bdcb42baf-FRA
GET DATA	200 OK	truncated /	246 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d7780e9c2bb62d651ef56f3d7800e3ef686e424c0c27d9cead2e15b075d28174 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 537 B	164ms 158ms	Image image/gif	104.19.175.188 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:32 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 5b6290d4-7fdf-4a36-955b-0e58aaa3594a x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 5b6290d4-7fdf-4a36-955b-0e58aaa3594a server cloudflare vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4lbrq access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 89607c9f7e6f2baf-FRA
GET H3	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 537 B	155ms 124ms	Image image/gif	104.19.175.188 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:32 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d1257345-a6e9-4cfc-9a6d-613bb994fdb0 x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d1257345-a6e9-4cfc-9a6d-613bb994fdb0 server cloudflare vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4lbrq access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 89607c9fae8d2baf-FRA
POST H2	204	collect region1.analytics.google.com/g/	0 0	1198ms 14ms	Fetch text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-3XBPCMRFD6&gtm=45je46h0v9100139776za200&_p=1718768310079&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1156517798.1718768313&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.61%7CGoogle%2520Chrome%3B126.0.6478.61&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718768312&sct=1&seg=0&dl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&dt=In-Depth%20Analysis%3A%20Velvet%20Ant%27s%20Prolonged%20Cyber%20Attack%20on%20a%20Large%20Organization&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4210&_z=fetch Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Wed, 19 Jun 2024 03:38:33 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.sygnia.co cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 254 B	1203ms 19ms	Ping text/plain	2a00:1450:400c:c06::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3XBPCMRFD6&cid=1156517798.1718768313&gtm=45je46h0v9100139776za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Wed, 19 Jun 2024 03:38:33 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.sygnia.co cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	1097ms 19ms	Image image/gif	142.250.185.227 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3XBPCMRFD6&cid=1156517798.1718768313&gtm=45je46h0v9100139776za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=791459456 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.227 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Wed, 19 Jun 2024 03:38:33 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	261 KB 91 KB	26ms 25ms	Script application/javascript	2a00:1450:4001:801::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10796050850&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash ffdb5e20a61fc2f88a71eadfe52764a3599d00b278f477a70f727e92297b19b4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:32 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 92598 x-xss-protection 0 last-modified Wed, 19 Jun 2024 03:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 19 Jun 2024 03:38:32 GMT
GET H2	200	destination Show response www.googletagmanager.com/gtag/	261 KB 90 KB	62ms 61ms	Script application/javascript	2a00:1450:4001:801::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-10796050850&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 7389c9567bf38a2a28141a7197a24c414fde422297655621241ab814a022e81d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:32 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 92521 x-xss-protection 0 last-modified Wed, 19 Jun 2024 03:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 19 Jun 2024 03:38:32 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	38 KB 14 KB	1122ms 33ms	Script application/javascript	2a02:26f0:3100::1735:283b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:283b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:33 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 18 Jun 2024 16:46:52 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=60973 accept-ranges bytes content-length 14004
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	1078ms 6ms	Script application/javascript	146.75.120.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:33 GMT content-encoding gzip last-modified Fri, 22 Mar 2024 21:07:24 GMT x-amz-server-side-encryption AES256 etag "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15412 x-served-by cache-iad-kiad7000168-IAD, cache-fra-etou8220158-FRA
