www.sygnia.co Open in urlscan Pro
141.193.213.11  Public Scan

14 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 95

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2 HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4003889%26time%3D1718693563699%26url%3Dhttps%253A%252F%252Fwww.sygnia.co%252Fblog%252Fchina-nexus-threat-group-velvet-ant%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQI2P0s-8tU8-AAAAZAqHo-nbzW0oc1Gftj1Lz1rY_QNARGCFQQqVhSi-FGQstxH

Request Chain 109

• https://c.clarity.ms/c.gif HTTP 302
• https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=D8437ED2F2F44F7D8BE76082D3400329&RedC=c.clarity.ms&MXFR=3CFE148CA1EF661B20E6002EA5EF68FC HTTP 302
• https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D8437ED2F2F44F7D8BE76082D3400329&MUID=2A34B23463F66C6F17EEA696627D6DBD

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
32 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/	261 KB 36 KB	800ms 664ms	Document text/html	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / WP Engine Resource Hash df552840115fdaea86ee7a542b1bc401eceb860b8787debee4b2a69363de9c8d Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control max-age=600, must-revalidate cf-cache-status DYNAMIC cf-ray 89595baaea2f4d73-FRA content-encoding br content-type text/html; charset=UTF-8 date Tue, 18 Jun 2024 06:52:42 GMT link <https://www.sygnia.co/wp-json/>; rel="https://api.w.org/" <https://www.sygnia.co/wp-json/wp/v2/posts/3313>; rel="alternate"; type="application/json" <https://www.sygnia.co/?p=3313>; rel=shortlink server cloudflare vary Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie x-cache HIT: 47 x-cache-group normal x-cacheable SHORT x-powered-by WP Engine
GET H2	200	style.min.css sygnia.b-cdn.net/wp-includes/css/dist/block-library/	111 KB 16 KB	151ms 38ms	Stylesheet text/css	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-includes/css/dist/block-library/style.min.css?ver=0a0d0997e3f8080a81b66a80d65e3dc1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status MISS cdn-edgestorageid 1079 cdn-cachedat 05/21/2024 10:09:02 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:12 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e54-1bae5" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid e2c92b518833605efd7441eca3476ac5 cf-ray 8873c4c0bafa9299-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	style.css sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/	7 KB 3 KB	150ms 38ms	Stylesheet text/css	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/style.css?ver=1718618133 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 37aa2afe642b4f6846d6d2d4c75b35b7d91bc618c3dda33e7a9feef1862de00a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status MISS cdn-edgestorageid 1081 cdn-cachedat 06/07/2024 22:53:28 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 04 Jun 2024 11:43:34 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"665efde6-1bb3" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid bd7ba1203ddb6cf6a69716fc4b1af065 cf-ray 890437e9e88c694b-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	start.css sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/	32 KB 7 KB	161ms 48ms	Stylesheet text/css	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/start.css?ver=1718618133 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash e0f8484362935eb3c7724c5a551611b89f0d22a6c209f4f020fa3e66d1766a81 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1080 age 1911 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:54:47 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6f67-7f2c" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid 43c8e61923637f94e578290583409177 cf-ray 8873ea45880518b3-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	vendor.css sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/	79 KB 14 KB	155ms 42ms	Stylesheet text/css	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/vendor.css?ver=1718618133 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash beb3d3261844647f8ad40783030656786f17ac89edcdf556f2e232bc6ac5656e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status MISS cdn-edgestorageid 1080 cdn-cachedat 05/30/2024 09:04:27 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Thu, 23 May 2024 09:01:13 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664f05d9-13a7a" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid b11f37a8a41991f7ffc0479cda83fefd cf-ray 88bd8e8ab8c09112-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	main.css sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/	387 KB 52 KB	149ms 37ms	Stylesheet text/css	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 5ef1ec86440bd5517d008284eec6c36b8283deda9793276bbf464438f7904cb9 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1081 age 1911 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:54:48 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6f68-60b63" vary Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31536000 cdn-requestid f1d1d4c8149ee7178b5198620543de9b cf-ray 8873ea458f089f24-FRA cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	jquery.min.js Show response sygnia.b-cdn.net/wp-includes/js/jquery/	86 KB 31 KB	25ms 24ms	Script application/javascript	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1079 age 42889 cdn-cachedat 05/24/2024 16:49:06 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 16:10:12 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664cc764-15601" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 6d0308b7830b39f09ae17d25e0f38ec8 cf-ray 888ec6f10fd93737-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	jquery-migrate.min.js Show response sygnia.b-cdn.net/wp-includes/js/jquery/	13 KB 5 KB	25ms 25ms	Script application/javascript	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1079 age 1910 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:11 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e53-3509" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 4bc12e79720aacba7b3ffa7ad1872269 cf-ray 8873ea4589c99731-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H3	200	v2.js Show response js.hsforms.net/forms/embed/	482 KB 156 KB	91ms 69ms	Script application/javascript	104.18.141.119 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/embed/v2.js Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip age 59 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=89595a3ba8e45d99-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"56164b8f5dbcf6e65e555e48d5d6176a" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.5387/bundles/project-v2.js date Tue, 18 Jun 2024 06:52:42 GMT x-amz-version-id mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92 x-content-type-options nosniff cf-cache-status HIT via 1.1 c0b0d7167cc2eb52d8d154aa7fc03a0a.cloudfront.net (CloudFront) nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 53234b63-53aa-4848-b20c-b86b9af8007e x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 53234b63-53aa-4848-b20c-b86b9af8007e last-modified Thu, 06 Jun 2024 13:36:59 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2bfbF%2B88zH%2F2ZfIe0L%2F4rqFXvXI61Zkhs13R04%2BFzuh91XnQqzunk05nZT3fZV8h6bM4qVcFo10Y%2FvUbp5c1jZbO%2FtNFu4UaVRpKc8DmN5GsNX9agwwYZlNOlZZ3bH7A"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-r5jtt cf-ray 89595baeee875d84-FRA x-amz-cf-id KGBbZ31OHcyBuo9czpetnwFM1dKjtTebqezmvhofZ6I_9KW7uXnJng==
GET H2	200	8776530.js Show response js.hs-scripts.com/	2 KB 1 KB	362ms 311ms	Script application/javascript	2606:4700::6810:8cd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/8776530.js Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5c4167838687b76e90c4719629a71441bad3e12a0f6d4e0469003332a75d8e78 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 5de02fdf-afb0-4627-8faa-aa9dfa3b7f72 x-envoy-upstream-service-time 37 content-length 633 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 5de02fdf-afb0-4627-8faa-aa9dfa3b7f72 last-modified Tue, 18 Jun 2024 06:50:23 GMT server cloudflare vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-5d47c8d44f-j8hrk access-control-allow-credentials true cache-control public, max-age=90 accept-ranges bytes cf-ray 89595bb0fcbb4d43-FRA expires Tue, 18 Jun 2024 06:54:13 GMT
