urlscan.io logo urlscan.io
SecurityTrails logo

www3.corelight.com Open in urlscan Pro
18.232.28.189  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://signatures.corelight.com/uc/5f6a6b42860b681dc11685f1/c_6047a8f7a62b2e005868b34e/b_6047ada099b63f0025857dc6
Effective URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee...
Submission: On June 30 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 31 IPs in 4 countries across 26 domains to perform 146 HTTP transactions. The main IP is 18.232.28.189, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www3.corelight.com.
TLS certificate: Issued by R3 on May 25th 2021. Valid for: 3 months.
This is the only time www3.corelight.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.221.223.160 14618 (AMAZON-AES)
3 6 18.232.28.189 14618 (AMAZON-AES)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
10 2600:9000:211... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 199.232.136.157 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
68 143.204.205.19 16509 (AMAZON-02)
14 104.111.233.140 16625 (AKAMAI-AS)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 34.107.254.219 15169 (GOOGLE)
2 151.101.13.140 54113 (FASTLY)
2 34.255.138.57 16509 (AMAZON-02)
2 2 2620:119:50e4... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 108.174.10.14 14413 (LINKEDIN)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.133 13414 (TWITTER)
2 2a03:2880:f11... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
2 52.202.69.186 14618 (AMAZON-AES)
1 104.244.42.195 13414 (TWITTER)
1 205.185.216.10 20446 (HIGHWINDS3)
8 54.147.21.139 14618 (AMAZON-AES)
3 50.16.7.188 14618 (AMAZON-AES)
1 65.9.77.3 16509 (AMAZON-02)
2 52.5.78.99 14618 (AMAZON-AES)
146 31
1    3.221.223.160 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-221-223-160.compute-1.amazonaws.com
signatures.corelight.com
6    18.232.28.189 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-6-ue1.aws.pardot.com
www3.corelight.com
2    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
10    2600:9000:211e:4200:d:7e9b:1200:93a1 (United States)

ASN16509 (AMAZON-02, US)
storage.pardot.com
1    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
5    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
68    143.204.205.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-205-19.fra53.r.cloudfront.net
js.driftt.com
14    104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    34.107.254.219 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 219.254.107.34.bc.googleusercontent.com
www.influ2.com
2    151.101.13.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
www.redditstatic.com
alb.reddit.com
2    34.255.138.57 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-138-57.eu-west-1.compute.amazonaws.com
insight.adsrvr.org
2    2620:119:50e4:101::6cae:b55 (San Jose, United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
1    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
2    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a00:1450:4001:811::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
t.influ2.com
2    52.202.69.186 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-1-ue1.aws.pardot.com
pi.pardot.com
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
8    54.147.21.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-21-139.compute-1.amazonaws.com
metrics.api.drift.com
targeting.api.drift.com
3    50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com
bootstrap.api.drift.com
1    65.9.77.3 (United States)

ASN16509 (AMAZON-02, US)
embeds.driftcdn.com
2    52.5.78.99 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-78-99.compute-1.amazonaws.com
event.api.drift.com
Domain Requested by
68 js.driftt.com www3.corelight.com
js.driftt.com
12 b.6sc.co www3.corelight.com
10 storage.pardot.com www3.corelight.com
6 metrics.api.drift.com js.driftt.com
6 www3.corelight.com 3 redirects www3.corelight.com
pi.pardot.com
5 fonts.gstatic.com fonts.googleapis.com
3 bootstrap.api.drift.com js.driftt.com
3 fonts.googleapis.com www3.corelight.com
js.driftt.com
2 event.api.drift.com js.driftt.com
2 targeting.api.drift.com js.driftt.com
2 pi.pardot.com www3.corelight.com
pi.pardot.com
2 t.influ2.com www.influ2.com
www3.corelight.com
2 www.facebook.com www3.corelight.com
2 px.ads.linkedin.com 2 redirects
2 insight.adsrvr.org www3.corelight.com
2 connect.facebook.net www3.corelight.com
connect.facebook.net
2 www.gstatic.com www.googletagmanager.com
www.gstatic.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 cdnjs.cloudflare.com www3.corelight.com
1 embeds.driftcdn.com js.driftt.com
1 metadata-static-files.sfo2.cdn.digitaloceanspaces.com www3.corelight.com
1 analytics.twitter.com static.ads-twitter.com
1 c.6sc.co j.6sc.co
1 t.co www3.corelight.com
1 alb.reddit.com www3.corelight.com
1 www.google.de www3.corelight.com
1 www.google.com www3.corelight.com
1 stats.g.doubleclick.net www.google-analytics.com
1 px4.ads.linkedin.com www3.corelight.com
1 www.linkedin.com 1 redirects
1 www.redditstatic.com www3.corelight.com
1 www.influ2.com www.googletagmanager.com
1 j.6sc.co www3.corelight.com
1 static.ads-twitter.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 www.googletagmanager.com www3.corelight.com
1 signatures.corelight.com 1 redirects
146 37

This site contains links to these domains. Also see Links.

Domain
www.corelight.com
twitter.com
www.linkedin.com
www.youtube.com
www.facebook.com
Subject Issuer Validity Valid
www3.corelight.com
R3		 2021-05-25 -
2021-08-23		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-06-07 -
2021-08-30		 3 months crt.sh
storage.pardot.com
DigiCert SHA2 Secure Server CA		 2020-12-09 -
2021-12-08		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-04-30 -
2022-05-11		 a year crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA		 2020-08-14 -
2021-08-19		 a year crt.sh
drift.com
Amazon		 2020-09-21 -
2021-10-23		 a year crt.sh
*.6sc.co
DigiCert SHA2 Secure Server CA		 2021-03-09 -
2022-03-16		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-05-26 -
2021-08-24		 3 months crt.sh
influ2.com
GTS CA 1D4		 2021-06-29 -
2021-09-27		 3 months crt.sh
www.redditstatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-23 -
2021-11-18		 6 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-04-15 -
2021-10-15		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2021-06-07 -
2021-08-30		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-23 -
2021-11-18		 6 months crt.sh
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
t.influ2.com
GTS CA 1D4		 2021-06-07 -
2021-09-05		 3 months crt.sh
pi.pardot.com
DigiCert SHA2 Secure Server CA		 2020-12-05 -
2021-12-04		 a year crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
*.sfo2.cdn.digitaloceanspaces.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-30		 a year crt.sh
*.driftcdn.com
Amazon		 2021-03-12 -
2022-04-10		 a year crt.sh

This page contains 3 frames:

Primary Page: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Frame ID: A25A8B20D6415219C18691E944AAD4C6
Requests: 61 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Frame ID: 66A3180D29C0FBF9CBFB100C04148974
Requests: 40 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Frame ID: 6579C4F211AA255816E02318517A745B
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://signatures.corelight.com/uc/5f6a6b42860b681dc11685f1/c_6047a8f7a62b2e005868b34e/b_6047ada099b63f00258... HTTP 302
    https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&... Page URL

Page Statistics

146
Requests

100 %
HTTPS

50 %
IPv6

26
Domains

37
Subdomains

31
IPs

4
Countries

1879 kB
Transfer

4352 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://signatures.corelight.com/uc/5f6a6b42860b681dc11685f1/c_6047a8f7a62b2e005868b34e/b_6047ada099b63f0025857dc6 HTTP 302
    https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://www3.corelight.com/l/420832/2020-12-17/p337j1/420832/1608204329VpEaf6IR/2020_12_wb_zeek_solarwinds_backdoor_2200x489.png HTTP 302
  • https://storage.pardot.com/420832/1608204329VpEaf6IR/2020_12_wb_zeek_solarwinds_backdoor_2200x489.png
Request Chain 6
  • https://www3.corelight.com/l/420832/2020-12-17/p337pp/420832/16082129685pmihE5O/Aaron_Soto_200x200.png HTTP 302
  • https://storage.pardot.com/420832/16082129685pmihE5O/Aaron_Soto_200x200.png
Request Chain 7
  • https://www3.corelight.com/l/420832/2020-12-17/p337pt/420832/160821319171rBoi1d/Alex_Kirk_200x200.png HTTP 302
  • https://storage.pardot.com/420832/160821319171rBoi1d/Alex_Kirk_200x200.png
Request Chain 29
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1625011602145&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D292564%26time%3D1625011602145%26url%3Dhttps%253A%252F%252Fwww3.corelight.com%252Ffinding-sunburst-solarwinds-zeek-suricata-sg%253Futm_campaign%253DUntitled_Campaign%2526utm_content%253DEmployee_Email%2526utm_medium%253DSigstr%2526utm_source%253DEmail_Signature%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1625011602145&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1625011602145&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&liSync=true&e_ipv6=AQL_vZgPHDxnkAAAAXpaPURRTvYDZXfgKVoOxoesyM6cYl2sb6CL29efZrLbYNzA3-SpWP78

146 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set finding-sunburst-solarwinds-zeek-suricata-sg
www3.corelight.com/
Redirect Chain
  • https://signatures.corelight.com/uc/5f6a6b42860b681dc11685f1/c_6047a8f7a62b2e005868b34e/b_6047ada099b63f0025857dc6
  • https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
45 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-6-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
b76b545ae0229187f417d582826ac4d81b20d6aa182d5a71699c97077bb63682

Request headers

Host
www3.corelight.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:41 GMT
Set-Cookie
pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id420832=713917740; expires=Sat, 28-Jun-2031 00:06:41 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id420832-hash=547be659a45ff0340fa8e7d39174bfa7594add5b0133e81aff1bcebf7515e70269bf4213c33f13941f7f467dd0a1354d34c1dc7b; expires=Sat, 28-Jun-2031 00:06:41 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Status
404 Not Found
X-Pardot-Rsp
16/13/194
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
11916
Content-Type
text/html; charset=utf-8
X-Pardot-Route
cb482e8713caadba289bc279c1db8a1d
Server
PardotServer
X-Pardot-LB
e95a292e477f6214c8e77c2cf881a7d3
Connection
keep-alive

Redirect headers

cache-control
no-cache
content-type
text/html; charset=utf-8
date
Wed, 30 Jun 2021 00:06:40 GMT
location
https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
referrer-policy
strict-origin-when-cross-origin
server
Caddy nginx/1.19.6
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
f7ca4342-4b80-41bb-b8da-aa2c4dccd9d5
x-runtime
0.038476
x-xss-protection
1; mode=block
content-length
252
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1733544
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
5631
cf-request-id
0afbd6588f000017729c8d9000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Dn3zHoDyZzsivotAzxApa7mJLY25aOvV20A%2FrCwS8hMzssfrfykEkKLwi4BJfMWVB6xVDYrZLpZb0o315teRb3XgjXRsbgz3Qh5gsoqvgoYzQKmZ%2B2fcFmpO1kif5RNa4humlBjjkkEaEtFaxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6673266dbebf1772-FRA
expires
Mon, 20 Jun 2022 00:06:41 GMT
css2
fonts.googleapis.com/ 		11 KB
881 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700;800&display=swap
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3e69588c9c54304799304e0628c655b03a6d4f169caf3a97979ec53488fa04ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 00:06:36 GMT
server
ESF
date
Wed, 30 Jun 2021 00:06:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 30 Jun 2021 00:06:41 GMT
piUtils.js
www3.corelight.com/js/ 		341 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.corelight.com/js/piUtils.js?ver=2020-10-19
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-6-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www3.corelight.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Cookie
visitor_id420832=713917740; visitor_id420832-hash=547be659a45ff0340fa8e7d39174bfa7594add5b0133e81aff1bcebf7515e70269bf4213c33f13941f7f467dd0a1354d34c1dc7b
Connection
keep-alive
Referer
https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:41 GMT
Content-Encoding
gzip
X-Pardot-Route
cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB
e95a292e477f6214c8e77c2cf881a7d3
Last-Modified
Tue, 29 Jun 2021 05:20:20 GMT
Server
PardotServer
ETag
"55586-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=63072000
Transfer-Encoding
chunked
Accept-Ranges
bytes
Expires
Fri, 30 Jun 2023 00:06:41 GMT
u1600192325246_logo.png
storage.pardot.com/420832/1602051634msVWVv5I/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/1602051634msVWVv5I/u1600192325246_logo.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
aa473c660041cc5b4db9d799fd35b2821d791569c2c5b431e1800d7e581a98c2