GET H/1.1	200 OK	obtp.js Show response amplify.outbrain.com/cp/	28 KB 9 KB	1192ms 113ms	Script application/x-javascript	23.52.161.196 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://amplify.outbrain.com/cp/obtp.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.52.161.196 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-52-161-196.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 7f1f57bf681ed9287179c0f2c6e5a893b52df464cd8f96c464b8839adc6350ac Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 19 Jun 2024 03:38:33 GMT Content-Encoding gzip Last-Modified Sun, 09 Jun 2024 11:13:04 GMT Server AkamaiNetStorage ETag "ad6b2d179ef6c3d28edf15bb7a95213b:1717931860.970344" Vary Accept-Encoding Content-Type application/x-javascript X-RG EU Cache-Control max-age=1200 X-CC DE Connection keep-alive Accept-Ranges bytes Content-Length 8573 Expires Wed, 19 Jun 2024 03:58:33 GMT
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	1097ms 30ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Wed, 19 Jun 2024 03:38:33 GMT last-modified Thu, 29 Feb 2024 19:58:06 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 0BDCD21094B548B0A82027B959479444 Ref B: FRA31EDGE0207 Ref C: 2024-06-19T03:38:33Z etag "01b4e9c496bda1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13261
GET H2	200	tags.js Show response tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/	2 KB 1 KB	1253ms 210ms	Script application/javascript	2600:9000:20ae:3200:7:d7d6:3c40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ae:3200:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Clearbit / Resource Hash 26289e926f95ac9932d88178c690daf5df8af203ffa3b982657e35b3f72d71ab Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:33 GMT content-encoding gzip x-content-type-options nosniff x-envoy-response-flags - via 1.1 4a87b0ff8f386aa5361d3117d5ee6dd2.cloudfront.net (CloudFront) server Clearbit strict-transport-security max-age=63072000; includeSubDomains; preload x-amz-cf-pop MUC50-P5 etag W/"9a419a5608a8efc4f0736c99a790fcb8" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript;charset=utf-8 cache-control private, max-age=600 x-amz-cf-id hSrICVPdHX319pAJWuTrXnXIY0O-FPfMUgvh229B6FfQYe3zFrXaTQ==
GET H3	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 537 B	163ms 109ms	Image image/gif	104.19.175.188 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 822d372c-68d7-4d0c-b626-5e7b925ceec5 x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 822d372c-68d7-4d0c-b626-5e7b925ceec5 server cloudflare vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-h57s4 access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 89607ca3d8722baf-FRA
GET H2	200	combinedConfigs Show response cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/	61 B 1 KB	141ms 122ms	Fetch application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=8776530&currentUrl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F Requested by Host: js.hubspot.com URL: https://js.hubspot.com/web-interactives-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d24887f0-4868-4059-bcc0-8e5fb8acdc1e content-encoding br x-envoy-upstream-service-time 9 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d24887f0-4868-4059-bcc0-8e5fb8acdc1e server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lft8Cca%2FGlS6iJFiJn5471flw3qa%2FAknye5MDaDOCW4Ow%2FkcedYtDP4bQ9Hc9JUpq0PnUrfHeyyrBWrGL%2F%2FvT1hft%2B3GndesdrQBsZ9V6TWTVAimxW2As5TT%2FD8Qb9Gkt6lz9BcNrTjQjHV2fT%2BBpI3ofndJkIQ6yM0%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 89607ca42e428ed7-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-cndcx
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	114 B 1 KB	988ms 123ms	XHR application/json	2606:4700::6812:f26c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=8776530 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:f26c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f95beea21004e6e9ebb0833f42a3f497c4b38e06351270eaa32abff79dc94495 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:34 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id f3f1ea2b-3614-4ad6-bb79-de3eea34f840 content-encoding br x-envoy-upstream-service-time 7 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id f3f1ea2b-3614-4ad6-bb79-de3eea34f840 server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-5d47c8d44f-qnkzx access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFyETz6h%2B5zGhDi0bAFhN2A52ImphalS92jiAFaXNwr3tvOpEP46e2miqEF%2F2V8seeor%2Bh%2BzPb2PJEfNWMBvZWcAKqcJ7cVptsyXGDSyuh95DpykbaiQs06qiAEUdndKjKwXYzQxYuSkdT3%2B"}],"group":"cf-nel","max_age":604800} cf-ray 89607ca9eb2a0404-FRA access-control-allow-headers *
GET H3	200	counters.gif perf-na1.hsforms.com/embed/v3/	35 B 581 B	141ms 124ms	Image image/gif	104.19.175.188 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 632a73cb-5055-4985-a7a5-5641ec8abcba x-envoy-upstream-service-time 8 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 632a73cb-5055-4985-a7a5-5641ec8abcba last-modified Wed, 19 Jun 2024 03:38:33 GMT server cloudflare vary origin, Accept-Encoding content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-zwbwx access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false accept-ranges bytes x-robots-tag none cf-ray 89607ca98b9f2baf-FRA