GET H3	200	main_logo.svg www.sygnia.co/wp-content/uploads/2024/01/	2 KB 1 KB	35ms 34ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/01/main_logo.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 6d635cb5df71d3b41ecf01e08f469d63957b1f4eaa39944e9787e0a267ae22c9 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 53454 etag W/"667006f5-6c1" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595baebfcf4d73-FRA alt-svc h3=":443"; ma=86400
GET H3	200	icon_info.svg www.sygnia.co/wp-content/uploads/2024/01/	274 B 404 B	39ms 39ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/01/icon_info.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 482bfcc25fc36b5ca7cfdbb76380da0a6df7000a0c238edfaa82b1dfaa0d8526 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 72008 etag W/"667006f5-112" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595bb10b174d73-FRA alt-svc h3=":443"; ma=86400
GET H3	200	share_item_facebook.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	284 B 434 B	35ms 34ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_facebook.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ab45f33a794552f8e14ae66eaf6af4ba0bd9f1cc02896012ff4968fad5a9713b Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 71517 etag W/"667006f5-11c" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595bb13b6c4d73-FRA alt-svc h3=":443"; ma=86400
GET H3	200	share_item_x.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	321 B 452 B	41ms 39ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_x.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 5bf0b35b5dce9e77690dafd5e5ea233b31e02101cc6a73f5d0416ac114792e35 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 71516 etag W/"667006f5-141" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595bb13b6f4d73-FRA alt-svc h3=":443"; ma=86400
GET H3	200	share_item_linkedin.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	516 B 539 B	38ms 36ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_linkedin.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 88934ea7e6d53babd8bae2f0d386a9a8f40104b1fdd9c52e7a62cfe15bb47b63 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 71516 etag W/"667006f5-204" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595bb13b714d73-FRA alt-svc h3=":443"; ma=86400
GET H3	200	share_item_mail.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	319 B 438 B	39ms 38ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_mail.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash da53520a115493051abcf091908a7515afea76d2c9a707a0493f2021cafd20a3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 68615 etag W/"667006f5-13f" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595bb13b744d73-FRA alt-svc h3=":443"; ma=86400
GET H3	200	article_card_lines_decor.svg www.sygnia.co/wp-content/themes/sygnia-theme/images/	5 KB 901 B	44ms 44ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/themes/sygnia-theme/images/article_card_lines_decor.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 03f49a978258eb1f89518f68f6ece0bdf3dde0344349569ee8817b36e7189876 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:42 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare age 71235 etag W/"667006f5-12a6" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595baf38a74d73-FRA alt-svc h3=":443"; ma=86400
GET H3	200	social_linkedin_white.svg www.sygnia.co/wp-content/uploads/2024/05/	530 B 549 B	42ms 40ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/05/social_linkedin_white.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash fb6783e593b49bb9261e7639dea5b37b3bbe225c4b3827310940ce752b3b6add Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:41 GMT server cloudflare age 75473 etag W/"667006f1-212" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595bb13b754d73-FRA alt-svc h3=":443"; ma=86400
GET H3	200	social_x_white.svg www.sygnia.co/wp-content/uploads/2024/05/	346 B 466 B	44ms 43ms	Image image/svg+xml	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/05/social_x_white.svg Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 60951d4152b680cf26897b16cf061939b15b33e76066bdaea8a8398703ee5d19 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT last-modified Mon, 17 Jun 2024 09:50:41 GMT server cloudflare age 49626 etag W/"667006f1-15a" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 89595bb13b764d73-FRA alt-svc h3=":443"; ma=86400
GET H2	200	jquery.selectric.min.js Show response sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/	14 KB 5 KB	69ms 67ms	Script application/javascript	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/jquery.selectric.min.js?ver=1.0.90 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 570131c06e2b9e41ab9917ab39ecb6bbb063c2433abbaff89ea3335c7bd7d5ee Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1079 age 1910 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e5a-384b" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 3e02bf09043996ca61fe182d04abd0a1 cf-ray 8873ea458e6237fb-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	jquery.mCustomScrollbar.concat.min.js Show response sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/	39 KB 12 KB	67ms 65ms	Script application/javascript	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/jquery.mCustomScrollbar.concat.min.js?ver=1.0.90 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 3ac859f905d1e38eed93ebb76953499f9078693adfeb41668915a47e4acebb1e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1079 age 1910 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e5a-9cae" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid d415ec97bec5554feddd657ae3551d71 cf-ray 8873ea458c2d71a9-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	lazyload.min.js Show response sygnia.b-cdn.net/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/	9 KB 4 KB	68ms 67ms	Script application/javascript	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status HIT cdn-edgestorageid 1081 age 372013 cdn-cachedat 05/26/2024 01:03:21 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 16:10:21 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664cc76d-22bc" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid f81cbd5497ab89a87acb29c8292159ad cf-ray 8899d8514d909bbc-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	js Show response www.googletagmanager.com/gtag/	331 KB 108 KB	110ms 59ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 005bedeca2bb32c3a1017c7a7c9694578effecba207ad460051a1df64a73cdf7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 109793 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 18 Jun 2024 06:52:43 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	334 KB 108 KB	133ms 83ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash d64eccbf2d85aba586f3f0db83a96073db5ca0a62daf2db492ff8d1ded51091c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 110382 x-xss-protection 0 last-modified Tue, 18 Jun 2024 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 18 Jun 2024 06:52:43 GMT