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Wed, 07 Oct 2020 06:20:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"47a055a75692b5af02884bb87bfc66af"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
4737
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
c_wGfToxdzAiKoGXLjjAOMlAvd5Usn3z
x-amz-cf-id
2BnImwN7ue-3cBBpv2GueknYEH5QZlVhbBTxLBKcEfVxHntJfO8uSA==
2020_12_wb_zeek_solarwinds_backdoor_2200x489.png
storage.pardot.com/420832/1608204329VpEaf6IR/
Redirect Chain
  • https://www3.corelight.com/l/420832/2020-12-17/p337j1/420832/1608204329VpEaf6IR/2020_12_wb_zeek_solarwinds_backdoor_2200x489.png
  • https://storage.pardot.com/420832/1608204329VpEaf6IR/2020_12_wb_zeek_solarwinds_backdoor_2200x489.png
264 KB
265 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/1608204329VpEaf6IR/2020_12_wb_zeek_solarwinds_backdoor_2200x489.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c19308fca696b44eed05b4392723bc050f1b8aa02bf32e16d0bb9a2a2cfe1c32

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
rLfTh1q4xkBQUunK3EaaNW9_rezGjNIT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Thu, 17 Dec 2020 11:25:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"638b809acfe5ee7ba0e1eb880155cb16"
x-cache
Hit from cloudfront
content-type
image/png; charset=binary
date
Wed, 30 Jun 2021 00:06:42 GMT
x-amz-replication-status
COMPLETED
accept-ranges
bytes
x-robots-tag
none
content-length
270680
x-amz-cf-id
s7Pn-e400vl-7yYEKlYa6Adf4zlWUHjRLEYNSQ7c32jFF4Sktk3EHA==

Redirect headers

Date
Wed, 30 Jun 2021 00:06:41 GMT
Content-Encoding
gzip
X-Pardot-Route
cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB
e95a292e477f6214c8e77c2cf881a7d3
Server
PardotServer
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Location
https://storage.pardot.com/420832/1608204329VpEaf6IR/2020_12_wb_zeek_solarwinds_backdoor_2200x489.png
Set-Cookie
pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Cache-Control
max-age=600
Connection
keep-alive
X-Robots-Tag
none
Content-Length
166
Expires
Wed, 30 Jun 2021 00:16:42 GMT
2020_12_wb_zeek_solarwinds_backdoor_2200x489.png
storage.pardot.com/420832/1608204329VpEaf6IR/ 		264 KB
265 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/1608204329VpEaf6IR/2020_12_wb_zeek_solarwinds_backdoor_2200x489.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c19308fca696b44eed05b4392723bc050f1b8aa02bf32e16d0bb9a2a2cfe1c32

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Thu, 17 Dec 2020 11:25:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"638b809acfe5ee7ba0e1eb880155cb16"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
270680
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
rLfTh1q4xkBQUunK3EaaNW9_rezGjNIT
x-amz-cf-id
mxleUHxIiwde61h9ZcFd5NKHmgFLcBhTGl8XzJU-EzpH8E5AJUu_LQ==
Aaron_Soto_200x200.png
storage.pardot.com/420832/16082129685pmihE5O/
Redirect Chain
  • https://www3.corelight.com/l/420832/2020-12-17/p337pp/420832/16082129685pmihE5O/Aaron_Soto_200x200.png
  • https://storage.pardot.com/420832/16082129685pmihE5O/Aaron_Soto_200x200.png
78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/16082129685pmihE5O/Aaron_Soto_200x200.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5aa87dfa5ab03c736fef31650b185efdc0a21138984cfa0581fdccb7bb6033af

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Thu, 17 Dec 2020 13:49:29 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"946df46512099ba92c9ff70e4f4af8a4"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
79494
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
0P3OQdWJxlqYImLtBlNKlqcGRtf01BR5
x-amz-cf-id
AWa91SMN5HksNw-x1KvtupISySYF2GEbjOFC6vdfvVRYgvvcYtzfiw==

Redirect headers

Date
Wed, 30 Jun 2021 00:06:42 GMT
Content-Encoding
gzip
X-Pardot-Route
cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB
e95a292e477f6214c8e77c2cf881a7d3
Server
PardotServer
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Location
https://storage.pardot.com/420832/16082129685pmihE5O/Aaron_Soto_200x200.png
Set-Cookie
pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Cache-Control
max-age=600
Connection
keep-alive
X-Robots-Tag
none
Content-Length
148
Expires
Wed, 30 Jun 2021 00:16:42 GMT
Alex_Kirk_200x200.png
storage.pardot.com/420832/160821319171rBoi1d/
Redirect Chain
  • https://www3.corelight.com/l/420832/2020-12-17/p337pt/420832/160821319171rBoi1d/Alex_Kirk_200x200.png
  • https://storage.pardot.com/420832/160821319171rBoi1d/Alex_Kirk_200x200.png
44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/160821319171rBoi1d/Alex_Kirk_200x200.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b53358b92f85d882a21e00b015974b333d47d77191aa1967b13962e8b68b4b05

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Thu, 17 Dec 2020 13:53:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"5daa56a3e09012ee39c37ec65cc700a2"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
44915
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
14c54N7pQxWJbfjn82pYXIhCQLLbVmtH
x-amz-cf-id
hhpODWks0PzA_K1vJWzbN3Q8BgSQKCRvKDcDwWkqWvhzoDTlbP1DEQ==

Redirect headers

Date
Wed, 30 Jun 2021 00:06:42 GMT
Content-Encoding
gzip
X-Pardot-Route
fb09abcaff05ac363535c455b453208a
X-Pardot-LB
e95a292e477f6214c8e77c2cf881a7d3
Server
PardotServer
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Location
https://storage.pardot.com/420832/160821319171rBoi1d/Alex_Kirk_200x200.png
Set-Cookie
pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Cache-Control
max-age=600
Connection
keep-alive
X-Robots-Tag
none
Content-Length
145
Expires
Wed, 30 Jun 2021 00:16:42 GMT
u1600192325246_youtube.png
storage.pardot.com/420832/16020516881ZElz9vu/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/16020516881ZElz9vu/u1600192325246_youtube.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7fcb6119be7ddba96da6ba5dfca8645026a695b028a4f07d734879936326162d

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Wed, 07 Oct 2020 06:21:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"861cd47c60cf3b13960c422a2b4a2ce0"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
1309
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
U0zbUI66TOIsdq6d.YG.TZ7Fo80ZokgT
x-amz-cf-id
_o82-P11bP-Xsl8MyS25Hy7DdFaknjt1gv_V9a70kIDVhPbBMcrmQw==
u1600192325246_linkedin.png
storage.pardot.com/420832/1602051612DizHfaRu/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/1602051612DizHfaRu/u1600192325246_linkedin.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
28883ce30cfd03bad08ae48d1bf459fa0f6e234972de13525c5dcdc90d490767

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Wed, 07 Oct 2020 06:20:13 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"5f4a8e1ed0a2bc7ed4319ab3afd25551"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
1507
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
riMWFU3TU_UMdfcFOFnA2z1WLhxwGhyQ
x-amz-cf-id
Pkq8veUyRU-2LUrY649i0Z-BlRrkKMUS8CDAAELLCoH4v3NZzDQz2g==
u1600192325246_twitter.png
storage.pardot.com/420832/1602051680ktvhWKcQ/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/1602051680ktvhWKcQ/u1600192325246_twitter.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7f6460b539e91908a0a18dc1a087a228bd7cec2a46daf6a2e3d2ca4e97319f25

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Wed, 07 Oct 2020 06:21:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"678976054412251daf3296247ab643e3"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
1393
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
aSxDCRSFsAE..yAzcb.73HTCAPpVNszG
x-amz-cf-id
RwXZf2-aGRFjTwLLjp7TERqPfaMNdCOyITT9yrUnuMZWUZlySw7CxA==
u1600192325246_facebook.png
storage.pardot.com/420832/1602051592DdRoviaZ/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/1602051592DdRoviaZ/u1600192325246_facebook.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fbb75360bcc4ac8e327682a3a2160fb5919f79f6ab665878e16c7a641ee55e4b

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Wed, 07 Oct 2020 06:19:53 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"43f3a542c8bba7d46e8d1fd46d65c62e"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
1427
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
odGsGR.L1_6YWI1erC63Vk6Zi4EtxXsc
x-amz-cf-id
ytPGzb3YTU1PF4yQqZX_hTXnbC-xWMjKO2uZMsqXfkZIkKJxzf2ssw==
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/ 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fa0d5c3f538c76f878e012ac390597faecaabfe6fb9d459b919258e76c5df8e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1732451
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
29505
cf-request-id
0afbd658d70000c2d62d3e0000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-16b8c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=z5%2BAgmhcTI4S53grsjW%2Fbr%2BJXg%2FnMva2DNQweiZlOZom68c6NBNut%2BeQZTINmnNBfzjzDxrKcmCzHuiVYvf1hJ%2FcSSMTT31QFqtolOma5l%2FcpWPBFWlSwROYKqJGzfNxG8vfac2zWxVA7gonVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6673266e2ea1c2d6-FRA
expires
Mon, 20 Jun 2022 00:06:41 GMT
gtm.js
www.googletagmanager.com/ 		186 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dffd2df0d2e7fc89f6e4f93ed1b5956e13b7a4e62611cf74a442a3ab7f2cb05f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:41 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61841
x-xss-protection
0
expires
Wed, 30 Jun 2021 00:06:41 GMT
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www3.corelight.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 22:24:53 GMT
x-content-type-options
nosniff
age
6108
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14440
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:19 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jun 2022 22:24:53 GMT
mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www3.corelight.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 18:46:29 GMT
x-content-type-options
nosniff
age
19212
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15112
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:50 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jun 2022 18:46:29 GMT
mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UNirkOUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www3.corelight.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 20:30:42 GMT
x-content-type-options
nosniff
age
12959
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14956
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:26 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jun 2022 20:30:42 GMT
u1600192325246_speaker_bg.png
storage.pardot.com/420832/1602051660gOq32JVL/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.pardot.com/420832/1602051660gOq32JVL/u1600192325246_speaker_bg.png
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:4200:d:7e9b:1200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7ab1855e562b9d9abbeb65ff8d4bd1c2e71935061eae87698024f8694672d787

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified
Wed, 07 Oct 2020 06:21:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"bc342d982317cc869e7937850ad2bb7a"
x-cache
Miss from cloudfront
content-type
image/png; charset=binary
x-amz-replication-status
COMPLETED
content-length
5161
accept-ranges
bytes
x-robots-tag
none
x-amz-version-id
nAi10QEy76SiaSPAvg87Jh48jgqZpMs7
x-amz-cf-id
7l6JEMBOv08ct1Ikt89DXITuyHnayAfZi7Y8XY63NAfBjGgtd5zQDw==
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
1594
date
Tue, 29 Jun 2021 23:40:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Wed, 30 Jun 2021 01:40:08 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:42 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 01:25:13 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=21161
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2079
uwt.js
static.ads-twitter.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ce8edccdc98a1f67c6d81ce452ac32192a9fc0c7a2828ea2dc6747c291cb5919