GET H2	200	adsct t.co/1/i/	43 B 376 B	296ms 132ms	Image image/gif	93.184.221.165 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=e9da8071-84dd-41a1-aa73-e5043ae1f161&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=1eb53f7d-a8bd-4f52-8248-3acfdfce6dff&tw_document_href=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tw_iframe_status=0&txn_id=o706g&type=javascript&version=2.3.30 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-response-time 103 date Wed, 19 Jun 2024 03:38:33 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id a91125364865341a cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash 021fac51db8085823d840daca52f076a6620268b1618bc1b13c7575c0f27aca5 content-length 43
GET H2	200	adsct analytics.twitter.com/1/i/	43 B 727 B	289ms 126ms	Image image/gif	104.244.42.67 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=e9da8071-84dd-41a1-aa73-e5043ae1f161&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=1eb53f7d-a8bd-4f52-8248-3acfdfce6dff&tw_document_href=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tw_iframe_status=0&txn_id=o706g&type=javascript&version=2.3.30 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.67 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-response-time 102 date Wed, 19 Jun 2024 03:38:33 GMT strict-transport-security max-age=631138519 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id c63b67b66b62632e cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash 1e5af5d259a7f90004a528d353ffbe95af636ed084f91f90485613e9f458e247 content-length 43
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 438 B	336ms 204ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept * Referer https://www.sygnia.co/ sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:34 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 51D70166872344E2BF6F66C4373FCAC8 Ref B: FRAEDGE1917 Ref C: 2024-06-19T03:38:34Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 access-control-allow-origin https://www.sygnia.co x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYbNe7S3ADGOvnTweF2pg==
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 817 B	317ms 200ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2 Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept * Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:34 GMT content-encoding gzip x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 2086D7B2D1B9471EB7445EAB093BCE45 Ref B: DUS30EDGE0919 Ref C: 2024-06-19T03:38:34Z access-control-allow-methods GET, OPTIONS x-li-fabric prod-lor1 access-control-allow-origin * x-cache CONFIG_NOCACHE content-type application/json x-li-proto http/2 x-restli-protocol-version 1.0.0 access-control-allow-headers * x-li-uuid AAYbNe7S0Mhtx1jRiVVYYQ== x-fs-uuid 00061b35eed2d0c86dc758d189555861
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2 https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4003889%26time%3D1718768314053%26url%3Dhttps%253A%252F%252Fwww.sygnia.co%252Fblog... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true&...	0 266 B	326ms 192ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKA9c_OXbeGHgAAAZAukyoRlHM6JnMPCvZD89PcJGHR2gwFbpw-7QD-psFjMG6yWA Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.sygnia.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 19 Jun 2024 03:38:34 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: C192603B416D48B5A8178FA5268A2651 Ref B: FRAEDGE1317 Ref C: 2024-06-19T03:38:35Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAYbNe7hMppZCIopOKuIVw== Redirect headers date Wed, 19 Jun 2024 03:38:34 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 8D65A1DC972F4382A972B909BBDB275B Ref B: FRAEDGE1917 Ref C: 2024-06-19T03:38:34Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718768314053&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKA9c_OXbeGHgAAAZAukyoRlHM6JnMPCvZD89PcJGHR2gwFbpw-7QD-psFjMG6yWA x-li-proto http/2 content-length 0 x-li-uuid AAYbNe7cL6hzGpuI8RW6yw==
GET H2	200	187039095.js Show response bat.bing.com/p/action/	4 KB 2 KB	51ms 49ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/187039095.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 213f888fdda0335db8ba19d530207cfff84a89b4efb1e8dba6b436dccc8db309 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br date Wed, 19 Jun 2024 03:38:33 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 4E59238A6B5E48FEBEB3DAAFB20E2CF9 Ref B: FRA31EDGE0207 Ref C: 2024-06-19T03:38:34Z vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript; charset=utf-8 cache-control private,max-age=60
GET H2	204	0 bat.bing.com/action/	0 288 B	70ms 8ms	Image text/plain	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=187039095&Ver=2&mid=1eaafbea-f05e-4567-af52-048c1ff7c935&sid=679d98e02ded11ef9ccf4f2b23c4fba2&vid=67a200502ded11efa52783f72bfb227e&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=In-Depth%20Analysis%3A%20Velvet%20Ant%27s%20Prolonged%20Cyber%20Attack%20on%20a%20Large%20Organization&p=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&r=&lt=2299&evt=pageLoad&sv=1&rn=498062 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 19 Jun 2024 03:38:34 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: CE844C41571449A2B7B0AF9DE52D8F47 Ref B: FRA31EDGE0207 Ref C: 2024-06-19T03:38:34Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	200 OK	unifiedPixel tr.outbrain.com/	53 B 513 B	477ms 105ms	Ping image/gif	50.31.142.223 SERVERCENTRAL