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash acfaaf62bff0119246c65258ed4eddfff3758441c562b3726627e377d6939118 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 50410fbc6131cebfceefaa33c1c9e04417e2a1f022a13dbb23486a39b3ad23e1 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 20b45d5bce36aad5a15e7764f5e2fb5375e9402bfc1982c121b499335805ca8e Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ee5c739681588a99eef62fe74b53f6f7951b494df59469bc806199a2c36b8cd Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 13420e2ab328e317e36049945692f0350cc1740f32059f7e891784e97190877c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 440f605d063e19f1e06baeb6a34d17963626c11c4b3e6c377908e45c4e5238ed Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1c5d931117615c91d0f3f4b65ec87c68647a30a358dddfe5d6ab46f4b0bac939 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9466705eb27c2bd68a0ad061508b1c064ea7307079c4f497a7c6a152715933e8 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fcef787036dbfef77ad9a0303a91850376867e85d1de02d4200026db785a6988 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 36eff6bf944482ce474b49e5245507f65edf49455fda377c762d09b639fe62a6 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4cd44939e2a40d2edf57d2c2c5fad51d26aecddbb2a14cbf288ebea6cfeecfc5 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0d4d3a229240ee2f7f12e1286b6f7759df6228f1942d1b3debda6349ef1f90fc Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0fc0b91f46e1c00dd3bc09f13bda3ba51f0887c1d607f024a03e9a51e79e8c74 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 59aae364c9b619b7493674b87d266f058349bf4c6ac8ae78c90c3b192b8e5177 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d540e7278f54d50e5b78445c8f31034e81d1a3abe4ab98cf23f31cfb9babf670 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fe175078011d8981c15d5be839df9fccb7c4d8640bb6d9e495cd23d6e5e32cb3 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c5580d46d80a0fc3b81e22b5f7c82a42435c04d5b7817586034145a22798c44c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 393dbca9f5658eaf4859e39a8ee1fc05b1e0f653a8ae92db8ff50e5c234eab0a Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 39c5b9da29291f6b37c7e9428f2de883301f85f5e9cbfce66712875fb7c45d7a Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	253 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8746996314732452443328c9005778a65f59fb3ce23886256f4ce5cc826f36cf Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	685 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6363e009d5233d3a07b75315cea4838f87d86cedef07bc9e7b2fe80b4b6707f3 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	248 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a6d94bba3091f01e612c8a679efbb3eb688b7d20da216fa254a92cecd6572865 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	250 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 04ecc921a16e8836f1479f6b04e16114c1273410eda3be11428581d344afbfdd Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	article_card_lines_decor_huge.svg sygnia.b-cdn.net/wp-content/themes/sygnia-theme/images/	5 KB 1 KB	57ms 57ms	Image image/svg+xml	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Show image Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/images/article_card_lines_decor_huge.svg Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash b9859c9773072556f0e8de582865e66fc2ee3a01853385e9b44c3e3a1fa652ef Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br cf-cache-status MISS cdn-edgestorageid 1080 cdn-cachedat 05/21/2024 10:35:35 cdn-pullzone 2091526 alt-svc h3=":443" last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"664c6e5a-1268" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 55d8f010230557fbb0199c55e39c9aa2 cf-ray 8873eba92cafa01c-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Medium.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	97 KB 98 KB	114ms 82ms	Font application/octet-stream	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Medium.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 5d47d588556711a601728fc8a6d02c6b4fe8069210b411d2408359fee9a2ed6f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT cf-cache-status HIT cdn-edgestorageid 1080 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 99492 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-184a4" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 33f002c5ddaffc9e2dffef4f289f81f0 accept-ranges bytes cf-ray 8873ea488dac2be2-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFAlternateGothic-Medium.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	132 KB 133 KB	90ms 58ms	Font application/octet-stream	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFAlternateGothic-Medium.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 7d3d1b5a7db60fd338b0765356fd2813d0d6d9600639845d645c49e2c61e5bf8 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT cf-cache-status MISS cdn-edgestorageid 1081 cdn-cachedat 05/21/2024 10:35:35 cdn-pullzone 2091526 alt-svc h3=":443" content-length 135264 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-21060" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 921b2a9b752983e5cf557570b1e10b31 accept-ranges bytes cf-ray 8873eba93f619a17-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Regular.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	94 KB 94 KB	114ms 82ms	Font application/octet-stream	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Regular.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash d893fa560a64242185cfccd40f02e2267432daab306ca89dc8e4176b62d9cf3d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT cf-cache-status HIT cdn-edgestorageid 1082 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 96116 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-17774" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid ab44cf72ce2db25fc6291d4532cfc433 accept-ranges bytes cf-ray 8873ea48adf6373a-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Light.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	94 KB 94 KB	114ms 83ms	Font application/octet-stream	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Light.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 6db159af02a213a7d4058f5ffe508392ca8d46478f1ded5a446ef9a0226fe52f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT cf-cache-status HIT cdn-edgestorageid 1080 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 96140 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-1778c" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 1c154caa9a87d7937299f9dcef57bac2 accept-ranges bytes cf-ray 8873ea488ba618b3-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Heavy.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	102 KB 103 KB	114ms 82ms	Font application/octet-stream	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Heavy.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash cc2b240009df1ede0c3884229e7e7d14a04752dca62910c215f871188b1c91f0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT cf-cache-status HIT cdn-edgestorageid 1080 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 104484 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-19824" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid ed538ca5640b2328e194b58cc9effc6d accept-ranges bytes cf-ray 8873ea489994a01c-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ATFFranklinGothic-Bold.otf sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/	100 KB 100 KB	114ms 83ms	Font application/octet-stream	2400:52e0:1e00::1081:1 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Bold.otf Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software BunnyCDN-DE1-1081 / Resource Hash 9d205ce526929a67b4b7f36717fd842e28b560d1837d46a552a55988f13fe898 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1718618133 Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT cf-cache-status HIT cdn-edgestorageid 1080 age 530 cdn-cachedat 05/21/2024 10:34:38 cdn-pullzone 2091526 alt-svc h3=":443" content-length 102192 last-modified Tue, 21 May 2024 09:50:18 GMT server BunnyCDN-DE1-1081 cdn-proxyver 1.04 cdn-requestpullcode 200 etag "664c6e5a-18f30" content-type application/octet-stream access-control-allow-origin * cdn-cache HIT cdn-uid c737fb98-f208-4fd9-aceb-be987d849faa cache-control public, max-age=31536000 cdn-requestid 8a80ccd81018429d0c212b0259c456fb accept-ranges bytes cf-ray 8873ea4898481d96-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7aa22f1345830677872990b5c195b73f0c11cb69ec8d50481fb5f51a486775dc Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 23af52792bbf8dbb7290f297ff42ba6c1ced9c38072b1b71aaef087351596743 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ba9362bb0507b75f49c317210043a33ab2eccf279aae9dd99315328c936cbf2c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	64 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	250 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash aefdd073a5a00a2b6959db7818278d0fdef8f0ef5d65312542de0d5bd32ca0f7 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	250 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ea5fb260d4b5370cf7050e2e921c6a1bd6117d4ae54058649b803177fb6bcd9 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	255 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 65f8b1c674f201983d6930f4670a451f2677db1f2352921ea3ec16d2a00c5d7e Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	243 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0c9d2afbb789c07d465dddd42752f23d3c74c414f2baa27bc5193bbfdd6f6596 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	jquery.mousewheel.