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:42 GMT
via
1.1 varnish
last-modified
Mon, 21 Jun 2021 21:05:34 GMT
age
47674
etag
"cf581d46c3059bf617cb7f732c21a59e+gzip"
vary
Accept-Encoding,Host
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding
gzip
cache-control
no-cache
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
1958
x-timer
S1625011602.286193,VS0,VE0
x-served-by
cache-hhn11539-HHN
loader.js
www.gstatic.com/wcm/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/wcm/loader.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 23:45:34 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 15 Mar 2021 16:45:00 GMT
server
sffe
age
1268
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
expires
Wed, 30 Jun 2021 00:45:34 GMT
7hbw4wxfwim5.js
js.driftt.com/include/1625011800000/ 		214 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/include/1625011800000/7hbw4wxfwim5.js
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
6d0ce231b634d66137dfb5f4930344dfa9bc3de22d1b25a234415c4f5af65f52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:42 GMT
content-encoding
gzip
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 19:24:57 GMT
server
nginx
etag
W/"b874d48697e71e809cc575005a2bc05f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
lUqnqrM82sSCyfRsOCxKHs99gDVgnCMC
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
no-cache
access-control-allow-credentials
true
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
bCKQn3GJ-6GevZ1FborwBBN5e4BZ9_a-S1nmfZ2c4BxJccbZ0XnDfQ==
6si.min.js
j.6sc.co/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
da1b60970149580c709bbc357622d24e7029d658e852e74ef1d861ffb22ad219
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
7764
Pragma
no-cache
Last-Modified
Wed, 17 Mar 2021 01:04:50 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"605155b2-5d6b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Cache-Control
private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 30 Jun 2021 00:06:42 GMT
fbevents.js
connect.facebook.net/en_US/ 		95 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
31a54a93488f9711927aeb875ff1dd63a8c41359847f10f9cea7488dc65179b7
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
24675
x-xss-protection
0
pragma
public
x-fb-debug
O+YCOcw1ogWnYmNLXPH436hb9avnBQAt1jmcg3pqzfXVPjBabPc8GKTrV4yLFkTvbFchcePUzJA1CTi+2gXD3A==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 30 Jun 2021 00:06:42 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
tracker
www.influ2.com/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.influ2.com/tracker?clid=f1fb2ee8-131f-4e86-a2f6-33f3ec23cb8f
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.219 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
219.254.107.34.bc.googleusercontent.com
Software
/
Resource Hash
44abc24572212fff752be20af2ecaf8517819513defa46eb88f3bce83202b72e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 30 Jun 2021 00:06:42 GMT
x-frame-options
DENY
content-type
application/javascript
via
1.1 google
vary
Accept-Encoding
alt-svc
clear
x-xss-protection
1; mode=block
pixel.js
www.redditstatic.com/ads/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
44b72af014f383676fe6b8f48bb8b4b6c0d9bad9b479ec0b432e1819d124180d

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:42 GMT
via
1.1 varnish, 1.1 varnish
last-modified
Tue, 01 Jun 2021 21:43:38 GMT
server
snooserv
etag
"c51e34a5b277e70d9c56b25264388b0d"
vary
Accept-Encoding,Origin
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-encoding
gzip
content-length
6058
/
insight.adsrvr.org/track/pxl/ 		70 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/pxl/?adv=2c9gzew&ct=0:r2ar4hs&fmt=3
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.138.57 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-138-57.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 00:06:42 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
insight.adsrvr.org/track/pxl/ 		70 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/pxl/?adv=2c9gzew&ct=0:l10cxvb&fmt=3
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.138.57 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-138-57.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 00:06:42 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1625011602145&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%2...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D292564%26time%3D1625011602145%26url%3Dhttps%253A%252F%252Fwww3.corelight.com%252F...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1625011602145&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%2...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1625011602145&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%...
0
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1625011602145&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&liSync=true&e_ipv6=AQL_vZgPHDxnkAAAAXpaPURRTvYDZXfgKVoOxoesyM6cYl2sb6CL29efZrLbYNzA3-SpWP78
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
x-li-proto
http/2
x-li-pop
prod-edc2
content-type
application/javascript
content-length
0
x-li-uuid
wDynd3EzjRaA1vbBmCsAAA==

Redirect headers

date
Wed, 30 Jun 2021 00:06:42 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1625011602145&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&liSync=true&e_ipv6=AQL_vZgPHDxnkAAAAXpaPURRTvYDZXfgKVoOxoesyM6cYl2sb6CL29efZrLbYNzA3-SpWP78
x-li-proto
http/2
x-li-pop
prod-edc2
content-length
0
x-li-uuid
F6IAW3EzjRZgvQan7ioAAA==
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=245122954&t=pageview&_s=1&dl=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&ul=en-us&de=UTF-8&dt=Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26%20Corelight&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1140486338&gjid=1718035541&cid=1734900520.1625011602&tid=UA-86222136-1&_gid=749744814.1625011602&_r=1&gtm=2wg6n0PVV5SJD&z=1881202503
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 00:06:42 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www3.corelight.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
call-tracking_7.js
www.gstatic.com/call-tracking/ 		54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/call-tracking/call-tracking_7.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 23 Jun 2021 23:30:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
520557
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21020
x-xss-protection
0
last-modified
Wed, 03 Feb 2021 22:45:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 23 Jun 2022 23:30:45 GMT
471244410413852
connect.facebook.net/signals/config/ 		260 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/471244410413852?v=2.9.42&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7a25fabbebac7e8b9cbdbb2d303bb073519c33f32709672eabfc924fb8fd9c90
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
HiPQGoXcouz5qKIaTXN7d6Z2VKrwIk58k5gLELP1tztWIfIoj4QhLNHDB3TViMv61AxRABMJeQPGbNlEs5VbVA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coop_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 30 Jun 2021 00:06:42 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
90 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-86222136-1&cid=1734900520.1625011602&jid=1140486338&gjid=1718035541&_gid=749744814.1625011602&_u=YEBAAEAAAAAAAC~&z=818973994
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 30 Jun 2021 00:06:42 GMT
content-type
text/plain
access-control-allow-origin
https://www3.corelight.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-86222136-1&cid=1734900520.1625011602&jid=1140486338&_u=YEBAAEAAAAAAAC~&z=375293826
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 00:06:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-86222136-1&cid=1734900520.1625011602&jid=1140486338&_u=YEBAAEAAAAAAAC~&z=375293826
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 00:06:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rp.gif
alb.reddit.com/ 		42 B
125 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1625011602320&id=t2_1hf9hmzg&event=PageVisit&uuid=9e93e7db-1980-4136-b73d-300978d67220&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_87c5745b
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:36 GMT
via
1.1 varnish
server
Varnish
accept-ranges
bytes
content-length
42
retry-after
0
content-type
image/gif
adsct
t.co/i/ 		43 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.0&p_id=Twitter&p_user_id=0&txn_id=nz8zc&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
pragma
no-cache
last-modified
Wed, 30 Jun 2021 00:06:42 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
d5cc63d7e0a3302f61e9969c98f500b6888796194d4b25525e9dec9dc41db256
x-transaction
6fba596d2451ac6f
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
www.facebook.com/tr/ 		44 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=471244410413852&ev=PageView&dl=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&rl=&if=false&ts=1625011602347&sw=1600&sh=1200&v=2.9.42&r=stable&ec=0&o=30&fbp=fb.1.1625011602345.1191176788&it=1625011602226&coo=false&rqm=GET
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:42 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 30 Jun 2021 00:06:42 GMT
/
c.6sc.co/ 		47 B
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9c092b4623e9746f4c43b0198a026d56adfa18b1f33978f14dba9a4c73824f73

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:42 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://www3.corelight.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=8885070c-cd4d-4bf0-8438-871469655c27&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A42%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:42 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
/
t.influ2.com/u/ 		62 B
283 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.influ2.com/u/?cb=1625011602419
Requested by
Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=f1fb2ee8-131f-4e86-a2f6-33f3ec23cb8f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ff6c32788dc37146919334f231e4718bab043a74712724d940fe9ab52d1c0bc2

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
https://www3.corelight.com
date
Wed, 30 Jun 2021 00:06:42 GMT
content-encoding
gzip
access-control-allow-credentials
true
vary
Accept-Encoding
via
1.1 google
content-type
text/plain; charset=utf-8
/
t.influ2.com/p/vt/ 		597 B
797 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.influ2.com/p/vt/?a=&clid=f1fb2ee8-131f-4e86-a2f6-33f3ec23cb8f&caid=&cb=1625011602418&s=Email_Signature&dt=Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26%20Corelight&ref=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&d=0&da=0
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d267998c3594ce7f02341a5a8ef2b2705627f2552960e332d73747022406a30b

Request headers

Referer
https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 30 Jun 2021 00:06:42 GMT
via
1.1 google
access-control-allow-credentials
true
content-length
597
content-type
image/jpeg
core
js.driftt.com/ Frame 66A3 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1625011800000/7hbw4wxfwim5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ae14c1c378bc2f451672bccb08665f5b42a5be3e6fde7ffd41b49a41e9673d88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
js.driftt.com
:scheme
https
:path
/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www3.corelight.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www3.corelight.com/

Response headers

content-type
text/html; charset=utf-8
server
nginx
last-modified
Tue, 29 Jun 2021 19:24:39 GMT
x-amz-server-side-encryption
AES256
x-amz-version-id
eOECkBzKRPa8xKLI8g.AW1KFsPLAWoIc
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
date
Wed, 30 Jun 2021 00:06:43 GMT
cache-control
no-cache
etag
W/"b3b526b8e08a389bd709ab8a3a7d337b"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
a4YZFnAPyZtyFMj81liGE4gR4NJb6gyL-L1VoKRMcpNz5YocLA2PUw==
chat
js.driftt.com/core/ Frame 6579 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1625011800000/7hbw4wxfwim5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ae14c1c378bc2f451672bccb08665f5b42a5be3e6fde7ffd41b49a41e9673d88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
js.driftt.com
:scheme
https
:path
/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www3.corelight.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www3.corelight.com/