General Check archive.org Show headers Download Go to Full URL https://tr.outbrain.com/unifiedPixel?optOut=false&bust=0022548267808864653&referrer=&cht=gtm&marketerId=0022184d276f78b50ef9abadeb48eabd8c&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&g=1&obApiVersion=2.0-gtm&obtpVersion=2.0.5 Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 50.31.142.223 Chicago, United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS chi.outbrain.com Software / Resource Hash b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 19 Jun 2024 03:38:34 GMT content-encoding br Strict-Transport-Security max-age=31536000; includeSubDomains; preload Access-Control-Allow-Methods GET, POST Content-Type image/gif; Access-Control-Allow-Origin https://www.sygnia.co Cache-Control no-cache Access-Control-Allow-Credentials true X-TraceId 6b40be6ad7068caf3ea4e5e6a69950d5 Access-Control-Allow-Headers Content-Type, Authorization Content-Length 54
GET H/1.1	200 OK	cachedClickId Show response tr.outbrain.com/	35 B 293 B	479ms 108ms	Script application/javascript	50.31.142.223 SERVERCENTRAL
General Check archive.org Show headers Download Go to Full URL https://tr.outbrain.com/cachedClickId?marketerId=0022184d276f78b50ef9abadeb48eabd8c Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 50.31.142.223 Chicago, United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS chi.outbrain.com Software / Resource Hash 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 19 Jun 2024 03:38:34 GMT content-encoding br Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-TraceId 47b7882a7cef4a3f76c9aaab9b249569 Content-Length 39 Content-Type application/javascript
GET H/1.1	200 OK	0022184d276f78b50ef9abadeb48eabd8c Show response wave.outbrain.com/mtWavesBundler/handler/	2 B 516 B	368ms 107ms	Script text/html	23.52.161.196 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://wave.outbrain.com/mtWavesBundler/handler/0022184d276f78b50ef9abadeb48eabd8c Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.52.161.196 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-52-161-196.deploy.static.akamaitechnologies.com Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Encoding gzip Date Wed, 19 Jun 2024 03:38:34 GMT ob-sent-time 1718700885624 ETag W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8" Vary Accept-Encoding Content-Type text/html; charset=utf-8 Access-Control-Allow-Origin * X-RG EU Cache-Control max-age=60 X-CC DE Connection keep-alive X-TraceId d23b363d63cebe46a29eba122651c2e1 Content-Length 22 Expires Wed, 19 Jun 2024 03:39:34 GMT
GET H/1.1	200 OK	topics Show response amplify.outbrain.com/	26 B 301 B	366ms 114ms	Fetch text/html	23.52.161.196 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://amplify.outbrain.com/topics Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.52.161.196 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-52-161-196.deploy.static.akamaitechnologies.com Software / Resource Hash 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 19 Jun 2024 03:38:34 GMT Observe-Browsing-Topics ?1 Content-Type text/html Access-Control-Allow-Origin * X-RG EU Cache-Control max-age=1200 X-CC DE Connection keep-alive Content-Length 26 Expires Wed, 19 Jun 2024 03:58:34 GMT
GET H2	200	destinations.min.js Show response x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/	0 45 B	340ms 178ms	Script application/javascript	18.158.205.16 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/destinations.min.js Requested by Host: tag.clearbitscripts.com URL: https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-158-205-16.eu-central-1.compute.amazonaws.com Software Clearbit / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:33 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-envoy-response-flags - server Clearbit content-type application/javascript;charset=utf-8 cache-control private, max-age=600 content-length 0
GET H2	200	tracking.min.js Show response x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/	168 KB 45 KB	323ms 161ms	Script application/javascript	18.158.205.16 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tracking.min.js Requested by Host: tag.clearbitscripts.com URL: https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-158-205-16.eu-central-1.compute.amazonaws.com Software Clearbit / Resource Hash 70ab4589cd875991dcba608ed58a37c165dda5645b767690b14587c7444a38d5 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:34 GMT content-encoding gzip x-content-type-options nosniff x-envoy-response-flags - server Clearbit strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control private, max-age=600