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/	3 KB 2 KB	158ms 49ms	Script application/javascript	104.17.25.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js Requested by Host: sygnia.b-cdn.net URL: https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 131202 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 1046 last-modified Mon, 04 May 2020 16:11:46 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec2-ad3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iElMs%2Fg1OomjSt%2FNTcqGx41FQrry%2BfYoWRWJKYWL54HwlLHlkes0zDG3epw2PP1yVOXn6HR9iQfgYKLM4OrSQtNpkqSXqcgFOPsQCh3o1EyI8x6WuGBmVTmzgLsl8H6aKIE8lbYB"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 89595bb28de65d72-FRA expires Sun, 08 Jun 2025 06:52:43 GMT
GET H3	200	json Show response forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/	2 KB 2 KB	174ms 143ms	XHR application/json	104.18.80.204 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a71a17dbc99aa1966e5a27e685b4a13f7702e733798dd79de9a477b522520b0a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/json, text/plain, */* Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-origin-hublet na1 date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 97f5e39e-ed10-4fd4-a36f-b42f7b5202b7 x-envoy-upstream-service-time 12 alt-svc h3=":443"; ma=86400 content-length 1129 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 97f5e39e-ed10-4fd4-a36f-b42f7b5202b7 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * cf-ray 89595bb219de4d3a-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-q4fbt
GET H3	200	json Show response forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/	2 KB 2 KB	325ms 150ms	XHR application/json	104.18.80.204 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3038cbdd2d9d3a9a74cbed48263bb21c8303641d3be4205b91be6d24219f171b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/json, text/plain, */* Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-origin-hublet na1 date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id b79567b5-841a-409f-addd-c56af75c4b7e x-envoy-upstream-service-time 25 alt-svc h3=":443"; ma=86400 content-length 1128 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b79567b5-841a-409f-addd-c56af75c4b7e server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * cf-ray 89595bb30adf4d3a-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-fnshr
GET H3	200	Malware-2.png.webp www.sygnia.co/wp-content/uploads/2024/06/	117 KB 118 KB	36ms 35ms	Image image/webp	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.sygnia.co/wp-content/uploads/2024/06/Malware-2.png.webp Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c8d40e0175b81f1c7aaccd9bef47170e06cf8ab80af2879782f130a0e3206363 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT cf-cache-status HIT last-modified Mon, 17 Jun 2024 11:06:18 GMT server cloudflare age 58446 etag "667018aa-1d552" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 89595bb22c7e4d73-FRA alt-svc h3=":443"; ma=86400 content-length 120146
POST H2	204	collect region1.analytics.google.com/g/	0 244 B	59ms 18ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-3XBPCMRFD6&gtm=45je46c0v9100139776za200&_p=1718693563062&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=445017212.1718693563&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.61%7CGoogle%2520Chrome%3B126.0.6478.61&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718693563&sct=1&seg=0&dl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&dt=In-Depth%20Analysis%3A%20Velvet%20Ant%27s%20Prolonged%20Cyber%20Attack%20on%20a%20Large%20Organization&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1487&_z=sendBeacon Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 18 Jun 2024 06:52:43 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.sygnia.co cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 253 B	78ms 22ms	Ping text/plain	2a00:1450:400c:c06::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3XBPCMRFD6&cid=445017212.1718693563&gtm=45je46c0v9100139776za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 18 Jun 2024 06:52:43 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.sygnia.co cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	53ms 26ms	Image image/gif	142.250.185.67 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3XBPCMRFD6&cid=445017212.1718693563&gtm=45je46c0v9100139776za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1292627174 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.67 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Tue, 18 Jun 2024 06:52:43 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 886 B	258ms 230ms	Image image/gif	104.18.80.204 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d51ae6bd-28f7-4b77-b64a-6b6692f55b0f x-envoy-upstream-service-time 17 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d51ae6bd-28f7-4b77-b64a-6b6692f55b0f server cloudflare vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-cndcx access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 89595bb39adb365b-FRA
POST H3	200	collect www.google.com/ccm/	0 0	140ms 76ms	Ping text/html	216.58.206.68 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&frm=0&rnd=2071381783.1718693563&auid=1141919679.1718693563&npa=1&gtm=45He46c0v852649347za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&tft=1718693563448&tfd=1592&apve=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H3 Security QUIC, , AES_128_GCM Server 216.58.206.68 , United States, ASN15169 (GOOGLE, US), Reverse DNS tzfraa-aa-in-f4.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers
GET H2	200	js Show response www.googletagmanager.com/gtag/	261 KB 90 KB	62ms 43ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10796050850&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 4d50e0ccf29fb5e2882aa5a1220f97dd99c23196e9276d0d3b3f204c54332dea Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 92389 x-xss-protection 0 last-modified Tue, 18 Jun 2024 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 18 Jun 2024 06:52:43 GMT
GET H2	200	destination Show response www.googletagmanager.com/gtag/	261 KB 90 KB	67ms 50ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-10796050850&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 746a61de34a82f4cf8d51d8a2c30342b9d41ee3f1ac216057e0eec60a8777346 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 92376 x-xss-protection 0 last-modified Tue, 18 Jun 2024 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 18 Jun 2024 06:52:43 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	47 KB 17 KB	142ms 41ms	Script application/javascript	2a02:26f0:3100::1735:2823 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2823 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 20 May 2024 16:52:20 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=57992 accept-ranges bytes content-length 16683