Response headers

content-type
text/html; charset=utf-8
server
nginx
last-modified
Tue, 29 Jun 2021 19:24:39 GMT
x-amz-server-side-encryption
AES256
x-amz-version-id
eOECkBzKRPa8xKLI8g.AW1KFsPLAWoIc
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
date
Wed, 30 Jun 2021 00:06:43 GMT
cache-control
no-cache
etag
W/"b3b526b8e08a389bd709ab8a3a7d337b"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
gLOCQLbo-Z9HxGraWQ2NYjbpvjmbCVWCBmM7WzugBarAN66q6N7lFA==
pd.js
pi.pardot.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/pd.js
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-1-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:43 GMT
Content-Encoding
gzip
X-Pardot-Route
4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB
4208770abb36eec2b2f3a1c951758cc1
Last-Modified
Tue, 29 Jun 2021 05:20:20 GMT
Server
PardotServer
ETag
"14be-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=63072000
Accept-Ranges
bytes
Content-Length
1923
Expires
Fri, 30 Jun 2023 00:06:43 GMT
adsct
analytics.twitter.com/i/ 		31 B
659 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.0&p_id=Twitter&p_user_id=0&txn_id=nz8zc&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
pragma
no-cache
last-modified
Wed, 30 Jun 2021 00:06:43 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
fdd7378755d77028861c7773de9950c774b7e605e626e55e7c8493138bd0bd27
x-transaction
1b54d56722817c8e
expires
Tue, 31 Mar 1981 05:00:00 GMT
lp.js
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js
Requested by
Host: www3.corelight.com
URL: https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
20b11d2c0012e286c38350d6c9b2ba03341667d9bc7226bf526fb47e89668fd9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:43 GMT
Connection
Keep-Alive
Last-Modified
Fri, 18 Dec 2020 19:31:32 GMT
x-amz-request-id
tx0000000000000102cb8d7-0060d9c8c0-e4dbe8b-sfo2a
ETag
"23752d527a82df9be63eb97fe04bceb3"
Vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW
1625011603.dop007.wa1.t,1625011603.cds008.wa1.shn,1625011603.dop007.wa1.t,1625011603.cds011.wa1.c
Content-Type
application/x-javascript
Cache-Control
max-age=478637
x-rgw-object-type
Normal
strict-transport-security
max-age=15552000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
5105
runtime~main.a5dfd5c8.js
js.driftt.com/core/assets/js/ Frame 66A3 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
806b5680f5a3e738e9c10dee54f947cdbe3df99204d3d4b5f8d744656ce884a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 19:24:38 GMT
content-encoding
gzip
age
16925
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 17:20:46 GMT
server
nginx
etag
W/"5e6ba378e27f78e28744f3b967acbc1b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
E4gjhNHJgSZOftS6y9jH7ggVmL18yWx8
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yqHIo6kl3FWTEppkR_2RoTVr9zNIiiGfC3td_79wOwqmn2RQWcUMmA==
44.3bd3bb8d.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
c21d9e3445cb8790891cd27f74ee195ce4b0f07ef5e8cc2063ca4eab22d049d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"c06876f82f66d99256689810334899ca"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
zQoeCWQAg5G5PlJgRA3rlVkeXHARqB.U
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
qLNBTGuVADG2BDZAp3j-2ljjA1auFkrgYlvZKoiQvXPc31HE038R8A==
21.7c4ee8d6.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/21.7c4ee8d6.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
3a2b8f3de356b1d9512f91b8aea011189a243cf1fc2ce1bd6b7626f839bc519e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"553c1451cc7e9e894b19ee5af409515c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
rHa9dxmkO0OPWyS2szXM2YqSlb5bKeoW
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
1b9Lb929-S6pfPyr6guVXDZPhfRtP_MUCWsAFQI_2kUK-yNa_lRcAw==
42.fed8a80f.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/42.fed8a80f.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
f3a948615e74169bd67db05a943a6cd9b524cd4a6c923ed39c38febf2a953719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"6fd3fe14071f1b038f2bfba42db1ac3e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
NlSYAmLIpmYb4QLS8fjwUxsdC3.UyKty
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
CWjivEjfkuY2QugM_7ESZPmIOHr-1gJUI-ZPcqtxN18EAUI5kDoosg==
17.cc5ee1b8.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/17.cc5ee1b8.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
a3b21399359bef45fc2cb8de9474af101feedb9e924e654e4bb985e1d124d070
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"ca3eca8b3d7e83db62eaedac0cddd47a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
xKnvymNPAdlCIywxLoQrDNLdqh8KB6_Q
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
DtJvCSRNIXUTKFl8Z7RO4gLauW-VWboEfPuEQxoxdHbQNL--v0c9QQ==
33.03a83594.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/33.03a83594.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
9c27d79b770ba0eb5173b26b035ee87b2a2f1b20eee2735187f71ada88346fea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"ab50d24c40c3e6faf701ece17813529e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
8OuYLpTekyz7k2MVuuhxSMEZGo4Er2ut
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
udXMgs4rWrTLaXDnZjphHQiMvVM5eqO34WyQX_JJOH0Jsh_dGNdT1w==
28.0b81dd0a.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/28.0b81dd0a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
91466d577f7d047896b93425271249edcd58ed29a388c5c1069f662be611db5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"df4d84fcfd4922ffba5f30ab776f6e32"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
qAG3AxPa9CERlNXfTdJ8oqwqFblfuD20
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
9JCQ3CpEoGyEYDE3KWaxiTq0-EBjJmG0D0S2wvBWSti_Sd0otGd3YA==
14.17f98f9d.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		29 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/14.17f98f9d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
d11032cfe587f0c79db9584b64f4b13cf82769d1f983108912337eee6ea56398
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"ff5c5c24fc6dc18637ae590487dde29f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
1KcM8slesbFZ4EIVwg2bHAYaTeO7He_Z
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
dgV2mLjdR9KT10RlK6mrba38-yIHeKVt9gSR8Z6B8mHPaIGwFC83ww==
15.ba891359.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		39 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/15.ba891359.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
2d3474f74f49ea05fe008ac0707fa6e2f3adba2b990b5c46d61f3a465023eae2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 12:15:19 GMT
content-encoding
gzip
age
42684
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 17 Jun 2021 18:28:45 GMT
server
nginx
etag
W/"c35bc9563c8d6e811ec2f39f529dc431"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
3lq68YHVd35vstfXCkOXcwyh9BWIQDS5
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
_sKqHFaI3y0xJouM7zbOZgXIXZ3tc11UTJqzMxIOGDpNzi0oHhoVaQ==
36.9240267e.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		52 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/36.9240267e.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e01a31d1eb9be759017e7eb1cca7a856cdb6c73fd2495a3cae6fe24e15f3fef9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 15:36:07 GMT
content-encoding
gzip
age
4869036
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 03 May 2021 19:03:06 GMT
server
nginx
etag
W/"c0367e53a004313148d8c4e96e76faaf"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
lLAVslw4_BY14xUoHU0HjzW1V7f26K5g
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
m6g9PRFFGbigXVb6x0erixtquswZrRHM9pn2d2Q4bApO0Kq99KkTiw==
32.92f100fb.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/32.92f100fb.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
c37c6eb0d9be9f7467f38756decf7c41e8e552ae4a146619fb4f9aa63861c835
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"2d012329af6f62cf36eca2aff0cb1157"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
tNHyS1J9mAwzwhudlk.OH3PYdzEfxlfj
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
SlPZYzwIgeujXk9RhcOHA2atwYxi5jF9HmCrGHZKKbMVnn1HbnpEMQ==
20.62fe083d.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/20.62fe083d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ede728e11dbe78ac756cc325c9d5e877729d68c194a9439e9bd832d2ad52c301
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"0e70492825cbaac841710733b5ed436d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
IusQySAUFatuMfKBUnqgdgdpXeN2Fwpt
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yxq8w3eJ9OcRE32VsCuQVNshL-IOIY6UFmxziLsxGtxuv4lufa_Orw==
10.cbe2a227.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		60 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/10.cbe2a227.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
eeab02fa687a9000589cff0ef5808d09c5db3d2ee31e46425b3d9bd2b5c0f28e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"d3bfd14d0d0890cb715db5eae4f8feb8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
UF8_3RAU8yQZURYOYgD2rdPGrYe7xIA6
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
KvkK4-wdsmi0N6pZPkotn_oFziZ5HinrNa-U_sf08TInYxw8MeRIiQ==
main~493df0b3.3fe6aded.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.3fe6aded.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e15360825f772e265eb5f11a24281d2de3bfaafc2af384b913020fed7810bbb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:47 GMT
server
nginx
etag
W/"57abde989ecc2adf6ceb5e19848d76b5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
ZkzQpZTRoyBodJ9yT2L5K1axe0RqnZpv
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
98SyAt4urcSVSE3IjxJpeJ-CxMtm3QslVS3xwc3p_5ZK-OFQ6jSwRg==
main~970f9218.6041a22f.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		67 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~970f9218.6041a22f.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ef062202a4f9445106cad715d197c2b9ad5106f5e9567fc1aa6eda503c854a23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:47 GMT
server
nginx
etag
W/"56e9860880f089fd276c7e3331b5363f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
JSqnI9aTx7OUszRdvNKvUosFe.xUmcgC
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
dHJ3smW0QT5oFnklz3k6RkTU9YDV5ocQY913LFH2A6kSLgSgw5U4eg==
main~89e24786.a1b1d2db.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		66 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~89e24786.a1b1d2db.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
f84eec22935cf498d78205c316a87722a6a9a5f9b4ef9d29cc5bb450f1b68066
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:47 GMT
server
nginx
etag
W/"69ccf22750e750758b3544d837ff2c88"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
_o0YVA7Z_eLe81mqGhZJO.eYXIMX_93X
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yq84T1TV08weOsWB7CBb94sqqE03S9EchZglS1vOsAJwAlS4ixdO7g==
main~53ca99a6.3d095289.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~53ca99a6.3d095289.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
08fa96598754c59f3c23752091a1efaff9669237fb04e217a311f5040b34fa84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 19:24:38 GMT
content-encoding
gzip
age
16925
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 17:20:46 GMT
server
nginx
etag
W/"ea1437742e84893763ab912eb1c78e32"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
K7OAqGIURojlSZ06xfvDpnDAb0Z3BB7V
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
gjYKE_S8l_f2HhR7Y62nYMvep4vhANJ1uZjZB887QVfR_dIVrF9QDQ==
runtime~main.a5dfd5c8.js
js.driftt.com/core/assets/js/ Frame 6579 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
806b5680f5a3e738e9c10dee54f947cdbe3df99204d3d4b5f8d744656ce884a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 19:24:38 GMT
content-encoding
gzip
age
16925
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 17:20:46 GMT
server
nginx
etag
W/"5e6ba378e27f78e28744f3b967acbc1b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
E4gjhNHJgSZOftS6y9jH7ggVmL18yWx8
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
PAEn4J7MB_55JpMwiTM6I-pIApSocvedg_aQ0f0q1MrY2nfaS0mN7g==
44.3bd3bb8d.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
c21d9e3445cb8790891cd27f74ee195ce4b0f07ef5e8cc2063ca4eab22d049d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"c06876f82f66d99256689810334899ca"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
zQoeCWQAg5G5PlJgRA3rlVkeXHARqB.U
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
YQtUoCNivds1ryCxR9pIWvAk4Bc5CS7BYk9Xf_0VBupI5vKQ6eUMXg==
21.7c4ee8d6.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/21.7c4ee8d6.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
3a2b8f3de356b1d9512f91b8aea011189a243cf1fc2ce1bd6b7626f839bc519e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"553c1451cc7e9e894b19ee5af409515c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
rHa9dxmkO0OPWyS2szXM2YqSlb5bKeoW
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
8vTfKKE61YAinn_CRowWLQNR5XGVfGcYK11EoCbrG0OYQf5fgr11Sg==
42.fed8a80f.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/42.fed8a80f.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
f3a948615e74169bd67db05a943a6cd9b524cd4a6c923ed39c38febf2a953719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"6fd3fe14071f1b038f2bfba42db1ac3e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
NlSYAmLIpmYb4QLS8fjwUxsdC3.UyKty
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
EsbCC7jLhEUzuQxad21R03Ch5j4i5TE4yM0uuY2BvVQ9ELwJJO21rA==
17.cc5ee1b8.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/17.cc5ee1b8.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
a3b21399359bef45fc2cb8de9474af101feedb9e924e654e4bb985e1d124d070
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"ca3eca8b3d7e83db62eaedac0cddd47a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
xKnvymNPAdlCIywxLoQrDNLdqh8KB6_Q
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wsnYDe33T2k8ZCuLfeTCTksLdx_-TGklxO_4TyNEyDvljFjZSpve6g==
33.03a83594.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/33.03a83594.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
9c27d79b770ba0eb5173b26b035ee87b2a2f1b20eee2735187f71ada88346fea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"ab50d24c40c3e6faf701ece17813529e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
8OuYLpTekyz7k2MVuuhxSMEZGo4Er2ut
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
qD__PqRiPb_0-mESdG0ejBw4_0QgNkSOxFpp9pFT3-LUk9CGhMI0Og==
28.0b81dd0a.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/28.0b81dd0a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
91466d577f7d047896b93425271249edcd58ed29a388c5c1069f662be611db5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"df4d84fcfd4922ffba5f30ab776f6e32"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
qAG3AxPa9CERlNXfTdJ8oqwqFblfuD20
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
XxzIcme_KtAYaX_xFI6-TmZFDM_FmwgcvPkPXOV6VXJcCNknVV4iUQ==
14.17f98f9d.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		29 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/14.17f98f9d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
d11032cfe587f0c79db9584b64f4b13cf82769d1f983108912337eee6ea56398
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"ff5c5c24fc6dc18637ae590487dde29f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
1KcM8slesbFZ4EIVwg2bHAYaTeO7He_Z
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
9Q05Ici1_5VAUQYkjcFiDMAbzy0lkVyT2FB1dKXj8zm1KEvg3H4jGg==
15.ba891359.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		39 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/15.ba891359.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
2d3474f74f49ea05fe008ac0707fa6e2f3adba2b990b5c46d61f3a465023eae2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 12:15:19 GMT
content-encoding
gzip
age
42684
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 17 Jun 2021 18:28:45 GMT
server
nginx
etag
W/"c35bc9563c8d6e811ec2f39f529dc431"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
3lq68YHVd35vstfXCkOXcwyh9BWIQDS5
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
4qezpA5csvr6M-UdGSeSQp1Z-aohE6gMANmzNMbgjGNZmZa65D2WFQ==
36.9240267e.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		52 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/36.9240267e.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e01a31d1eb9be759017e7eb1cca7a856cdb6c73fd2495a3cae6fe24e15f3fef9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 15:36:07 GMT
content-encoding
gzip
age
4869036
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 03 May 2021 19:03:06 GMT
server
nginx
etag
W/"c0367e53a004313148d8c4e96e76faaf"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
lLAVslw4_BY14xUoHU0HjzW1V7f26K5g
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
-xBuIctI-Gsoh0LnReCL9mSEsbDBFnK7kBM-2V_AyV2v0Jv7O8WK2g==
32.92f100fb.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/32.92f100fb.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
c37c6eb0d9be9f7467f38756decf7c41e8e552ae4a146619fb4f9aa63861c835
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"2d012329af6f62cf36eca2aff0cb1157"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
tNHyS1J9mAwzwhudlk.OH3PYdzEfxlfj
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
_rGlLOPzAcMNsxDJntsSSz9h-36FzBmRawVtffALv8q0EVeokL9O_w==
20.62fe083d.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/20.62fe083d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ede728e11dbe78ac756cc325c9d5e877729d68c194a9439e9bd832d2ad52c301
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"0e70492825cbaac841710733b5ed436d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
IusQySAUFatuMfKBUnqgdgdpXeN2Fwpt
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
JQayfKw18lAah1usrljcKWNjyPstK0OYzot1eQqC_4IovZjMnb7q6A==
10.cbe2a227.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		60 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/10.cbe2a227.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
eeab02fa687a9000589cff0ef5808d09c5db3d2ee31e46425b3d9bd2b5c0f28e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"d3bfd14d0d0890cb715db5eae4f8feb8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
UF8_3RAU8yQZURYOYgD2rdPGrYe7xIA6
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wImi6Of3xepiQP9atQ8JGBJA2Ey_DG7mJ4h22_IE250DCUugibRxZQ==
main~493df0b3.3fe6aded.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.3fe6aded.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e15360825f772e265eb5f11a24281d2de3bfaafc2af384b913020fed7810bbb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:47 GMT
server
nginx
etag
W/"57abde989ecc2adf6ceb5e19848d76b5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
ZkzQpZTRoyBodJ9yT2L5K1axe0RqnZpv
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
9bNK12P_vqJnB9un1KitHMDJn5Zd8cGvMuh5iQ5XqDuWFmdLRo3SEg==
main~970f9218.6041a22f.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		67 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~970f9218.6041a22f.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ef062202a4f9445106cad715d197c2b9ad5106f5e9567fc1aa6eda503c854a23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:47 GMT
server
nginx
etag
W/"56e9860880f089fd276c7e3331b5363f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
JSqnI9aTx7OUszRdvNKvUosFe.xUmcgC
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
skIxGfzcj0hULADTMbgSooUJyFJYaeTlfaBJlEqJl4NHOzPeUkLrsg==
main~89e24786.a1b1d2db.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		66 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~89e24786.a1b1d2db.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
f84eec22935cf498d78205c316a87722a6a9a5f9b4ef9d29cc5bb450f1b68066
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:46 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:47 GMT
server
nginx
etag
W/"69ccf22750e750758b3544d837ff2c88"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
_o0YVA7Z_eLe81mqGhZJO.eYXIMX_93X
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
uGjzEuaZB0oeyMgCkizEENdu6NsW2BrwKDgwfDE7sosqw80atS0VNg==
main~53ca99a6.3d095289.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~53ca99a6.3d095289.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
08fa96598754c59f3c23752091a1efaff9669237fb04e217a311f5040b34fa84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://js.driftt.com
Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 19:24:38 GMT
content-encoding
gzip
age
16925
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 17:20:46 GMT
server
nginx
etag
W/"ea1437742e84893763ab912eb1c78e32"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
K7OAqGIURojlSZ06xfvDpnDAb0Z3BB7V
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
hqxKdUhb0bJzCiqcJP1NHEu2ZHVJ8lhDh7IvAdlwpMChx8piy6uwaA==
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=64bb10022e5e000092b5db60520100004b080400&session=8885070c-cd4d-4bf0-8438-871469655c27&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A42%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%221004%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:43 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
41.41970d08.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/41.41970d08.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e3d1e8196cf7c44a943802084cf000af366a092d5bab360474cbbecc1e349e57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"7fc3fdd5818f51c7383843a948fbe0c7"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
wEwn7a9XeuV0rjX.LPPraDvvwq090LI5
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
WKOCSm_5_c2Uh-L3QK9Nab9qxuEHzY9O0130fLICCMS1xPUV5RCpAw==
34.fe729046.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		107 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/34.fe729046.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ff04dd81bb93731c0d1f8e7d384b370f26b93f4352980404fcdc4518e386bedd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 14:15:58 GMT
content-encoding
gzip
age
1590645