GET H2	200	187039095 Show response www.clarity.ms/tag/uet/	828 B 1 KB	362ms 200ms	Script application/x-javascript	2620:1ec:bdf::43 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/tag/uet/187039095?insights=1 Requested by Host: bat.bing.com URL: https://bat.bing.com/p/action/187039095.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::43 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 5ace0f993512030fc331c8f9f8695b28cdd59c4c2e02ff53cedafe8aa0f9ac8f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires -1 date Wed, 19 Jun 2024 03:38:34 GMT x-azure-ref 20240619T033834Z-r1695cb7469pzb8dcu6byrexzn00000008y000000000atxu x-cache CONFIG_NOCACHE content-type application/x-javascript cache-control no-cache, no-store accept-ranges bytes content-length 828 request-context appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
POST H2	200	p Show response app.clearbit.com/v1/	16 B 1 KB	700ms 176ms	XHR application/json	18.158.205.16 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.clearbit.com/v1/p Requested by Host: x.clearbitjs.com URL: https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tracking.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-158-205-16.eu-central-1.compute.amazonaws.com Software Clearbit / Resource Hash c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain Response headers date Wed, 19 Jun 2024 03:38:34 GMT content-encoding gzip x-content-type-options nosniff x-envoy-response-flags - server Clearbit strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding, Origin access-control-max-age 7200 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://www.sygnia.co access-control-expose-headers content-security-policy-report-only default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; access-control-allow-credentials true content-type application/json
GET H2	200	clarity.js Show response www.clarity.ms/s/0.7.34/	61 KB 26 KB	39ms 39ms	Script application/javascript	2620:1ec:bdf::43 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/s/0.7.34/clarity.js Requested by Host: www.clarity.ms URL: https://www.clarity.ms/tag/uet/187039095?insights=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::43 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash fffc6ed23cfeabaaace717503bfabd907816869c8c5ff38a2127b8284e8c5988 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:34 GMT content-encoding br last-modified Thu, 23 May 2024 23:20:12 GMT etag W/"0x8DC7B7EE5574D78" vary Accept-Encoding x-azure-ref 20240619T033834Z-r1695cb7469pzb8dcu6byrexzn00000008y000000000atz6 content-type application/javascript;charset=utf-8 access-control-allow-origin * x-ms-request-id 3592bacd-601e-0050-67c1-b5ec8b000000 cache-control public, max-age=86400 x-cache TCP_HIT x-ms-version 2018-03-28 x-fd-int-roxy-purgeid 51562430
POST H/1.1	204 No Content	collect Show response u.clarity.ms/	0 277 B	315ms 98ms	XHR text/plain	4.227.249.197 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://u.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.34/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 4.227.249.197 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.sygnia.co Date Wed, 19 Jun 2024 03:38:35 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
GET H2	200	__ptq.gif track.hubspot.com/	45 B 749 B	173ms 125ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&t=In-Depth+Analysis%3A+Velvet+Ant%27s+Prolonged+Cyber+Attack+on+a+Large+Organization&cts=1718768315327&vi=df80afb739a0eb704bbacb69255f722a&nc=true&u=147695848.df80afb739a0eb704bbacb69255f722a.1718768315319.1718768315319.1718768315319.1&b=147695848.1.1718768315319&pt=0&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:35 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 1bde650c-b031-439f-86ac-b13f2d2ca460 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 1bde650c-b031-439f-86ac-b13f2d2ca460 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ibCvKrEcT%2BoqKyEVaMoxNvnxEe8K8CnUeKrbm%2F1EIyzKvoFl%2BbsjFVtqWEsOLg7WdFp5lLVkiOp6DpAfm3IYnyidN%2F2AMZlcSxxO7txRLu55zE8xGbLlnWTHh7oSFN2gLAmnF6tdL72r6h168dJ"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-fn8tt x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 89607cb32f769a17-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 748 B	373ms 333ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=1ad9c304-415a-4d9d-ba10-a5145c1db1c3&fci=66a28854-8aec-4388-9d38-5431b8acc37c&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&t=In-Depth+Analysis%3A+Velvet+Ant%27s+Prolonged+Cyber+Attack+on+a+Large+Organization&cts=1718768315328&vi=df80afb739a0eb704bbacb69255f722a&nc=true&u=147695848.df80afb739a0eb704bbacb69255f722a.1718768315319.1718768315319.1718768315319.1&b=147695848.1.1718768315319&pt=0&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:35 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id dadfaf0c-00e2-4216-8b12-5c9565242a1c p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 8 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id