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	106ms 21ms	Script application/javascript	146.75.120.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip last-modified Fri, 22 Mar 2024 21:07:24 GMT x-amz-server-side-encryption AES256 etag "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15412 x-served-by cache-iad-kiad7000168-IAD, cache-fra-etou8220039-FRA
GET H/1.1	200 OK	obtp.js Show response amplify.outbrain.com/cp/	28 KB 9 KB	107ms 22ms	Script application/x-javascript	23.35.237.86 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://amplify.outbrain.com/cp/obtp.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-35-237-86.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 7f1f57bf681ed9287179c0f2c6e5a893b52df464cd8f96c464b8839adc6350ac Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 18 Jun 2024 06:52:43 GMT Content-Encoding gzip Last-Modified Sun, 09 Jun 2024 11:13:04 GMT Server AkamaiNetStorage ETag "ad6b2d179ef6c3d28edf15bb7a95213b:1717931860.970344" Vary Accept-Encoding Content-Type application/x-javascript X-RG EU Cache-Control max-age=1200 X-CC DE Connection keep-alive Accept-Ranges bytes Content-Length 8573 Expires Tue, 18 Jun 2024 07:12:43 GMT
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	139ms 54ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Tue, 18 Jun 2024 06:52:42 GMT last-modified Thu, 29 Feb 2024 19:58:06 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 411CF715785B41EF9F587EAAE59EDF8C Ref B: FRA31EDGE0522 Ref C: 2024-06-18T06:52:43Z etag "01b4e9c496bda1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13261
GET H2	200	tags.js Show response tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/	2 KB 1 KB	268ms 183ms	Script application/javascript	2600:9000:2670:7e00:7:d7d6:3c40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2670:7e00:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Clearbit / Resource Hash 26289e926f95ac9932d88178c690daf5df8af203ffa3b982657e35b3f72d71ab Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-content-type-options nosniff x-envoy-response-flags - via 1.1 827d4b9f3280fc9410e1e1ce54fbedda.cloudfront.net (CloudFront) server Clearbit strict-transport-security max-age=63072000; includeSubDomains; preload x-amz-cf-pop FRA56-P9 etag W/"9a419a5608a8efc4f0736c99a790fcb8" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript;charset=utf-8 cache-control private, max-age=600 x-amz-cf-id zUlvlzO2OXDErBD61BxAIjRQRbUTeriZ__xTVjCsO381U0SULQAcLw==
GET H2	200	8776530.js Show response js.hs-analytics.net/analytics/1718693400000/	67 KB 24 KB	101ms 31ms	Script text/javascript	2606:4700::6810:a0a8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1718693400000/8776530.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/8776530.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5b3c542396dff8231c7cc4f46bf67aad962b55decd65f563b33409cff3871fa7 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT x-amz-version-id null content-encoding gzip cf-cache-status HIT x-amz-request-id BJ4JYNWGHR1GXK4R x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id fc7b0034-515d-423b-8cdd-e2dc226973b1 age 140 x-envoy-upstream-service-time 24 x-amz-id-2 aB66aMUx2Y/zY+n8eLF/EOHT35g5uK7EwukkKJxalSEbqkFC9oqMfjHSWanNvWvTOhoRY422rWI= x-evy-trace-listener listener_https x-request-id fc7b0034-515d-423b-8cdd-e2dc226973b1 x-evy-trace-route-configuration listener_https/all last-modified Fri, 14 Jun 2024 13:01:07 GMT server cloudflare etag W/"f18eae7233dcb208f542ca0bf4ff2c08" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-q4rbs cache-control max-age=300,public access-control-allow-credentials false cf-ray 89595bb459829299-FRA expires Tue, 18 Jun 2024 06:55:23 GMT
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 4 KB	117ms 47ms	Script application/javascript	2606:4700::6811:df98 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/8776530.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 47d1036cdfb7fa765e45f0f3d193baadcd53005e95a2f9bf7b531ebfbf41ea2f Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT x-amz-version-id tGbAtiolnAFnleIlWBGAzvQOiFsm5cIW content-encoding gzip x-content-type-options nosniff via 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 162 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.563/bundles/pixels-release.js&cfRay=895957bc9dde18ff-FRA x-cache Hit from cloudfront x-hubspot-correlation-id caefe514-ee41-46fd-abe0-ea3f40f1369a cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id caefe514-ee41-46fd-abe0-ea3f40f1369a last-modified Thu, 30 May 2024 14:14:49 UTC server cloudflare etag W/"7f1cb0f6264fd05edb4cc0ec6a9bc096" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-w988t cf-ray 89595bb458ed8fd0-FRA x-amz-cf-id d3pm6JN4ZJnM65B2uGrZR3t4gWyyC-fdYp754JSbZpSBOczkJSBdrQ== x-hs-target-asset adsscriptloaderstatic/static-1.563/bundles/pixels-release.js
GET H2	200	web-interactives-embed.js Show response js.hubspot.com/	82 KB 24 KB	119ms 49ms	Script application/javascript	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hubspot.com/web-interactives-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/8776530.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2a89c8b374ed1c8906af70baa4a0f75993a4a43aa7545786598cf820e4d02517 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Origin https://www.sygnia.co Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip age 528 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1183/bundles/project.js&cfRay=89594ed12b0c65ad-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"71d30408e8a4394bc3200e642ab7802d" vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.1183/bundles/project.js date Tue, 18 Jun 2024 06:52:43 GMT x-amz-version-id c.dt9hh6keM4m12BcMYa6Rr6MpVATgRK x-content-type-options nosniff cf-cache-status HIT via 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront) nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 4d8ab69f-e09e-4df9-8328-84d8c677c99d x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 8 x-evy-trace-route-configuration listener_https/all x-request-id 4d8ab69f-e09e-4df9-8328-84d8c677c99d last-modified Thu, 13 Jun 2024 15:47:04 UTC server cloudflare access-control-max-age 3000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKw2tAToXzetwgMd8WMysNOGpU2bMrlYXbySaBKI4SV0lM6UqkjByenaAARpH4rRsfraLIs%2F4zetiY%2FJGvxTpUOCv3ywySvFRIwTb23i9OEUVe5OBR356uqn8dcmVos6TzGfINW1eRnZ07EY"}],"group":"cf-nel","max_age":604800} x-hs-cache-status MISS x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-r5jtt cf-ray 89595bb45cc8363e-FRA x-amz-cf-id EKvzYlZDlzAqf9zhkVIdGpNRVlAu0WAVglWOsE9aRhWnrui-OtJx-Q==
GET H2	200	8776530.js Show response js.hs-banner.com/	62 KB 19 KB	108ms 45ms	Script text/javascript	2606:4700:4400::ac40:991b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/8776530.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/8776530.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c68393226d3633049135829ab9caba1bdbae820130979d2a7d6a452c4857a68a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT x-amz-version-id cKOjOKHy0gkD3vnvadsggOelDxgHEFKW content-encoding gzip cf-cache-status HIT x-amz-request-id 8YX7RFFYXFD2N14H x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 73cbf809-b313-4bf2-a85b-0ef176c07140 age 140 x-envoy-upstream-service-time 27 x-amz-id-2 JzP3w5xjXdAAdHZlXrKJqfgzD6HXgBX8gvbkKNKyNltcmnWVsAHjziGWBbE1Y9gye6CG60VNLis= x-evy-trace-listener listener_https x-request-id 73cbf809-b313-4bf2-a85b-0ef176c07140 x-evy-trace-route-configuration listener_https/all last-modified Fri, 14 Jun 2024 13:01:06 GMT server cloudflare etag W/"2b29ebca7a42fcdc3b13bb1d1998bff9" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-qr8zh vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 89595bb51f063687-FRA expires Tue, 18 Jun 2024 06:55:23 GMT