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Wed, 28 Apr 2021 17:26:34 GMT
server
nginx
etag
W/"b75bf38c8eee61f620998bf4e506f0a8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
Xl0W8bsxA2YpCszHrvzDW0x3sQkHfIVS
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
9TvZtiVE54IIE8qBtG_Dmfp2z54aNZ6jz7NZY-ML_hhD37l6ja5DHw==
26.91e0f92d.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		27 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/26.91e0f92d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
457b4bd3410faf074da387900f87abc1e845269e857219560bce3ead8260d103
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"2203aa06cd7f5410d671168ef758e8ca"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
1S2wtYJcj6T8xDQY7d3JiIJI60owzhKb
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
p1CUh_SB-zY5mg5KZFsxIXNPjT-5g4FDCISnfJb_eR6v6d9o3ZNqFA==
29.4335bc3d.chunk.css
js.driftt.com/core/assets/css/ Frame 66A3 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/29.4335bc3d.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:44 GMT
server
nginx
etag
W/"7362dc7cbde5becc44253ec6d0061465"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
BGVrWoMAiPOQ28KxJKlDwICiUHzXg61S
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
40D5G-K8DLNSVD6-8cFPHEv5mlz2lIq6URAQgAJRnsxH8nNRjZCBtw==
29.6f48b1b0.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/29.6f48b1b0.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
0b7f3872fdae79fec7b7853d220403e64dca0d57aa05a7253039652400bdba77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"d007f1387183ae111f1700ad386797c8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
NQWRurXocaDIkXntPJFaCtnmIM87K.9X
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Jhwrzi4TYx_5vWMR2UVnGg6o1lOaCtWe07Pkeeo57wgoUE3IkoIfRA==
41.41970d08.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/41.41970d08.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e3d1e8196cf7c44a943802084cf000af366a092d5bab360474cbbecc1e349e57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"7fc3fdd5818f51c7383843a948fbe0c7"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
wEwn7a9XeuV0rjX.LPPraDvvwq090LI5
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Q_A7BPwyVLZ4774gnvSl4SnmBqbS1xXK3lHTOzONbrSDvNYeXlQL3g==
34.fe729046.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		107 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/34.fe729046.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ff04dd81bb93731c0d1f8e7d384b370f26b93f4352980404fcdc4518e386bedd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 14:15:58 GMT
content-encoding
gzip
age
1590645
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Wed, 28 Apr 2021 17:26:34 GMT
server
nginx
etag
W/"b75bf38c8eee61f620998bf4e506f0a8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
Xl0W8bsxA2YpCszHrvzDW0x3sQkHfIVS
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
4DNBBw1cmcaIdNfC0O4n1TIKKJgel0x4nKAXEtz7_GtWztOAuTom1g==
26.91e0f92d.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		27 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/26.91e0f92d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
457b4bd3410faf074da387900f87abc1e845269e857219560bce3ead8260d103
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"2203aa06cd7f5410d671168ef758e8ca"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
1S2wtYJcj6T8xDQY7d3JiIJI60owzhKb
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
AniE7kLHG1T7zqLYQt2MUF6h13_OSzPBXeS3FfZ5TYVzCMY1JUV4HA==
29.4335bc3d.chunk.css
js.driftt.com/core/assets/css/ Frame 6579 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/29.4335bc3d.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:44 GMT
server
nginx
etag
W/"7362dc7cbde5becc44253ec6d0061465"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
BGVrWoMAiPOQ28KxJKlDwICiUHzXg61S
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
tJb0zxeJ2iCk4Pku6dxDQ8MxaJY85QlyO57bKGDpFq3uYPj9fgpjUg==
29.6f48b1b0.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/29.6f48b1b0.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
0b7f3872fdae79fec7b7853d220403e64dca0d57aa05a7253039652400bdba77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"d007f1387183ae111f1700ad386797c8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
NQWRurXocaDIkXntPJFaCtnmIM87K.9X
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
tAbtML5tzrytQvdIhwJ_NZ1utWOHQ35IFuG8-WRkrj6iICgEoCpIQA==
0.45eb4005.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/0.45eb4005.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Apr 2021 22:58:04 GMT
content-encoding
gzip
age
6138519
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 19 Apr 2021 19:42:26 GMT
server
nginx
etag
W/"7e689afacd5eb298702f393c9c2f70f8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
1g7Hv6w3YDIKnLSLbX8uZi9cdYzVnmu5
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
aMBpZIAIZ3Df49q5uTXCm81tr0a1AXscuLNzhqn2T6ZGT-DBmUTbMw==
1.0af467a5.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		68 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/1.0af467a5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 06 Feb 2021 01:42:28 GMT
content-encoding
gzip
age
12435855
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 05 Feb 2021 20:58:44 GMT
server
nginx
etag
W/"aedd244e100709f43b70a84bb3945ca6"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
kErXw93froxamEp2BnqkXpG57uNk3Qr1
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
DOvF10mPFfVZTAV6tITNb8IQuCwwmCBdO6AOCTbMOqNzd6p-mtJsdg==
25.131d2af6.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/25.131d2af6.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
dc0bb0346ca9e459e560401d6a0178389306fa8e0f59d6ebe2936defdff9f26d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"08958a386a18d1c0f4bd8ee2b6d3a0d9"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
jzNS.dRM0_53ruG2ILi5sFLeWM4eixU_
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
peRdzax8yO747xrq4GELQWbRxcfSK_JOveY8tgvIgxmvseHtjYTarw==
2.9e348098.chunk.css
js.driftt.com/core/assets/css/ Frame 66A3 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/2.9e348098.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e90d57f411dd7b15b40912a0054905950c28469a3feb592e6c3ddb74d2ef5915
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 23:14:25 GMT
content-encoding
gzip
age
1644738
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 10 Jun 2021 15:41:04 GMT
server
nginx
etag
W/"97eba23aec3d21fff25c5114b738526d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
rzVwXtwxNL0pzKAjGWjy48TyXFm2Z1c7
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UnV8i61tD37h4bYn2Kx57Ji9hrO28JRLRNWorZDQJa1L3zOZ0FszMw==
2.756edb76.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/2.756edb76.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
931e842ef616bfbaacfdf75e86eba5bcb59d4c6d6bb52fef9be1d4c65224b95d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"97ed9a8417c0db2c6333e8a28e2b86cc"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
5KHxyGNnU_ccTcFIez4RfVUdptr9Ey_1
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
OjYeOFYgR6geAVzYi1MkcThEiqBlW3sE9Ze8YiRLz4MtmwhRSjhEXw==
23.44736ae1.chunk.css
js.driftt.com/core/assets/css/ Frame 66A3 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/23.44736ae1.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
8c58a438125e389f81b62999773d8d6cb9e25828bb6049248faa04c12d2bc8a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:44 GMT
server
nginx
etag
W/"8b77004f90a97a8796e83c50f9e084d8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
4eZxDx1WcbOazMls7wR4Gz26GpcOfLf9
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
1iJ4qFFY25CFq5nDS6vk1oeRMUVex6iBI8AL0eMw9MVWvnN5MTyv5g==
23.b1a7882f.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/23.b1a7882f.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
5d283a285f68cd20251fef69e014e400b11c4041f8bb209e12feaa6ed963133d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"2d4173bf3ec0959a388f425577b3edf8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
GnIxu59TYSh76kErPcJeVeKUmD1rCKIC
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
dft9SngTfr3d2HvUl7hmA_CsxR8UfYD21qeNTDOhsZi-bV3wWkRcKg==
0.45eb4005.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/0.45eb4005.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Apr 2021 22:58:04 GMT
content-encoding
gzip
age
6138519
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 19 Apr 2021 19:42:26 GMT
server
nginx
etag
W/"7e689afacd5eb298702f393c9c2f70f8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
1g7Hv6w3YDIKnLSLbX8uZi9cdYzVnmu5
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
VMRv5xhI9vlYJaxFvUUiFFiOkq2HPM5AVRmEZrhdPZnQxu_x3nd3_w==
30.e776e5b0.chunk.css
js.driftt.com/core/assets/css/ Frame 6579 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/30.e776e5b0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:44 GMT
server
nginx
etag
W/"9f36443a9402e1e03bf8070ddc88b8db"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
fetckuyHy7tVJ3YvictsA_agqEVkirdd
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
knNtCGdkFH2XSKljqRyt50EX6LNgRbeAKh5rHzdRAm5NtsrYC86ijQ==
30.ad6941d2.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/30.ad6941d2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
dda3ba9a1fd283a13d8cbfaf7e1685dd93b241e1ef438177836a5c0cbf2fd0a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31016
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"e1a8ad2c204a961487cc3581f9349ba7"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
BCjHfkp85LeS.WvkWsf6SD_3_Dmo5yxb
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
elTDsJWkacaWn1b3AknmtkEjzU6UXKf_bFLPCeV3zaOqSOK_BdlODg==
/
www.facebook.com/tr/ 		44 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=471244410413852&ev=Microdata&dl=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&rl=&if=false&ts=1625011603918&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26%20Corelight%22%2C%22meta%3Akeywords%22%3A%22%22%2C%22meta%3Adescription%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.42&r=stable&ec=1&o=30&fbp=fb.1.1625011603917.1666971126&it=1625011602226&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:43 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 30 Jun 2021 00:06:43 GMT
analytics
pi.pardot.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=111836&account_id=421832&title=Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26%20Corelight&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&referrer=&utm_campaign=Untitled_Campaign&utm_medium=Sigstr&utm_source=Email_Signature&utm_content=Employee_Email
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-1-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
05c71e23dd6176448b1343f348da0adc29b1448bedbee6c301682e8a544dda5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 30 Jun 2021 00:06:44 GMT
Content-Encoding
gzip
X-Pardot-Route
c2c10298b36224142948b084fe4d7b30
X-Pardot-LB
4208770abb36eec2b2f3a1c951758cc1
X-Pardot-Rsp
16/53/26
Vary
Accept-Encoding,User-Agent
Strict-Transport-Security
max-age=31536000; includeSubDomains
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Content-Length
554
Server
PardotServer
Expires
Thu, 19 Nov 1981 08:52:00 GMT
1.0af467a5.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		68 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/1.0af467a5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 06 Feb 2021 01:42:28 GMT
content-encoding
gzip
age
12435856
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 05 Feb 2021 20:58:44 GMT
server
nginx
etag
W/"aedd244e100709f43b70a84bb3945ca6"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
kErXw93froxamEp2BnqkXpG57uNk3Qr1
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
WauEJZKJxzMY6p4y7cJT3ynYKLLvtQYgPBWtww4lQ-aSNk5QXrtoug==
4.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 6579 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/4.07aa08a5.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 21 Jun 2021 17:05:02 GMT
content-encoding
gzip
age
716502
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 21 Jun 2021 16:07:56 GMT
server
nginx
etag
W/"189aeffd571884559dababa22c66d75a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
winn.F7Y8BLvDl7elYSpKAhV9aYgHewq
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
kRYQ3EnR0AAIZxTEANnqTsX1_ue5JKAHx19lCxssXQmVE9vsQAlNFA==
4.0b443ee6.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		76 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/4.0b443ee6.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
9b346d4f0222398c955dca62d1b3a10d2c3e26d6433d38b25dca9b33d39b361d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 21 Jun 2021 17:05:02 GMT
content-encoding
gzip
age
716502
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 21 Jun 2021 16:07:58 GMT
server
nginx
etag
W/"780ea6f04da8cf6149b353223784bfb0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
tE4UxkZgUpjr59AD3rVWL26lmQqKfhgz
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UQSYi-EfNAB3XDvyldv_NCBjqWFw5x-XauOGXCKGYldb2GXGeaMtKQ==
2.9e348098.chunk.css
js.driftt.com/core/assets/css/ Frame 6579 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/2.9e348098.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e90d57f411dd7b15b40912a0054905950c28469a3feb592e6c3ddb74d2ef5915
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 23:14:25 GMT
content-encoding
gzip
age
1644739
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 10 Jun 2021 15:41:04 GMT
server
nginx
etag
W/"97eba23aec3d21fff25c5114b738526d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
rzVwXtwxNL0pzKAjGWjy48TyXFm2Z1c7
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
xr5N_O0JaGkfAH2ek2z9E0y7ziybiw5ZhK4EfPji33pZ3yIZ_zA6zw==
2.756edb76.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/2.756edb76.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
931e842ef616bfbaacfdf75e86eba5bcb59d4c6d6bb52fef9be1d4c65224b95d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"97ed9a8417c0db2c6333e8a28e2b86cc"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
5KHxyGNnU_ccTcFIez4RfVUdptr9Ey_1
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ydpLOa5VYaLRtj-dfNebxOji69uqTtN64rZHerA6I9eu6RYZWrS4Mw==
3.c823e73d.chunk.css
js.driftt.com/core/assets/css/ Frame 6579 		41 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/3.c823e73d.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
034928ca5a3cc73a31c33194bb72b79fe2b2e85e593f1702f550b7506faef84c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:44 GMT
server
nginx
etag
W/"33550fc75419f1612c0ab881d4e01cbc"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
6icVYAdUnKoIcK35chLIR_qywQTJPazm
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
x4JP1sJOyZS4PXLSCAyKAbDR2H-3DCfbtZPFMd_Sdj8FD5vSlUjJrg==
3.be1db509.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		73 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/3.be1db509.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
9b3f84911fc71eedea7989ebf869a24b324270924006f292851a805ec6b3065b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 19:24:38 GMT
content-encoding
gzip
age
16926
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 17:20:44 GMT
server
nginx
etag
W/"2beb43cab39b610450329cbccaddd997"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
O9W7Z8OoPjrM5gxuR9obChy4Zx8pI9Ql
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
2IWDiDZIT1MxPSUu_azFFj0qznA9AlGWSCQKFVmyU-hibcDfJ0iR2g==
22.cbeac9c0.chunk.css
js.driftt.com/core/assets/css/ Frame 6579 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/22.cbeac9c0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
38fe61c974c3fa45b7a3c85975bb1bea318308957c2329f6c932623acff155b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:44 GMT
server
nginx
etag
W/"ebfbb9df704776942182975f5f6547a4"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
8SJjElssArqldq2evv55pIesixJWD9iC
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
qa0bPYWQ69hARqNWU_d6_QU4xNbVqjESJkbvXaEbeCCvgMEwfp5frw==
22.6ff11e95.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/22.6ff11e95.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
c2e64436f7cceccdf33dc776538a9ca3e668d6089bf758c66591302ffd40d58f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:47 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:45 GMT
server
nginx
etag
W/"c48947ce251d96cf06b33cbd126d0198"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
_8Cze4wFHjx2i0NeMyRKXhnf9Wot2mXW
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
VyOQDJ7OY6U-RAyKsYhDDyADcchH6zjagW1dzouHULcHq3Uh3mO_uw==
v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 66A3 		25 B
123 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.api.drift.com/monitoring/metrics/widget/init/v2
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-21-139.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 30 Jun 2021 00:06:44 GMT
server
istio-envoy
requestid
89c494ac06a6a426
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
11
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 66A3 		103 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
fab1a7a2e67feb51b5f5404cfdf080f40b2682ea825c377beac3de0856ead823
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 30 Jun 2021 00:06:44 GMT
server
istio-envoy
requestid
e6d885ccb20884b8
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
103
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
css
fonts.googleapis.com/ Frame 66A3 		4 KB
739 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/2.756edb76.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6aa6360b39fe982bd5f7cdf9bd09d2ea596614697679c98ad347111aab2b38dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://js.driftt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 29 Jun 2021 23:56:12 GMT
server
ESF
date
Wed, 30 Jun 2021 00:06:44 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 30 Jun 2021 00:06:44 GMT
v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://metrics.api.drift.com/monitoring/metrics/widget/init/v2
Protocol
H2
Server
54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-21-139.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://js.driftt.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 30 Jun 2021 00:06:44 GMT
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials
true
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age
1209600
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain
allow
POST,OPTIONS
requestid
drift665e88643c0ad1df1f0ad247e30
content-length
13
x-envoy-upstream-service-time
0
server
istio-envoy
ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping
Protocol
H2
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://js.driftt.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 30 Jun 2021 00:06:44 GMT
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials
true
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age
1209600
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain
allow
POST,OPTIONS
requestid
driftc69a70a403a8443661ab734ac05
content-length
13
x-envoy-upstream-service-time
1
server
istio-envoy
Cookie set analytics
www3.corelight.com/ 		50 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.corelight.com/analytics?conly=true&visitor_id=713917758&visitor_id_sign=9d462ae7a25f0426dfa4b9cb23e5cfe01e26ac498f2459766b0f64e268d1178b37ef9be2490f1b3ee4399e74b02555a909968ff0&pi_opt_in=&campaign_id=111836&account_id=421832&title=Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26%20Corelight&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&referrer=&utm_campaign=Untitled_Campaign&utm_medium=Sigstr&utm_source=Email_Signature&utm_content=Employee_Email
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=111836&account_id=421832&title=Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26%20Corelight&url=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&referrer=&utm_campaign=Untitled_Campaign&utm_medium=Sigstr&utm_source=Email_Signature&utm_content=Employee_Email
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-6-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www3.corelight.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
Cookie
_fbp=fb.1.1625011603917.1666971126; visitor_id420832=713917758; visitor_id420832-hash=9d462ae7a25f0426dfa4b9cb23e5cfe01e26ac498f2459766b0f64e268d1178b37ef9be2490f1b3ee4399e74b02555a909968ff0
Connection
keep-alive
Referer
https://www3.corelight.com/finding-sunburst-solarwinds-zeek-suricata-sg?utm_campaign=Untitled_Campaign&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 30 Jun 2021 00:06:44 GMT
X-Pardot-Route
d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB
e95a292e477f6214c8e77c2cf881a7d3
X-Pardot-Rsp
16/124/93
Vary
User-Agent
P3p
CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Set-Cookie
pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id420832=713917758; expires=Sat, 28-Jun-2031 00:06:44 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id420832-hash=9d462ae7a25f0426dfa4b9cb23e5cfe01e26ac498f2459766b0f64e268d1178b37ef9be2490f1b3ee4399e74b02555a909968ff0; expires=Sat, 28-Jun-2031 00:06:44 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Content-Length
50
Server
PardotServer
Expires
Thu, 19 Nov 1981 08:52:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=45ff179f-7099-4bef-82a9-e41c4e404efe&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A43%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%222008%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:44 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
7hbw4wxfwim5.json
embeds.driftcdn.com/embeds/ Frame 66A3 		32 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://embeds.driftcdn.com/embeds/7hbw4wxfwim5.json
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
30ad4233592c2cb2c5e6b0a3b1aa5d12d1bd99f9e4bae09d2be1db08ea30f8a1