dadfaf0c-00e2-4216-8b12-5c9565242a1c server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DuQfRrxBqxYDjo9ev7lf1E5kIc7T0ZVXgCV%2BLuqKVxWq9EoF3thyPvw9z8SBGe1zD0tQZeS9lvx1MfiP4XfrW4RgWLPbD2IE83%2FhXn%2FhnCCuXw9M7ZlGD2cVNKoJaDOT4K1B%2FHhx21kcYosA1Fh6"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-c67ms x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 89607cb32f759a17-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	158ms 123ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=1ad9c304-415a-4d9d-ba10-a5145c1db1c3&fci=28b401ca-b607-4abc-80c0-3004d3286ab0&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&t=In-Depth+Analysis%3A+Velvet+Ant%27s+Prolonged+Cyber+Attack+on+a+Large+Organization&cts=1718768315328&vi=df80afb739a0eb704bbacb69255f722a&nc=true&u=147695848.df80afb739a0eb704bbacb69255f722a.1718768315319.1718768315319.1718768315319.1&b=147695848.1.1718768315319&pt=0&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:35 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id e1d7c09b-ebdf-4ab8-afd6-88f945347063 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e1d7c09b-ebdf-4ab8-afd6-88f945347063 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PUEaGWIBUP%2BAxHdTMBd6n3sSXAElLdQ4B%2FwHl3xwGxo27scp%2FM8Lx7MXjLMs2WDCiOx2emPrKpr%2Bt8r%2BmoPo1i0JA95wV14oHc7RPWXDxLgkQ0nStfm9BwQAAIoOkneJNNaX2Dr1tUn345xDQi%2B3"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-wmbn8 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 89607cb32f729a17-FRA x-robots-tag none
GET H2	200	c.gif c.clarity.ms/ Redirect Chain https://c.clarity.ms/c.gif https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=71A07663B44943F2AD195860560E6122&RedC=c.clarity.ms&MXFR=0B3413E929EC6B4B17A0074A2DEC6534 https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=71A07663B44943F2AD195860560E6122&MUID=1504CAE13A20612D1F23DE423BAB600C	42 B 441 B	32ms 32ms	Image image/gif	68.219.88.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=71A07663B44943F2AD195860560E6122&MUID=1504CAE13A20612D1F23DE423BAB600C Protocol H2 Server 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.sygnia.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers pragma no-cache date Wed, 19 Jun 2024 03:38:35 GMT last-modified Fri, 01 Mar 2024 22:54:48 GMT server Microsoft-IIS/10.0 etag "3e26b762b6cda1:0" x-powered-by ASP.NET content-type image/gif p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" cache-control private, no-cache, proxy-revalidate, no-store accept-ranges bytes content-length 42 Redirect headers pragma no-cache date Wed, 19 Jun 2024 03:38:35 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: B702455722F447AC9197B4CBB911ADB3 Ref B: FRA31EDGE0207 Ref C: 2024-06-19T03:38:35Z x-powered-by ASP.NET x-cache CONFIG_NOCACHE p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" location https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=71A07663B44943F2AD195860560E6122&MUID=1504CAE13A20612D1F23DE423BAB600C cache-control private, no-cache, proxy-revalidate, no-store content-length 0
GET H3	200	favicon.png www.sygnia.co/wp-content/uploads/2023/12/	436 B 683 B	20ms 19ms	Other image/webp	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.sygnia.co/wp-content/uploads/2023/12/favicon.png Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash df445b82b8f1b521ce3fd100a095e0325d352c8b7becbc6f01b224e6094ebe09 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:35 GMT cf-cache-status HIT age 146194 cf-polished origFmt=png, origSize=551 content-disposition inline; filename="favicon.webp" alt-svc h3=":443"; ma=86400 content-length 436 cf-bgj imgq:100,h2pri last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare etag "667006f5-227" vary Accept content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 89607cb30dd84d5e-FRA
GET H3	200	favicon-32x32.png www.sygnia.co/	486 B 737 B	20ms 19ms	Other image/webp	141.193.213.10 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.sygnia.co/favicon-32x32.png Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash b3765ce25bc41a6c1daed0c1f6157ea03e37ed4094bff0a008a9437c1442cfdf Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 03:38:35 GMT cf-cache-status HIT age 140093 cf-polished origFmt=png, origSize=1121 content-disposition inline; filename="favicon-32x32.webp" alt-svc h3=":443"; ma=86400 content-length 486 cf-bgj imgq:100,h2pri last-modified Mon, 17 Jun 2024 09:50:38 GMT server cloudflare etag "667006ee-461" vary Accept content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 89607cb33dfa4d5e-FRA
POST H/1.1	204 No Content	collect Show response u.clarity.ms/	0 277 B	388ms 387ms	XHR text/plain	4.227.249.197 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://u.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.34/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 4.227.249.197 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.sygnia.co Date Wed, 19 Jun 2024 03:38:36 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81