GET DATA	200 OK	truncated /	246 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d7780e9c2bb62d651ef56f3d7800e3ef686e424c0c27d9cead2e15b075d28174 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 850 B	137ms 123ms	Image image/gif	104.18.80.204 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id e3f7faf1-11b4-418e-969e-ead098094f47 x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e3f7faf1-11b4-418e-969e-ead098094f47 server cloudflare vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-zwbwx access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 89595bb4cc78365b-FRA
GET H3	200	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 846 B	195ms 141ms	Image image/gif	104.18.80.204 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id b4e25933-98a8-4983-9ce2-3e9cc00a326f x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b4e25933-98a8-4983-9ce2-3e9cc00a326f server cloudflare vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-mtbpb access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 89595bb51ce6365b-FRA
GET H2	200	adsct t.co/1/i/	43 B 376 B	275ms 209ms	Image image/gif	93.184.221.165 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=9ac742f2-bf01-4615-a50d-670db2841ec5&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=0f65980e-6f4d-4f6e-9b24-9275c6dd3949&tw_document_href=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tw_iframe_status=0&txn_id=o706g&type=javascript&version=2.3.30 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-response-time 187 date Tue, 18 Jun 2024 06:52:42 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 3e8e2eec5104ba2c cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash e49e8450bcf189015857db06fc3b6c2e8a73c646247804007bc12a87aee4e10e content-length 43
GET H2	200	adsct analytics.twitter.com/1/i/	43 B 727 B	270ms 221ms	Image image/gif	104.244.42.131 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=9ac742f2-bf01-4615-a50d-670db2841ec5&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=0f65980e-6f4d-4f6e-9b24-9275c6dd3949&tw_document_href=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tw_iframe_status=0&txn_id=o706g&type=javascript&version=2.3.30 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.131 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-response-time 197 date Tue, 18 Jun 2024 06:52:43 GMT strict-transport-security max-age=631138519 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id e08db549e7fe0d48 cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash e1d487c0c21a8df6ed0726b466d0d7adc9e80e140e8123524d6824ef3786c6c3 content-length 43
POST H/1.1	200 OK	unifiedPixel tr.outbrain.com/	53 B 513 B	476ms 115ms	Ping image/gif	64.74.236.63 AS-OUTBRAIN
General Check archive.org Show headers Download Go to Full URL https://tr.outbrain.com/unifiedPixel?optOut=false&bust=024533066879931997&referrer=&cht=gtm&marketerId=0022184d276f78b50ef9abadeb48eabd8c&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&g=1&obApiVersion=2.0-gtm&obtpVersion=2.0.5 Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.74.236.63 , United States, ASN22075 (AS-OUTBRAIN, US), Reverse DNS chi.outbrain.com Software / Resource Hash b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 18 Jun 2024 06:52:44 GMT content-encoding br Strict-Transport-Security max-age=31536000; includeSubDomains; preload Access-Control-Allow-Methods GET, POST Content-Type image/gif; Access-Control-Allow-Origin https://www.sygnia.co Cache-Control no-cache Access-Control-Allow-Credentials true X-TraceId 2175a3196c5d880269117fe2e0f95747 Access-Control-Allow-Headers Content-Type, Authorization Content-Length 54
GET H/1.1	200 OK	cachedClickId Show response tr.outbrain.com/	35 B 293 B	463ms 112ms	Script application/javascript	64.74.236.63 AS-OUTBRAIN
General Check archive.org Show headers Download Go to Full URL https://tr.outbrain.com/cachedClickId?marketerId=0022184d276f78b50ef9abadeb48eabd8c Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.74.236.63 , United States, ASN22075 (AS-OUTBRAIN, US), Reverse DNS chi.outbrain.com Software / Resource Hash 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 18 Jun 2024 06:52:44 GMT content-encoding br Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-TraceId 24bcf5fcf4f0f44c4bbf55aa291d6b47 Content-Length 39 Content-Type application/javascript
GET H/1.1	200 OK	0022184d276f78b50ef9abadeb48eabd8c Show response wave.outbrain.com/mtWavesBundler/handler/	2 B 516 B	73ms 12ms	Script text/html	23.35.237.86 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://wave.outbrain.com/mtWavesBundler/handler/0022184d276f78b50ef9abadeb48eabd8c Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-35-237-86.deploy.static.akamaitechnologies.com Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Encoding gzip Date Tue, 18 Jun 2024 06:52:43 GMT ob-sent-time 1718678446302 ETag W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8" Vary Accept-Encoding Content-Type text/html; charset=utf-8 Access-Control-Allow-Origin * X-RG EU Cache-Control max-age=60 X-CC DE Connection keep-alive X-TraceId ed3dfefebc58c846227e2e5b3103ae1e Content-Length 22 Expires Tue, 18 Jun 2024 06:53:43 GMT
GET H/1.1	200 OK	topics Show response amplify.outbrain.com/	26 B 301 B	63ms 9ms	Fetch text/html	23.35.237.86 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://amplify.outbrain.com/topics Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-35-237-86.deploy.static.akamaitechnologies.com Software / Resource Hash 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 18 Jun 2024 06:52:43 GMT Observe-Browsing-Topics ?1 Content-Type text/html Access-Control-Allow-Origin * X-RG EU Cache-Control max-age=1200 X-CC DE Connection keep-alive Content-Length 26 Expires Tue, 18 Jun 2024 07:12:43 GMT
GET H2	200	combinedConfigs Show response cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/	61 B 1012 B	143ms 134ms	Fetch application/json	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=8776530&currentUrl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F Requested by Host: js.hubspot.com URL: https://js.hubspot.com/web-interactives-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id e55ed283-c001-412c-a361-198a98443ae1 content-encoding br x-envoy-upstream-service-time 7 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e55ed283-c001-412c-a361-198a98443ae1 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jutsyy75aGcxj63pMNjdgEuGhm22hB2s9ga9k3BOd%2BQEBz3MGzxjZN%2FDvIHG3cyOgJBPZbZ9MT6bfGGEI4t2scAvvTWUHJUE8Oh0RvCWiUCN8bnW0CsXI5j4ewGjiPVz0EhEbZnzzTL6EK4MLk%2FPajwhmSpKcqaH6Iw%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 89595bb52ddf363e-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-mtbpb
GET H2	200	187039095.js Show response bat.bing.com/p/action/	4 KB 2 KB	51ms 50ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/187039095.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 213f888fdda0335db8ba19d530207cfff84a89b4efb1e8dba6b436dccc8db309 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br date Tue, 18 Jun 2024 06:52:42 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: C1949BF733454950A31EB339706257C1 Ref B: FRA31EDGE0522 Ref C: 2024-06-18T06:52:43Z vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript; charset=utf-8 cache-control private,max-age=60
GET H2	204	0 bat.bing.com/action/	0 287 B	62ms 61ms	Image text/plain	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=187039095&Ver=2&mid=401a8375-7b12-4e27-a9b8-eb242e6cd542&sid=5ceb55d02d3f11efa9eba786ac920666&vid=5ceb7da02d3f11ef95745167e8c90196&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=In-Depth%20Analysis%3A%20Velvet%20Ant%27s%20Prolonged%20Cyber%20Attack%20on%20a%20Large%20Organization&p=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&r=&lt=1322&evt=pageLoad&sv=1&rn=816711 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Tue, 18 Jun 2024 06:52:42 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: B50D4AC5B9C84499BD0B741808171824 Ref B: FRA31EDGE0522 Ref C: 2024-06-18T06:52:43Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 616 B	258ms 202ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept * Referer https://www.sygnia.co/ sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 9645882E6EA04944A51572444C5D0CAE Ref B: FRAEDGE1321 Ref C: 2024-06-18T06:52:43Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 access-control-allow-origin https://www.sygnia.co x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYbJIdZz2JMj0b3Klcd2A==