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 00:06:46 GMT
content-encoding
gzip
x-amz-cf-pop
AMS1-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 19:17:39 GMT
server
AmazonS3
etag
W/"b2447a56210e1e232fe695aa3cca33dc"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json; charset=UTF-8
via
1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
cache-control
public, max-age=30
x-amz-cf-id
J9tgjsbAFAtuupSMDfqMmsWcuU0W5RpvcmApjMEzy9PqDkdETxocLQ==
widget_bootstrap
bootstrap.api.drift.com/ Frame 66A3 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bootstrap.api.drift.com/widget_bootstrap
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
9876be0ec1550b274ff8eebbf540aff133909dc7c1af28b8d40ec6a72eb0c023
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 30 Jun 2021 00:06:45 GMT
content-encoding
gzip
server
istio-envoy
requestid
2812616e5797d671
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
208
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
1415
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=45ff179f-7099-4bef-82a9-e41c4e404efe&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A44%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223009%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:45 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
7hbw4wxfwim5
targeting.api.drift.com/hours/availability/combined/ Frame 66A3 		40 B
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://targeting.api.drift.com/hours/availability/combined/7hbw4wxfwim5
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-21-139.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
dd4115970a44fd799fd72e5caabc9e78cf1662f83d73ae82aeaeddb53c696cb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDE0NzE0Mjg3NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyMzkxMzgiLCJleHAiOjE2NTY1NDc2MDUsImlhdCI6MTYyNTAxMTYwNX0.uoyxVRCoAxxNM3yjtLUvCEpvUNJKpXXRu86mYdVxEQ-Ua2cnVacs79a0cTqWC5kOPnwH5Dr0olOWQdK85jp8lA