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 814 B	518ms 468ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2 Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept * Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 6485A96551814D11A7F69A188B8A7AA7 Ref B: DUS30EDGE0308 Ref C: 2024-06-18T06:52:43Z access-control-allow-methods GET, OPTIONS x-li-fabric prod-ltx1 access-control-allow-origin * x-cache CONFIG_NOCACHE content-type application/json x-li-proto http/2 x-restli-protocol-version 1.0.0 access-control-allow-headers * x-li-uuid AAYbJIddxYKEhybPZZ3U7w== x-fs-uuid 00061b24875dc582848726cf659dd4ef
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2 https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4003889%26time%3D1718693563699%26url%3Dhttps%253A%252F%252Fwww.sygnia.co%252Fblog... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true&...	0 266 B	342ms 191ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQI2P0s-8tU8-AAAAZAqHo-nbzW0oc1Gftj1Lz1rY_QNARGCFQQqVhSi-FGQstxH Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.sygnia.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 18 Jun 2024 06:52:44 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: CF86A291C1484312A3792B83AA776B30 Ref B: DUS30EDGE0822 Ref C: 2024-06-18T06:52:44Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAYbJIdmURqWmg0mJ5PKgw== Redirect headers date Tue, 18 Jun 2024 06:52:43 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 5604012F7EF14DA08655FA6BE73C92EC Ref B: FRAEDGE1321 Ref C: 2024-06-18T06:52:44Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1718693563699&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQI2P0s-8tU8-AAAAZAqHo-nbzW0oc1Gftj1Lz1rY_QNARGCFQQqVhSi-FGQstxH x-li-proto http/2 content-length 0 x-li-uuid AAYbJIdhBpiVLupkFpnaTw==
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	114 B 1 KB	185ms 144ms	XHR application/json	2606:4700::6812:f36c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=8776530 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f95beea21004e6e9ebb0833f42a3f497c4b38e06351270eaa32abff79dc94495 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id b2e9c574-d70e-43b6-a3a1-5f2af9d239c9 content-encoding br x-envoy-upstream-service-time 2 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b2e9c574-d70e-43b6-a3a1-5f2af9d239c9 server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.sygnia.co x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-5d47c8d44f-l2tws access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=59ZxYy8C%2BnIiJkJEXPeY2Wa53y1vYEPf43iHiXKrJ6fW2zT6Ko%2BxvHgkNp%2FoqatNhGBNwTuSoDXaBYxMk3%2FR3yqE0xSGdqBv6ZgObh0aEix7Pj454cj6KNc2gB2r%2FDbhSD02j502KDh59sLE"}],"group":"cf-nel","max_age":604800} cf-ray 89595bb5a81465b6-FRA access-control-allow-headers *
GET H2	200	187039095 Show response www.clarity.ms/tag/uet/	828 B 1 KB	185ms 142ms	Script application/x-javascript	2620:1ec:29:1::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/tag/uet/187039095?insights=1 Requested by Host: bat.bing.com URL: https://bat.bing.com/p/action/187039095.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 01ec79ec4b8a9a8b9930448c90aacd5216baee28d23924384033333845f23a30 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires -1 date Tue, 18 Jun 2024 06:52:43 GMT x-azure-ref 20240618T065243Z-15c7957974682rx71c7nc83cyc0000000600000000003mm8 x-cache CONFIG_NOCACHE content-type application/x-javascript cache-control no-cache, no-store accept-ranges bytes content-length 828 request-context appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
GET H2	200	destinations.min.js Show response x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/	0 21 B	271ms 229ms	Script application/javascript	3.127.196.46 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/destinations.min.js Requested by Host: tag.clearbitscripts.com URL: https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-196-46.eu-central-1.compute.amazonaws.com Software Clearbit / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-envoy-response-flags - server Clearbit content-type application/javascript;charset=utf-8 cache-control private, max-age=600 content-length 0
GET H2	200	tracking.min.js Show response x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/	168 KB 45 KB	264ms 223ms	Script application/javascript	3.127.196.46 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tracking.min.js Requested by Host: tag.clearbitscripts.com URL: https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-196-46.eu-central-1.compute.amazonaws.com Software Clearbit / Resource Hash 70ab4589cd875991dcba608ed58a37c165dda5645b767690b14587c7444a38d5 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-content-type-options nosniff x-envoy-response-flags - server Clearbit strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control private, max-age=600
GET H3	200	counters.gif perf-na1.hsforms.com/embed/v3/	35 B 579 B	128ms 120ms	Image image/gif	104.18.80.204 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.sygnia.co URL: https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id a7e0f70e-eebd-4659-83e9-1e1e99813b58 x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a7e0f70e-eebd-4659-83e9-1e1e99813b58 last-modified Tue, 18 Jun 2024 06:52:43 GMT server cloudflare vary origin, Accept-Encoding content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-md7fl access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false accept-ranges bytes x-robots-tag none cf-ray 89595bb60dd9365b-FRA
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	47 KB 0	0ms 0ms	Script application/javascript	2a02:26f0:3100::1735:2823 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2823 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 20 May 2024 16:52:20 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=57992 accept-ranges bytes content-length 16683
GET H2	200	clarity.js Show response www.clarity.ms/s/0.7.32/	61 KB 26 KB	16ms 16ms	Script application/javascript	2620:1ec:29:1::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/s/0.7.32/clarity.js Requested by Host: www.clarity.ms URL: https://www.clarity.ms/tag/uet/187039095?insights=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding br last-modified Fri, 10 May 2024 17:30:20 GMT etag W/"0x8DC7116DE09E645" vary Accept-Encoding x-azure-ref 20240618T065243Z-15c7957974682rx71c7nc83cyc0000000600000000003mnc content-type application/javascript;charset=utf-8 access-control-allow-origin * x-ms-request-id 3b2d0378-601e-0050-1f7f-bdec8b000000 cache-control public, max-age=86400 x-cache TCP_HIT x-ms-version 2018-03-28 x-fd-int-roxy-purgeid 51562430
POST H2	200	p Show response app.clearbit.com/v1/	16 B 1 KB	225ms 185ms	XHR application/json	3.127.196.46 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.clearbit.com/v1/p Requested by Host: x.clearbitjs.com URL: https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tracking.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-196-46.eu-central-1.compute.amazonaws.com Software Clearbit / Resource Hash c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain Response headers date Tue, 18 Jun 2024 06:52:43 GMT content-encoding gzip x-content-type-options nosniff x-envoy-response-flags - server Clearbit strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding, Origin access-control-max-age 7200 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://www.sygnia.co access-control-expose-headers content-security-policy-report-only default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; access-control-allow-credentials true content-type application/json
POST H/1.1	204 No Content	collect Show response s.clarity.ms/	0 277 B	316ms 102ms	XHR text/plain	23.96.124.68 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://s.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.sygnia.co Date Tue, 18 Jun 2024 06:52:44 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
POST H/1.1	204 No Content	collect Show response s.clarity.ms/	0 277 B	485ms 293ms	XHR text/plain	23.96.124.68 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://s.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.sygnia.co Date Tue, 18 Jun 2024 06:52:44 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
GET H2	200	__ptq.gif track.hubspot.com/	45 B 751 B	409ms 208ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&t=In-Depth+Analysis%3A+Velvet+Ant%27s+Prolonged+Cyber+Attack+on+a+Large+Organization&cts=1718693564770&vi=ba68be6e25e311e1e3383dbde7864981&nc=true&u=147695848.ba68be6e25e311e1e3383dbde7864981.1718693564768.1718693564768.1718693564768.1&b=147695848.1.1718693564769&pt=0&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:45 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3de8bacd-c677-48cf-8b09-6cb462ae8e07 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 9 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3de8bacd-c677-48cf-8b09-6cb462ae8e07 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wVp2otXTmgrsOL6oG6i7onZDLXjcEHTguTh3yH19r1srzlGqIpMCnwcyVr2xzJtxo715c4wZR%2BZYcXuL%2FZtaoMAiM%2BEUirgIGwe7CaHVPiIGoyET7ryWJ4mW7Hi1%2FEw1b01jtORJFIU6LB%2BQJj5V"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-xnssc x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 89595bbd1d989195-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	336ms 140ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=1ad9c304-415a-4d9d-ba10-a5145c1db1c3&fci=f289a44a-0f72-4e4f-af18-e65c4160bfa3&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&t=In-Depth+Analysis%3A+Velvet+Ant%27s+Prolonged+Cyber+Attack+on+a+Large+Organization&cts=1718693564771&vi=ba68be6e25e311e1e3383dbde7864981&nc=true&u=147695848.ba68be6e25e311e1e3383dbde7864981.1718693564768.1718693564768.1718693564768.1&b=147695848.1.1718693564769&pt=0&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:45 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 77cedd2f-01fa-4760-9ff2-e633bbf330a5 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 7 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 77cedd2f-01fa-4760-9ff2-e633bbf330a5 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zo%2BDnO2PcrRZaaJ0%2BUBTLVXVyUVoaEIpsrV5GDbRGASdvcy%2F99deS%2BNhHiNAqqcCRmPbeEA%2BvM6OQpGB2w%2FArqwV97%2BeLnogbbQNl96haIIU%2BpdV6fLeNrzpnCHHeBg8sNiJ62Nlj2Lit%2BPBzR5Z"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-hch7x x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 89595bbd1d929195-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 754 B	335ms 143ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=1ad9c304-415a-4d9d-ba10-a5145c1db1c3&fci=3250e2bc-cab6-4ece-ae92-e2beb0b63a94&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fchina-nexus-threat-group-velvet-ant%2F&t=In-Depth+Analysis%3A+Velvet+Ant%27s+Prolonged+Cyber+Attack+on+a+Large+Organization&cts=1718693564771&vi=ba68be6e25e311e1e3383dbde7864981&nc=true&u=147695848.ba68be6e25e311e1e3383dbde7864981.1718693564768.1718693564768.1718693564768.1&b=147695848.1.1718693564769&pt=0&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:45 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id a8b46809-39f5-4fa0-9709-9699e729fc8e p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a8b46809-39f5-4fa0-9709-9699e729fc8e server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FLltxeh6aX5VvXZLzSUeRl4JwpVNv7tpwT1pxcS2U5WvWNuY7hMYdUS1P7B0dvcM0VkHzdV9PeGvjwd%2BlbL2XCaq7T%2FuCAMayNhXhV8nKB81dui%2FQXv3HGqdqltdm%2F%2Fk6Ukbq7H2TtZ2ubql6Zu"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-nmffp x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 89595bbd1d969195-FRA x-robots-tag none
GET H2	200	c.gif c.clarity.ms/ Redirect Chain https://c.clarity.ms/c.gif https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=D8437ED2F2F44F7D8BE76082D3400329&RedC=c.clarity.ms&MXFR=3CFE148CA1EF661B20E6002EA5EF68FC https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D8437ED2F2F44F7D8BE76082D3400329&MUID=2A34B23463F66C6F17EEA696627D6DBD	42 B 443 B	29ms 29ms	Image image/gif	68.219.88.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D8437ED2F2F44F7D8BE76082D3400329&MUID=2A34B23463F66C6F17EEA696627D6DBD Protocol H2 Server 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.sygnia.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers pragma no-cache date Tue, 18 Jun 2024 06:52:44 GMT last-modified Fri, 01 Mar 2024 22:54:48 GMT server Microsoft-IIS/10.0 etag "3e26b762b6cda1:0" x-powered-by ASP.NET content-type image/gif p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" cache-control private, no-cache, proxy-revalidate, no-store accept-ranges bytes content-length 42 Redirect headers pragma no-cache date Tue, 18 Jun 2024 06:52:44 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 2A910623B02441948350BDFCF3D942A5 Ref B: FRA31EDGE0522 Ref C: 2024-06-18T06:52:45Z x-powered-by ASP.NET x-cache CONFIG_NOCACHE p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" location https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D8437ED2F2F44F7D8BE76082D3400329&MUID=2A34B23463F66C6F17EEA696627D6DBD cache-control private, no-cache, proxy-revalidate, no-store content-length 0
GET H3	200	favicon.png www.sygnia.co/wp-content/uploads/2023/12/	436 B 681 B	30ms 30ms	Other image/webp	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.sygnia.co/wp-content/uploads/2023/12/favicon.png Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash df445b82b8f1b521ce3fd100a095e0325d352c8b7becbc6f01b224e6094ebe09 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:44 GMT cf-cache-status HIT age 75472 cf-polished origFmt=png, origSize=551 content-disposition inline; filename="favicon.webp" alt-svc h3=":443"; ma=86400 content-length 436 cf-bgj imgq:100,h2pri last-modified Mon, 17 Jun 2024 09:50:45 GMT server cloudflare etag "667006f5-227" vary Accept content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 89595bbd0a484d73-FRA
GET H3	200	favicon-32x32.png www.sygnia.co/	486 B 736 B	41ms 40ms	Other image/webp	141.193.213.11 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.sygnia.co/favicon-32x32.png Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.11 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash b3765ce25bc41a6c1daed0c1f6157ea03e37ed4094bff0a008a9437c1442cfdf Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 18 Jun 2024 06:52:45 GMT cf-cache-status HIT age 65343 cf-polished origFmt=png, origSize=1121 content-disposition inline; filename="favicon-32x32.webp" alt-svc h3=":443"; ma=86400 content-length 486 cf-bgj imgq:100,h2pri last-modified Mon, 17 Jun 2024 09:50:38 GMT server cloudflare etag "667006ee-461" vary Accept content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 89595bbd6ad74d73-FRA
POST H/1.1	204 No Content	collect Show response s.clarity.ms/	0 277 B	113ms 109ms	XHR text/plain	23.96.124.68 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://s.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept application/x-clarity-gzip Referer https://www.sygnia.co/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.sygnia.co Date Tue, 18 Jun 2024 06:52:46 GMT Access-Control-Allow-Credentials true Server nginx Connection keep-alive Vary Origin Request-Context appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8