Response headers

date
Wed, 30 Jun 2021 00:06:45 GMT
server
istio-envoy
requestid
1f85f5f94d6ac2d9
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
13
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
40
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
7hbw4wxfwim5
targeting.api.drift.com/hours/availability/combined/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.api.drift.com/hours/availability/combined/7hbw4wxfwim5
Protocol
H2
Server
54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-21-139.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
authorization
Origin
https://js.driftt.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 30 Jun 2021 00:06:45 GMT
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials
true
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age
1209600
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain
allow
HEAD,GET,OPTIONS
requestid
drift6964cce45b39764caeb9c6f500e
content-length
18
x-envoy-upstream-service-time
1
server
istio-envoy
track
event.api.drift.com/ Frame 66A3 		724 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://event.api.drift.com/track
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.78.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-78-99.compute-1.amazonaws.com
Software
/
Resource Hash
9eb35a544fb8b26373c68712143f7c45e772b5e1c0f63ab4f6d35948e2a024b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDE0NzE0Mjg3NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyMzkxMzgiLCJleHAiOjE2NTY1NDc2MDUsImlhdCI6MTYyNTAxMTYwNX0.uoyxVRCoAxxNM3yjtLUvCEpvUNJKpXXRu86mYdVxEQ-Ua2cnVacs79a0cTqWC5kOPnwH5Dr0olOWQdK85jp8lA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 30 Jun 2021 00:06:46 GMT
requestid
770dcdb3d8e7f7d6
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
724
track
event.api.drift.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.api.drift.com/track
Protocol
H2
Server
52.5.78.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-78-99.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://js.driftt.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 30 Jun 2021 00:06:46 GMT
content-type
text/plain
content-length
13
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials
true
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age
1209600
strict-transport-security
max-age=31536000; includeSubDomains
allow
POST,OPTIONS
requestid
driftc6e91624a43b862946959629fd6
49.3842bef3.chunk.js
js.driftt.com/core/assets/js/ Frame 66A3 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/49.3842bef3.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
59330e2d3c125737ec8b1cd245ec32769af27e45fc9a8e34e6d6eb5baab921ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=7hbw4wxfwim5&forceShow=false&skipCampaigns=false&sessionId=b60acb87-8714-4bb1-9dd6-9c93c7c2bb62&sessionStarted=1625011603.112&campaignRefreshToken=19999bcc-db3a-4d71-9df0-20b8439a5aeb&hideController=false&pageLoadStartTime=1625011601539&mode=CHAT&driftEnableLog=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:48 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"3609e94407fe22cd454a8d8d95a8898a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
gs_BF3dVEKeOoq37KtuCQkoyP8EJrMVK
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
TA7amTi70ZFlh2bL3wgmvxUjQmHRV1XwNisgYmnl2hkSMpDs9fb1gA==
49.3842bef3.chunk.js
js.driftt.com/core/assets/js/ Frame 6579 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/49.3842bef3.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.a5dfd5c8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-19.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
59330e2d3c125737ec8b1cd245ec32769af27e45fc9a8e34e6d6eb5baab921ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?driftEnableLog=false&pageLoadStartTime=1625011601539
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 15:29:48 GMT
content-encoding
gzip
age
31017
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 29 Jun 2021 15:10:46 GMT
server
nginx
etag
W/"3609e94407fe22cd454a8d8d95a8898a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
gs_BF3dVEKeOoq37KtuCQkoyP8EJrMVK
via
1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
nbfzvmjSzqwu8d_Sso0hjazGe87NJQVzXFAO8uhS2ojJZeH9U6trLw==
css
fonts.googleapis.com/ Frame 6579 		4 KB
643 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/2.756edb76.chunk.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6aa6360b39fe982bd5f7cdf9bd09d2ea596614697679c98ad347111aab2b38dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://js.driftt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 29 Jun 2021 23:41:14 GMT
server
ESF
date
Wed, 30 Jun 2021 00:06:45 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 30 Jun 2021 00:06:45 GMT
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ Frame 6579 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://js.driftt.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 22:24:53 GMT
x-content-type-options
nosniff
age
6112
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14440
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:19 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jun 2022 22:24:53 GMT
mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ Frame 6579 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://js.driftt.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 18:46:29 GMT
x-content-type-options
nosniff
age
19216
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15112
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:50 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jun 2022 18:46:29 GMT
bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 66A3 		25 B
84 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.api.drift.com/monitoring/metrics/event2/bulk
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-21-139.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDE0NzE0Mjg3NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyMzkxMzgiLCJleHAiOjE2NTY1NDc2MDUsImlhdCI6MTYyNTAxMTYwNX0.uoyxVRCoAxxNM3yjtLUvCEpvUNJKpXXRu86mYdVxEQ-Ua2cnVacs79a0cTqWC5kOPnwH5Dr0olOWQdK85jp8lA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 30 Jun 2021 00:06:46 GMT
server
istio-envoy
requestid
f253c7cd9d2bd0a3
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
13
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://metrics.api.drift.com/monitoring/metrics/event2/bulk
Protocol
H2
Server
54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-21-139.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://js.driftt.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 30 Jun 2021 00:06:46 GMT
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials
true
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age
1209600
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain
allow
POST,OPTIONS
requestid
driftb1695c648a896fb350e15bda5bf
content-length
13
x-envoy-upstream-service-time
0
server
istio-envoy
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=45ff179f-7099-4bef-82a9-e41c4e404efe&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A45%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%224012%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:46 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=45ff179f-7099-4bef-82a9-e41c4e404efe&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A46%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225013%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:47 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=099b7705-32c0-412e-84be-4e84ec8e75b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226014%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:48 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
bulk
metrics.api.drift.com/monitoring/metrics/add/ Frame 66A3 		25 B
84 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.api.drift.com/monitoring/metrics/add/bulk
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.3bd3bb8d.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-21-139.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDE0NzE0Mjg3NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyMzkxMzgiLCJleHAiOjE2NTY1NDc2MDUsImlhdCI6MTYyNTAxMTYwNX0.uoyxVRCoAxxNM3yjtLUvCEpvUNJKpXXRu86mYdVxEQ-Ua2cnVacs79a0cTqWC5kOPnwH5Dr0olOWQdK85jp8lA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 30 Jun 2021 00:06:49 GMT
server
istio-envoy
requestid
92b8aa780d7453d5
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
bulk
metrics.api.drift.com/monitoring/metrics/add/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://metrics.api.drift.com/monitoring/metrics/add/bulk
Protocol
H2
Server
54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-21-139.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://js.driftt.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 30 Jun 2021 00:06:49 GMT
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials
true
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age
1209600
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain
allow
POST,OPTIONS
requestid
drift2c58b964f708a7c17852fbdab77
content-length
13
x-envoy-upstream-service-time
1
server
istio-envoy
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=099b7705-32c0-412e-84be-4e84ec8e75b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A48%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%227016%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:49 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=de382097-53fd-4a17-8a87-3f10d7a66c1a&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%228017%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:50 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=de382097-53fd-4a17-8a87-3f10d7a66c1a&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A50%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%229019%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:51 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=de382097-53fd-4a17-8a87-3f10d7a66c1a&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A51%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%2210020%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:52 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&session=072503b3-d21e-41b2-8983-b4d9d70e5c81&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2030%20Jun%202021%2000%3A06%3A52%20GMT%22%2C%22timeSpent%22%3A%223001%22%2C%22totalTimeSpent%22%3A%2213021%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20webcast%20will%20explore%20how%20incident%20responders%20and%20threat%20hunters%20can%20use%20the%20logs%20from%20the%20Zeek%20network%20security%20monitor%20and%20alerts%20from%20Suricata%20to%20uncover%20Sunburst%20IOCs%20relating%20to%20the%20compromise%20of%20Solarwind%27s%20Orion%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Finding%20SUNBURST%20backdoors%20with%20Zeek%20%26amp%3B%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww3.corelight.com%2Ffinding-sunburst-solarwinds-zeek-suricata-sg%3Futm_campaign%3DUntitled_Campaign%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature&pageViewId=71b7a63d-9eb7-423e-8f16-0e02d133ba93
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.corelight.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 00:06:55 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| dataLayer object| pardot object| piAjax object| piUtils function| $ function| jQuery string| piAId string| piCId string| piHostname object| anchors object| anchor object| labels object| label string| text object| nextElement object| elements function| getParam function| getExpiryRecord function| addGclid object| jQuery19004060294434066114 object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id function| twq function| _googWcmImpl string| _googWcmAk function| onYouTubeIframeAPIReady function| drift undefined| driftt object| _6si function| fbq function| _fbq function| rdt function| lintrk boolean| _already_called_lintrk object| gaplugins object| gaGlobal object| gaData function| _googWccDebug function| _googCallTrackingImpl function| _gaPhoneImpl object| twttr object| configArgs number| pixelRatio number| width number| height object| screenSize object| 3eiXJRXgVuLsYGH9303q object| regeneratorRuntime object| _driftFrames object| __post_robot_10_0_16__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id object| Metadata function| checkNamespace function| getPardotUrl function| piTracker function| piGetParameter function| piGetCookie function| piSetCookie string| piVersion number| piScriptNum object| piScriptObj object| pi number| c_start string| property function| piResponse object| drift_sentry_config

13 Cookies

Domain/Path Name / Value
www3.corelight.com/ Name: _gd_visitor
Value: c9aae56b-163a-4b3c-87f4-23f316cbbfb8
.corelight.com/ Name: _gid
Value: GA1.2.749744814.1625011602
.corelight.com/ Name: _fbp
Value: fb.1.1625011602345.1191176788
www3.corelight.com/ Name: _gd_svisitor
Value: 64bb10022e5e000092b5db60520100004b080400
www3.corelight.com/ Name: visitor_id420832
Value: 713917740
www3.corelight.com/ Name: _gd_session
Value: 8885070c-cd4d-4bf0-8438-871469655c27
.corelight.com/ Name: _rdt_uuid
Value: 1625011602319.9e93e7db-1980-4136-b73d-300978d67220
www3.corelight.com/ Name: _ga-ss
Value: 1|UA-86222136-1|
.corelight.com/ Name: _ga
Value: GA1.2.1734900520.1625011602
.corelight.com/ Name: _gat_UA-86222136-1
Value: 1
www3.corelight.com/ Name: drift_campaign_refresh
Value: 19999bcc-db3a-4d71-9df0-20b8439a5aeb
.corelight.com/ Name: _gcl_au
Value: 1.1.415130990.1625011602
www3.corelight.com/ Name: visitor_id420832-hash
Value: 547be659a45ff0340fa8e7d39174bfa7594add5b0133e81aff1bcebf7515e70269bf4213c33f13941f7f467dd0a1354d34c1dc7b

1 Console Messages

Source Level URL
Text
console-api info URL: https://js.driftt.com/core/assets/js/21.7c4ee8d6.chunk.js(Line 1)
Message:
DRIFT_WIDGET:: widget_core:bootstrap_api finished in 363.3000030517578 ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
analytics.twitter.com
b.6sc.co
bootstrap.api.drift.com
c.6sc.co
cdnjs.cloudflare.com
connect.facebook.net
embeds.driftcdn.com
event.api.drift.com
fonts.googleapis.com
fonts.gstatic.com
insight.adsrvr.org
j.6sc.co
js.driftt.com
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
metrics.api.drift.com
pi.pardot.com
px.ads.linkedin.com
px4.ads.linkedin.com
signatures.corelight.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
storage.pardot.com
t.co
t.influ2.com
targeting.api.drift.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.influ2.com
www.linkedin.com
www.redditstatic.com
www3.corelight.com
104.111.233.140
104.244.42.133
104.244.42.195
108.174.10.14
143.204.205.19
151.101.13.140
18.232.28.189
199.232.136.157
205.185.216.10
2600:9000:211e:4200:d:7e9b:1200:93a1
2606:4700::6810:125e
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2a00:1450:4001:809::2003
2a00:1450:4001:810::2004
2a00:1450:4001:810::200e
2a00:1450:4001:811::2013
2a00:1450:4001:813::2008
2a00:1450:4001:827::2003
2a00:1450:4001:827::200a
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200e
2a00:1450:400c:c08::9c
2a02:26f0:6c00:2b0::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.221.223.160
34.107.254.219
34.255.138.57
50.16.7.188
52.202.69.186
52.5.78.99
54.147.21.139
65.9.77.3
034928ca5a3cc73a31c33194bb72b79fe2b2e85e593f1702f550b7506faef84c
05c71e23dd6176448b1343f348da0adc29b1448bedbee6c301682e8a544dda5f
08fa96598754c59f3c23752091a1efaff9669237fb04e217a311f5040b34fa84
0b7f3872fdae79fec7b7853d220403e64dca0d57aa05a7253039652400bdba77
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
20b11d2c0012e286c38350d6c9b2ba03341667d9bc7226bf526fb47e89668fd9
28883ce30cfd03bad08ae48d1bf459fa0f6e234972de13525c5dcdc90d490767
2d3474f74f49ea05fe008ac0707fa6e2f3adba2b990b5c46d61f3a465023eae2
30ad4233592c2cb2c5e6b0a3b1aa5d12d1bd99f9e4bae09d2be1db08ea30f8a1
31a54a93488f9711927aeb875ff1dd63a8c41359847f10f9cea7488dc65179b7
38fe61c974c3fa45b7a3c85975bb1bea318308957c2329f6c932623acff155b4
3a2b8f3de356b1d9512f91b8aea011189a243cf1fc2ce1bd6b7626f839bc519e
3e69588c9c54304799304e0628c655b03a6d4f169caf3a97979ec53488fa04ee
44abc24572212fff752be20af2ecaf8517819513defa46eb88f3bce83202b72e
44b72af014f383676fe6b8f48bb8b4b6c0d9bad9b479ec0b432e1819d124180d
457b4bd3410faf074da387900f87abc1e845269e857219560bce3ead8260d103
59330e2d3c125737ec8b1cd245ec32769af27e45fc9a8e34e6d6eb5baab921ce
5aa87dfa5ab03c736fef31650b185efdc0a21138984cfa0581fdccb7bb6033af
5d283a285f68cd20251fef69e014e400b11c4041f8bb209e12feaa6ed963133d
65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276
6aa6360b39fe982bd5f7cdf9bd09d2ea596614697679c98ad347111aab2b38dc
6d0ce231b634d66137dfb5f4930344dfa9bc3de22d1b25a234415c4f5af65f52
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a25fabbebac7e8b9cbdbb2d303bb073519c33f32709672eabfc924fb8fd9c90
7ab1855e562b9d9abbeb65ff8d4bd1c2e71935061eae87698024f8694672d787
7f6460b539e91908a0a18dc1a087a228bd7cec2a46daf6a2e3d2ca4e97319f25
7fa0d5c3f538c76f878e012ac390597faecaabfe6fb9d459b919258e76c5df8e
7fcb6119be7ddba96da6ba5dfca8645026a695b028a4f07d734879936326162d
806b5680f5a3e738e9c10dee54f947cdbe3df99204d3d4b5f8d744656ce884a2
817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8c58a438125e389f81b62999773d8d6cb9e25828bb6049248faa04c12d2bc8a7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
91466d577f7d047896b93425271249edcd58ed29a388c5c1069f662be611db5e
931e842ef616bfbaacfdf75e86eba5bcb59d4c6d6bb52fef9be1d4c65224b95d
9876be0ec1550b274ff8eebbf540aff133909dc7c1af28b8d40ec6a72eb0c023
9b346d4f0222398c955dca62d1b3a10d2c3e26d6433d38b25dca9b33d39b361d
9b3f84911fc71eedea7989ebf869a24b324270924006f292851a805ec6b3065b
9c092b4623e9746f4c43b0198a026d56adfa18b1f33978f14dba9a4c73824f73
9c27d79b770ba0eb5173b26b035ee87b2a2f1b20eee2735187f71ada88346fea
9eb35a544fb8b26373c68712143f7c45e772b5e1c0f63ab4f6d35948e2a024b3
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
a3b21399359bef45fc2cb8de9474af101feedb9e924e654e4bb985e1d124d070
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
aa473c660041cc5b4db9d799fd35b2821d791569c2c5b431e1800d7e581a98c2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae14c1c378bc2f451672bccb08665f5b42a5be3e6fde7ffd41b49a41e9673d88
b53358b92f85d882a21e00b015974b333d47d77191aa1967b13962e8b68b4b05
b76b545ae0229187f417d582826ac4d81b20d6aa182d5a71699c97077bb63682
b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820
c19308fca696b44eed05b4392723bc050f1b8aa02bf32e16d0bb9a2a2cfe1c32
c21d9e3445cb8790891cd27f74ee195ce4b0f07ef5e8cc2063ca4eab22d049d6
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
c2e64436f7cceccdf33dc776538a9ca3e668d6089bf758c66591302ffd40d58f
c37c6eb0d9be9f7467f38756decf7c41e8e552ae4a146619fb4f9aa63861c835
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
ce8edccdc98a1f67c6d81ce452ac32192a9fc0c7a2828ea2dc6747c291cb5919
d11032cfe587f0c79db9584b64f4b13cf82769d1f983108912337eee6ea56398
d267998c3594ce7f02341a5a8ef2b2705627f2552960e332d73747022406a30b
da1b60970149580c709bbc357622d24e7029d658e852e74ef1d861ffb22ad219
dc0bb0346ca9e459e560401d6a0178389306fa8e0f59d6ebe2936defdff9f26d
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
dd4115970a44fd799fd72e5caabc9e78cf1662f83d73ae82aeaeddb53c696cb3
dda3ba9a1fd283a13d8cbfaf7e1685dd93b241e1ef438177836a5c0cbf2fd0a3
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dffd2df0d2e7fc89f6e4f93ed1b5956e13b7a4e62611cf74a442a3ab7f2cb05f
e01a31d1eb9be759017e7eb1cca7a856cdb6c73fd2495a3cae6fe24e15f3fef9
e15360825f772e265eb5f11a24281d2de3bfaafc2af384b913020fed7810bbb8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d1e8196cf7c44a943802084cf000af366a092d5bab360474cbbecc1e349e57
e90d57f411dd7b15b40912a0054905950c28469a3feb592e6c3ddb74d2ef5915
ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7
ede728e11dbe78ac756cc325c9d5e877729d68c194a9439e9bd832d2ad52c301
eeab02fa687a9000589cff0ef5808d09c5db3d2ee31e46425b3d9bd2b5c0f28e
ef062202a4f9445106cad715d197c2b9ad5106f5e9567fc1aa6eda503c854a23
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3a948615e74169bd67db05a943a6cd9b524cd4a6c923ed39c38febf2a953719
f84eec22935cf498d78205c316a87722a6a9a5f9b4ef9d29cc5bb450f1b68066
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723
fab1a7a2e67feb51b5f5404cfdf080f40b2682ea825c377beac3de0856ead823
fbb75360bcc4ac8e327682a3a2160fb5919f79f6ab665878e16c7a641ee55e4b
ff04dd81bb93731c0d1f8e7d384b370f26b93f4352980404fcdc4518e386bedd
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df
ff6c32788dc37146919334f231e4718bab043a74712724d940fe9ab52d1c0bc2